Malwarebytes hat PUM.Hijack.TaskManager und Backdoor.Agent gefunden

Katti169 · 02.04.2012, 19:05

Hier der neue OTL Log:

Code:

ATTFilter

OTL logfile created on: 02.04.2012 19:51:13 - Run 6
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\Mein Computer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
383,23 Mb Total Physical Memory | 144,36 Mb Available Physical Memory | 37,67% Memory free
921,50 Mb Paging File | 569,97 Mb Available in Paging File | 61,85% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 283,66 Gb Free Space | 95,16% Space Free | Partition Type: NTFS
Drive E: | 175,78 Gb Total Space | 160,56 Gb Free Space | 91,34% Space Free | Partition Type: NTFS
Drive F: | 2,05 Gb Total Space | 1,64 Gb Free Space | 79,86% Space Free | Partition Type: FAT32
 
Computer Name: PCERNST | User Name: Mein Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Mein Computer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Lexmark 1200 Series\lxczbmon.exe (Lexmark International, Inc.)
PRC - C:\Programme\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
PRC - C:\Programme\ASUS\WLAN Card Utilities\Center.exe (ASUSTeK COMPUTER INC.)
PRC - C:\WINDOWS\system32\ASWLSVC.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\Lexmark 1200 Series\ConvDIB.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL ()
MOD - C:\Programme\ASUS\WLAN Card Utilities\AsAuthen.dll ()
MOD - C:\WINDOWS\system32\ASWLSVC.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (InCDsrv) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (ASWLSVC) -- C:\WINDOWS\system32\ASWLSVC.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (yvrqiwev) -- C:\WINDOWS\system32\drivers\yvrqiwev.sys File not found
DRV - (wthhfyde) -- C:\WINDOWS\system32\drivers\wthhfyde.sys File not found
DRV - (WDICA) --  File not found
DRV - (tmsdxwjk) -- C:\WINDOWS\system32\drivers\tmsdxwjk.sys File not found
DRV - (rhgevfil) -- C:\WINDOWS\system32\drivers\rhgevfil.sys File not found
DRV - (qfxyhjtv) -- C:\WINDOWS\system32\drivers\qfxyhjtv.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (nsymbkqj) -- C:\WINDOWS\system32\drivers\nsymbkqj.sys File not found
DRV - (nnprtoif) -- C:\WINDOWS\system32\drivers\nnprtoif.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (kqzaqbjm) -- C:\WINDOWS\system32\drivers\kqzaqbjm.sys File not found
DRV - (khuyyhvq) -- C:\WINDOWS\system32\drivers\khuyyhvq.sys File not found
DRV - (jeoozyke) -- C:\WINDOWS\system32\drivers\jeoozyke.sys File not found
DRV - (ioedkehh) -- C:\WINDOWS\system32\drivers\ioedkehh.sys File not found
DRV - (i2omgmt) --  File not found
DRV - (gnamybtw) -- C:\WINDOWS\system32\drivers\gnamybtw.sys File not found
DRV - (fzommyln) -- C:\WINDOWS\system32\drivers\fzommyln.sys File not found
DRV - (evohwfyz) -- C:\WINDOWS\system32\drivers\evohwfyz.sys File not found
DRV - (EverestDriver) -- E:\Everest Ultimate Engineer Edition v.4.00.1059 beta\kerneld.wnt File not found
DRV - (eoqtonat) -- C:\WINDOWS\system32\drivers\eoqtonat.sys File not found
DRV - (dxxtplnk) -- C:\WINDOWS\system32\drivers\dxxtplnk.sys File not found
DRV - (cttwnuei) -- C:\WINDOWS\system32\drivers\cttwnuei.sys File not found
DRV - (cmzphjsx) -- C:\WINDOWS\system32\drivers\cmzphjsx.sys File not found
DRV - (Changer) --  File not found
DRV - (cbdzrvut) -- C:\WINDOWS\system32\drivers\cbdzrvut.sys File not found
DRV - (catchme) -- C:\DOKUME~1\MEINCO~1\LOKALE~1\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Si3132r5) -- C:\WINDOWS\System32\drivers\Si3132r5.sys (Silicon Image, Inc)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDrec) -- C:\WINDOWS\System32\drivers\InCDrec.sys (Nero AG)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (W8100XP) -- C:\WINDOWS\system32\drivers\mrv8ka51.sys (Marvell Semiconductor, Inc)
DRV - (ASNDIS5) -- C:\WINDOWS\system32\ASNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-861567501-1303643608-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-861567501-1303643608-682003330-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-861567501-1303643608-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-861567501-1303643608-682003330-1004\..\SearchScopes\{B4850117-9751-48D5-9C05-061CAFF4BFCD}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=703285FD-C9EB-4743-B736-E7B50F3D222A&apn_sauid=2B237693-B256-4BA8-8279-688D11FFFA50&
IE - HKU\S-1-5-21-861567501-1303643608-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-1303643608-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 6092
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.09 11:10:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.30 14:57:20 | 000,000,000 | ---D | M]
 
[2009.12.29 23:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\Mozilla\Extensions
[2012.02.09 10:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\Mozilla\Firefox\Profiles\wzcqaz9d.default\extensions
[2011.03.21 09:33:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\Mozilla\Firefox\Profiles\wzcqaz9d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.09 10:56:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\Mozilla\Firefox\Profiles\wzcqaz9d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.12.26 16:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.26 16:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.12.26 16:19:02 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MEIN COMPUTER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\WZCQAZ9D.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2012.02.09 11:10:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.17 03:32:55 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.17 03:25:53 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.12.17 03:32:55 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.17 03:32:55 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.17 03:32:55 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.17 03:32:55 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Mein Computer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Mein Computer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Mein Computer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Mein Computer\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2010.09.14 23:08:16 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-861567501-1303643608-682003330-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Control Center] C:\Programme\ASUS\WLAN Card Utilities\Center.exe (ASUSTeK COMPUTER INC.)
O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Programme\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-1303643608-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-861567501-1303643608-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-861567501-1303643608-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-861567501-1303643608-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mein Computer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mein Computer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.07 13:55:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ -  %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "NMIndexingService"
MsConfig - Services: "NBService"
MsConfig - Services: "LightScribeService"
MsConfig - Services: "InCDsrv"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
MsConfig - StartUpReg: InCD - hkey= - key= - C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: nwiz - hkey= - key= -  File not found
MsConfig - StartUpReg: SecurDisc - hkey= - key= - C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
MsConfig - StartUpReg: SkyTel - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
 
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.31 11:45:14 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.03.28 20:03:58 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mein Computer\Desktop\OTL.exe
[2012.03.28 19:41:00 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Mein Computer\Recent
[2012.03.27 21:21:30 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.03.22 21:53:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2012.03.22 21:52:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012.03.22 21:52:15 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.03.22 21:52:14 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.03.22 21:52:14 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.03.22 21:51:34 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2012.03.22 21:51:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2012.03.11 18:37:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mein Computer\Desktop\Nicht verwendete Desktopverknüpfungen
[2010.12.27 21:17:32 | 008,417,616 | ---- | C] (Mozilla) -- C:\Programme\Firefox_Setup_3.6.13.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.02 18:43:08 | 000,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012.04.02 18:42:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.02 16:01:49 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EB539243-3C83-4E20-B205-9AE767393008}.job
[2012.04.01 21:06:53 | 000,001,936 | ---- | M] () -- C:\kaspersky_log010412
[2012.03.30 22:06:59 | 000,000,476 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2012.03.30 10:33:28 | 000,000,822 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2012.03.28 20:03:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mein Computer\Desktop\OTL.exe
[2012.03.28 15:22:29 | 000,000,754 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Desktop\KVB-Erstattungsantrag PC.lnk
[2012.03.28 07:14:42 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.25 19:18:31 | 000,448,952 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.03.25 19:18:31 | 000,432,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.25 19:18:31 | 000,080,392 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.03.25 19:18:31 | 000,067,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.25 19:14:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.22 22:01:25 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012.03.22 21:53:31 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.03.15 17:50:10 | 000,003,526 | ---- | M] () -- C:\WINDOWS\msworks3.ini
[2012.03.15 17:27:23 | 000,114,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.10 20:33:55 | 000,465,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Desktop\FLT_YAK63915414_0.pdf
 
========== Files Created - No Company Name ==========
 
[2012.04.01 21:06:53 | 000,001,936 | ---- | C] () -- C:\kaspersky_log010412
[2012.03.30 10:33:28 | 000,000,822 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2012.03.28 07:14:42 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.27 13:33:03 | 000,000,754 | ---- | C] () -- C:\Dokumente und Einstellungen\Mein Computer\Desktop\KVB-Erstattungsantrag PC.lnk
[2012.03.22 21:53:31 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.03.10 20:33:54 | 000,465,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Mein Computer\Desktop\FLT_YAK63915414_0.pdf
[2012.02.17 20:52:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.19 19:12:52 | 000,072,360 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.12.31 13:36:06 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\$_hpcst$.hpc
[2010.09.15 20:21:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.09.15 20:21:51 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.09.15 20:21:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.09.15 20:21:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.09.15 20:21:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.09.13 19:10:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
 
========== LOP Check ==========
 
[2011.10.27 10:27:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2011.02.28 23:19:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2010.03.06 11:45:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2010.07.28 12:00:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2012.03.30 10:35:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\elsterformular
[2010.12.31 14:19:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant
[2011.02.15 21:40:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\ImgBurn
[2011.10.21 15:37:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\RegistryKeys
[2012.04.02 16:01:49 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EB539243-3C83-4E20-B205-9AE767393008}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.03.16 12:46:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\Adobe
[2010.07.28 12:00:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\Ahead
[2011.02.05 19:24:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\Avira
[2012.03.30 10:35:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\elsterformular
[2010.12.31 14:19:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant
[2010.01.15 20:41:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\Help
[2009.12.07 13:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\Identities
[2011.02.15 21:40:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\ImgBurn
[2009.12.07 14:45:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\Macromedia
[2010.09.12 12:57:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\Malwarebytes
[2011.11.21 13:37:08 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\Microsoft
[2009.12.29 23:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\Mozilla
[2011.10.21 12:22:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\Real
[2011.10.21 15:37:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\RegistryKeys
[2011.01.29 14:51:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\Sun
[2010.09.16 20:00:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\SUPERAntiSpyware.com
 
< %APPDATA%\*.exe /s >
[2010.12.31 14:16:15 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\12894B5D-9DF7-4F2A-B773-48077BDC2214\AutoRunCE.exe
[2010.12.31 14:16:17 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\12894B5D-9DF7-4F2A-B773-48077BDC2214\1\module.exe
[2010.12.31 14:16:03 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\4150EA76-CDC4-4CB9-97A4-324C6B1C2FA5\AutoRunCE.exe
[2010.12.31 14:16:04 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\4150EA76-CDC4-4CB9-97A4-324C6B1C2FA5\1\module.exe
[2010.12.31 14:15:48 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\450576E0-4A8B-411E-8FA6-47253BD6C260\AutoRunCE.exe
[2010.12.31 14:16:00 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\450576E0-4A8B-411E-8FA6-47253BD6C260\1\module.exe
[2010.12.31 14:16:29 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\53EBE2BC-D00B-4A48-8B86-8ABD62847011\AutoRunCE.exe
[2010.12.31 14:16:30 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\53EBE2BC-D00B-4A48-8B86-8ABD62847011\1\module.exe
[2010.12.31 14:16:12 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\66708456-C3A1-4F9C-86B4-2F326781F5E6\AutoRunCE.exe
[2010.12.31 14:16:12 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\66708456-C3A1-4F9C-86B4-2F326781F5E6\1\module.exe
[2010.12.31 14:16:13 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\73D78ECB-E1F8-4D42-BFBA-FB0BE028393C\AutoRunCE.exe
[2010.12.31 14:16:14 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\73D78ECB-E1F8-4D42-BFBA-FB0BE028393C\1\module.exe
[2010.12.31 14:16:32 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\89A019F5-D4AE-4CD8-8DC9-CC0F83958908\AutoRunCE.exe
[2010.12.31 14:16:33 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\89A019F5-D4AE-4CD8-8DC9-CC0F83958908\1\module.exe
[2010.12.31 14:16:21 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\95073532-19E6-49BA-A79C-FA4D5368E6E0\AutoRunCE.exe
[2010.12.31 14:16:21 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\95073532-19E6-49BA-A79C-FA4D5368E6E0\1\module.exe
[2010.12.31 14:16:34 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\9CD87913-1E3D-4751-84BF-37284D9D2C56\AutoRunCE.exe
[2010.12.31 14:16:36 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\9CD87913-1E3D-4751-84BF-37284D9D2C56\1\module.exe
[2010.12.31 14:16:24 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\AEC00BDB-8614-41A6-A6D4-B9C17CD76235\AutoRunCE.exe
[2010.12.31 14:16:26 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\AEC00BDB-8614-41A6-A6D4-B9C17CD76235\1\module.exe
[2010.12.31 14:16:27 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\AF9C051A-1529-4B21-BAE2-D009409D01E4\AutoRunCE.exe
[2010.12.31 14:16:28 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\AF9C051A-1529-4B21-BAE2-D009409D01E4\1\module.exe
[2010.12.31 14:16:22 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\B87B9270-E1C9-4BC9-AF1D-5941C402D64B\AutoRunCE.exe
[2010.12.31 14:16:24 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\B87B9270-E1C9-4BC9-AF1D-5941C402D64B\1\module.exe
[2010.12.31 14:16:31 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\E067B520-A17A-4827-A52B-496933847569\AutoRunCE.exe
[2010.12.31 14:16:32 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\E067B520-A17A-4827-A52B-496933847569\1\module.exe
[2010.12.31 14:16:05 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\E84974AD-0447-4DF7-8732-21098E5845FC\AutoRunCE.exe
[2010.12.31 14:16:07 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\E84974AD-0447-4DF7-8732-21098E5845FC\1\module.exe
[2010.12.31 14:16:36 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\F17F0CAF-ECFF-4461-B8E8-5052BEC5C3C5\AutoRunCE.exe
[2010.12.31 14:16:37 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\F17F0CAF-ECFF-4461-B8E8-5052BEC5C3C5\1\module.exe
[2010.12.31 14:16:08 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\F332874C-95E6-48DF-94E5-58142B3130DA\AutoRunCE.exe
[2010.12.31 14:16:09 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\F332874C-95E6-48DF-94E5-58142B3130DA\1\module.exe
[2010.12.31 14:16:18 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\F634609B-E26E-4170-B6B2-C79EF2D1C37A\AutoRunCE.exe
[2010.12.31 14:16:20 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\F634609B-E26E-4170-B6B2-C79EF2D1C37A\1\module.exe
[2010.12.31 14:16:10 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\FD45BE2B-7836-4492-9E6D-CB9A19332963\AutoRunCE.exe
[2010.12.31 14:16:11 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Mein Computer\Anwendungsdaten\GoPal Assistant\Library\FD45BE2B-7836-4492-9E6D-CB9A19332963\1\module.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.12.07 15:41:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.12.07 15:41:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.12.07 15:41:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.12.07 15:41:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2008.06.23 10:45:11 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\NLDRV\003\iastor.sys
[2008.06.23 10:48:28 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\NLDRV\004\iastor.sys
[2008.05.30 12:26:59 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\NLDRV\001\iastor.sys
[2008.05.30 12:34:46 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\NLDRV\002\iastor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2006.02.28 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006.02.28 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2006.02.28 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.02.28 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.12.07 14:42:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.12.07 14:42:51 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.12.07 14:42:51 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

Dann hätte ich noch eine Frage: kann ich jetzt mit dem PC einigermaßen "problemlos" arbeiten? Mein Vater bräuchte den morgen eigentlich - auch mit Internetzugang.
Mir wäre es lieber er würde warten bis das System wieder sauber ist - aber was ist deine Meinung - so als Experte? ;-)
Schon mal vielen Dank!

Malwarebytes hat PUM.Hijack.TaskManager und Backdoor.Agent gefunden

Plagegeister aller Art und deren Bekämpfung: Malwarebytes hat PUM.Hijack.TaskManager und Backdoor.Agent gefunden

Malwarebytes hat PUM.Hijack.TaskManager und Backdoor.Agent gefunden

Ähnliche Themen: Malwarebytes hat PUM.Hijack.TaskManager und Backdoor.Agent gefunden