BKA 100€ Trojaner blockt mein XP-System!

MrGodlike · 29.03.2012, 15:38

Hallo Zusammen!

Seit gestern blockt der schon oft hier beschriebene BKA Trojaner mein XP-System. Unmittelbar nach dem hochfahren öffnet sich das Teil.

Kann mir jemand helfen? Vielen Dank schomal

Gruß

markusg · 29.03.2012, 16:16

hi
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade

OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.

Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Bebilderte Anleitung: OTLpe-Scan

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

MrGodlike · 29.03.2012, 16:16

Hab mal OTL laufen lassen..

OTL.txtOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.03.2012 17:12:09 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = D:\Dokumente und Einstellungen\Dietich\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,01% Memory free
2,60 Gb Paging File | 2,12 Gb Available in Paging File | 81,63% Paging File free
Paging file location(s): D:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 29,29 Gb Total Space | 21,17 Gb Free Space | 72,28% Space Free | Partition Type: NTFS
Drive D: | 45,23 Gb Total Space | 16,90 Gb Free Space | 37,36% Space Free | Partition Type: NTFS
 
Computer Name: DIETRICH-18FE9F | User Name: Dietich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Dokumente und Einstellungen\Dietich\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - D:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - D:\WINDOWS\system32\hasplms.exe (SafeNet Inc.)
PRC - D:\Programme\Gemeinsame Dateien\Sage Software Shared\Deploymentservice.exe (Sage Software)
PRC - d:\Programme\MSSQL\MSSQL10.SAGEHW2008\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - D:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll ()
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll ()
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll ()
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll ()
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll ()
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll ()
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll ()
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - D:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - D:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3693.42508__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3693.42500__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3693.42482__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - D:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll ()
MOD - D:\WINDOWS\system32\redmonnt.dll ()
MOD - D:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TomTomHOMEService) -- D:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Apple Mobile Device) -- D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (hasplms) -- D:\WINDOWS\system32\hasplms.exe (SafeNet Inc.)
SRV - (SageDeploymentService) -- D:\Programme\Gemeinsame Dateien\Sage Software Shared\Deploymentservice.exe (Sage Software)
SRV - (MSSQL$SAGEHW2008) SQL Server (SAGEHW2008) -- d:\Programme\MSSQL\MSSQL10.SAGEHW2008\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SAGEHW2008) SQL Server-Agent (SAGEHW2008) -- d:\Programme\MSSQL\MSSQL10.SAGEHW2008\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (ose) -- D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (aksfridge) -- D:\WINDOWS\system32\drivers\aksfridge.sys (SafeNet Inc.)
DRV - (Tcpip6) -- D:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (ati2mtag) -- D:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (hardlock) -- D:\WINDOWS\system32\drivers\hardlock.sys (SafeNet Inc.)
DRV - (aksusb) -- D:\WINDOWS\system32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (xfilt) -- D:\WINDOWS\system32\drivers\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- D:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.)
DRV - (RsFx0103) -- D:\WINDOWS\system32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (akshasp) -- D:\WINDOWS\system32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (gameenum) -- D:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- D:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.01.16 20:27:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.01.16 20:27:03 | 000,000,000 | ---D | M]
 
[2012.01.03 13:16:22 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\Dietich\Anwendungsdaten\Mozilla\Extensions
[2012.01.03 13:16:22 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\Dietich\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.01.16 20:24:55 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\Dietich\Anwendungsdaten\Mozilla\Firefox\Profiles\nv8r9j33.default\extensions
[2011.10.17 20:42:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Dokumente und Einstellungen\Dietich\Anwendungsdaten\Mozilla\Firefox\Profiles\nv8r9j33.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.16 20:24:55 | 000,000,000 | ---D | M] (Adblock Plus) -- D:\Dokumente und Einstellungen\Dietich\Anwendungsdaten\Mozilla\Firefox\Profiles\nv8r9j33.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.01.16 19:20:12 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions
[2011.03.20 13:52:23 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.10.17 19:16:41 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.25 20:06:23 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.03.20 13:52:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.17 20:43:24 | 000,001,392 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.17 20:43:25 | 000,002,344 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.17 20:43:25 | 000,006,805 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.17 20:43:25 | 000,001,178 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.17 20:43:25 | 000,001,105 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FreePDF Assistant] D:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [SoundMan] D:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] D:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {13930014-765A-45D2-B85E-D82F254D4736} hxxp://192.168.1.99/WebCamX.cab (WebCamX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283358961562 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{794BA3A7-BA37-45AE-8813-82E000926A59}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: D:\Dokumente und Einstellungen\Dietich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Dokumente und Einstellungen\Dietich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.22 12:36:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.29 17:10:49 | 000,593,920 | ---- | C] (OldTimer Tools) -- D:\Dokumente und Einstellungen\Dietich\Desktop\OTL.exe
[2012.03.09 20:17:44 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Auerswald
[2012.03.09 20:17:06 | 000,000,000 | ---D | C] -- D:\Programme\Auerswald
[2012.03.09 20:16:20 | 000,262,194 | ---- | C] (Auerswald GmbH & Co. KG) -- D:\WINDOWS\System32\tpapi32.dll
[5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.29 17:10:53 | 000,593,920 | ---- | M] (OldTimer Tools) -- D:\Dokumente und Einstellungen\Dietich\Desktop\OTL.exe
[2012.03.29 17:10:47 | 000,000,422 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{A17BC205-2D0A-479A-A66B-99095D57AD0B}.job
[2012.03.29 17:08:38 | 000,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2012.03.29 17:08:11 | 000,001,088 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.29 17:08:06 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2012.03.28 18:22:00 | 000,001,092 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.28 18:15:00 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2012.03.27 19:01:55 | 000,000,762 | ---- | M] () -- D:\Dokumente und Einstellungen\Dietich\Startmenü\Programme\Autostart\cgs8h0.exe.lnk
[2012.03.27 07:52:32 | 000,165,612 | ---- | M] () -- D:\Dokumente und Einstellungen\Dietich\Desktop\PDFCreate.pdf
[2012.03.27 07:44:08 | 000,518,570 | ---- | M] () -- D:\WINDOWS\System32\perfh007.dat
[2012.03.27 07:44:08 | 000,501,860 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2012.03.27 07:44:08 | 000,106,618 | ---- | M] () -- D:\WINDOWS\System32\perfc007.dat
[2012.03.27 07:44:08 | 000,093,846 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2012.03.27 07:43:07 | 000,000,276 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.03.16 04:20:10 | 000,118,152 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.16 04:00:58 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2012.03.12 21:13:22 | 000,002,163 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk
[2012.03.09 20:17:44 | 000,001,724 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\COMfortel Set 2.7.1.lnk
[2012.03.07 12:54:17 | 005,993,660 | ---- | M] () -- D:\Dokumente und Einstellungen\Dietich\Desktop\Aufbauanleitung_Rettungssteeg.pdf
[2012.03.05 15:51:35 | 000,005,018 | ---- | M] () -- D:\Dokumente und Einstellungen\Dietich\Eigene Dateien\BV Ibald   Cochem Cond..htm
[2012.02.29 13:16:25 | 000,114,707 | ---- | M] () -- D:\Dokumente und Einstellungen\Dietich\Desktop\Essmann Balkongully.pdf
[5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.28 18:15:00 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2012.03.27 19:01:55 | 000,000,762 | ---- | C] () -- D:\Dokumente und Einstellungen\Dietich\Startmenü\Programme\Autostart\cgs8h0.exe.lnk
[2012.03.09 20:17:44 | 000,001,724 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Desktop\COMfortel Set 2.7.1.lnk
[2012.03.09 20:17:07 | 000,139,264 | ---- | C] () -- D:\WINDOWS\System32\moyocore.dll
[2012.03.09 20:16:20 | 000,315,444 | ---- | C] () -- D:\WINDOWS\System32\isdnapi32.dll
[2012.03.09 20:16:20 | 000,049,152 | ---- | C] () -- D:\WINDOWS\System32\AuerCapiJNINative.dll
[2012.03.09 20:16:20 | 000,032,768 | ---- | C] () -- D:\WINDOWS\System32\AuerUsbJNINative.dll
[2012.03.09 20:16:10 | 000,000,648 | R--- | C] () -- D:\WINDOWS\setup.iss
[2012.03.07 12:54:17 | 005,993,660 | ---- | C] () -- D:\Dokumente und Einstellungen\Dietich\Desktop\Aufbauanleitung_Rettungssteeg.pdf
[2012.03.05 15:51:35 | 000,005,018 | ---- | C] () -- D:\Dokumente und Einstellungen\Dietich\Eigene Dateien\BV Ibald   Cochem Cond..htm
[2012.02.29 13:16:25 | 000,114,707 | ---- | C] () -- D:\Dokumente und Einstellungen\Dietich\Desktop\Essmann Balkongully.pdf
[2012.02.23 13:08:40 | 000,000,143 | ---- | C] () -- D:\WINDOWS\SB30.ini
[2012.02.23 13:08:16 | 000,148,480 | ---- | C] () -- D:\WINDOWS\UNWISE.EXE
[2012.02.23 13:08:16 | 000,006,035 | ---- | C] () -- D:\WINDOWS\UNWISE.INI
[2012.02.15 09:40:19 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll
[2011.10.31 19:16:28 | 000,761,856 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2011.10.31 19:16:28 | 000,381,459 | ---- | C] () -- D:\WINDOWS\System32\Instcodec.exe
[2011.10.31 19:16:28 | 000,180,224 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2011.10.31 19:15:57 | 000,541,696 | ---- | C] () -- D:\WINDOWS\System32\IPCDCore.dll
[2011.10.31 19:15:57 | 000,421,888 | R--- | C] () -- D:\WINDOWS\System32\RTClientSDK71.dll
[2011.10.31 19:15:57 | 000,188,416 | ---- | C] () -- D:\WINDOWS\System32\decode.dll
[2011.10.31 19:15:57 | 000,131,072 | ---- | C] () -- D:\WINDOWS\System32\NetworkAPI.dll
[2011.10.31 19:15:57 | 000,001,147 | ---- | C] () -- D:\WINDOWS\System32\IPCamera.ini
[2011.10.18 21:19:33 | 000,076,712 | ---- | C] () -- D:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.10.18 20:11:31 | 000,116,224 | ---- | C] () -- D:\WINDOWS\System32\redmonnt.dll
[2011.10.18 20:11:31 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\unredmon.exe
[2011.01.12 19:38:46 | 000,019,000 | -H-- | C] () -- D:\WINDOWS\System32\mlfcache.dat
[2010.10.14 16:14:33 | 000,006,656 | ---- | C] () -- D:\Dokumente und Einstellungen\Dietich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.01 21:30:07 | 000,000,165 | ---- | C] () -- D:\WINDOWS\System32\AddPort.ini
[2010.09.01 21:29:48 | 000,000,711 | ---- | C] () -- D:\WINDOWS\hpntwksetup.ini
[2010.09.01 21:28:37 | 000,191,088 | ---- | C] () -- D:\WINDOWS\hppins10.dat
[2010.09.01 21:28:37 | 000,005,186 | ---- | C] () -- D:\WINDOWS\hppmdl10.dat
[2010.09.01 21:02:37 | 000,000,400 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2010.09.01 20:39:37 | 000,000,164 | ---- | C] () -- D:\WINDOWS\avrack.ini
[2010.09.01 20:39:31 | 000,156,672 | ---- | C] () -- D:\WINDOWS\System32\RTLCPAPI.dll
[2010.09.01 20:39:30 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\ChCfg.exe
[2010.09.01 20:38:36 | 000,003,281 | ---- | C] () -- D:\WINDOWS\Ascd_tmp.ini
[2010.09.01 20:38:32 | 000,005,824 | ---- | C] () -- D:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010.09.01 20:28:10 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2010.09.01 20:26:46 | 000,000,000 | ---- | C] () -- D:\WINDOWS\ativpsrm.bin
[2010.09.01 20:24:58 | 000,593,920 | ---- | C] () -- D:\WINDOWS\System32\ati2sgag.exe
[2010.08.31 13:07:49 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2010.08.31 13:06:02 | 000,118,152 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.31 12:27:10 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2010.08.31 12:19:15 | 000,021,740 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat

< End of report >

--- --- ---

markusg · 29.03.2012, 16:19

ok folgendes:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

MrGodlike · 29.03.2012, 16:19

hier die extras.txtOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.03.2012 17:12:09 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = D:\Dokumente und Einstellungen\Dietich\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,01% Memory free
2,60 Gb Paging File | 2,12 Gb Available in Paging File | 81,63% Paging File free
Paging file location(s): D:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 29,29 Gb Total Space | 21,17 Gb Free Space | 72,28% Space Free | Partition Type: NTFS
Drive D: | 45,23 Gb Total Space | 16,90 Gb Free Space | 37,36% Space Free | Partition Type: NTFS
 
Computer Name: DIETRICH-18FE9F | User Name: Dietich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Dokumente und Einstellungen\Dietich\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - D:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - D:\WINDOWS\system32\hasplms.exe (SafeNet Inc.)
PRC - D:\Programme\Gemeinsame Dateien\Sage Software Shared\Deploymentservice.exe (Sage Software)
PRC - d:\Programme\MSSQL\MSSQL10.SAGEHW2008\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - D:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll ()
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll ()
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll ()
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll ()
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll ()
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll ()
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll ()
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - D:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - D:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3693.42508__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3693.42500__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3693.42482__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - D:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll ()
MOD - D:\WINDOWS\system32\redmonnt.dll ()
MOD - D:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TomTomHOMEService) -- D:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Apple Mobile Device) -- D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (hasplms) -- D:\WINDOWS\system32\hasplms.exe (SafeNet Inc.)
SRV - (SageDeploymentService) -- D:\Programme\Gemeinsame Dateien\Sage Software Shared\Deploymentservice.exe (Sage Software)
SRV - (MSSQL$SAGEHW2008) SQL Server (SAGEHW2008) -- d:\Programme\MSSQL\MSSQL10.SAGEHW2008\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SAGEHW2008) SQL Server-Agent (SAGEHW2008) -- d:\Programme\MSSQL\MSSQL10.SAGEHW2008\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (ose) -- D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (aksfridge) -- D:\WINDOWS\system32\drivers\aksfridge.sys (SafeNet Inc.)
DRV - (Tcpip6) -- D:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (ati2mtag) -- D:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (hardlock) -- D:\WINDOWS\system32\drivers\hardlock.sys (SafeNet Inc.)
DRV - (aksusb) -- D:\WINDOWS\system32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (xfilt) -- D:\WINDOWS\system32\drivers\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- D:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.)
DRV - (RsFx0103) -- D:\WINDOWS\system32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (akshasp) -- D:\WINDOWS\system32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (gameenum) -- D:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- D:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.01.16 20:27:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.01.16 20:27:03 | 000,000,000 | ---D | M]
 
[2012.01.03 13:16:22 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\Dietich\Anwendungsdaten\Mozilla\Extensions
[2012.01.03 13:16:22 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\Dietich\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.01.16 20:24:55 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\Dietich\Anwendungsdaten\Mozilla\Firefox\Profiles\nv8r9j33.default\extensions
[2011.10.17 20:42:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Dokumente und Einstellungen\Dietich\Anwendungsdaten\Mozilla\Firefox\Profiles\nv8r9j33.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.16 20:24:55 | 000,000,000 | ---D | M] (Adblock Plus) -- D:\Dokumente und Einstellungen\Dietich\Anwendungsdaten\Mozilla\Firefox\Profiles\nv8r9j33.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.01.16 19:20:12 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions
[2011.03.20 13:52:23 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.10.17 19:16:41 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.25 20:06:23 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.03.20 13:52:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.17 20:43:24 | 000,001,392 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.17 20:43:25 | 000,002,344 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.17 20:43:25 | 000,006,805 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.17 20:43:25 | 000,001,178 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.17 20:43:25 | 000,001,105 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FreePDF Assistant] D:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [SoundMan] D:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] D:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {13930014-765A-45D2-B85E-D82F254D4736} hxxp://192.168.1.99/WebCamX.cab (WebCamX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283358961562 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{794BA3A7-BA37-45AE-8813-82E000926A59}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: D:\Dokumente und Einstellungen\Dietich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Dokumente und Einstellungen\Dietich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.22 12:36:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.29 17:10:49 | 000,593,920 | ---- | C] (OldTimer Tools) -- D:\Dokumente und Einstellungen\Dietich\Desktop\OTL.exe
[2012.03.09 20:17:44 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Auerswald
[2012.03.09 20:17:06 | 000,000,000 | ---D | C] -- D:\Programme\Auerswald
[2012.03.09 20:16:20 | 000,262,194 | ---- | C] (Auerswald GmbH & Co. KG) -- D:\WINDOWS\System32\tpapi32.dll
[5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.29 17:10:53 | 000,593,920 | ---- | M] (OldTimer Tools) -- D:\Dokumente und Einstellungen\Dietich\Desktop\OTL.exe
[2012.03.29 17:10:47 | 000,000,422 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{A17BC205-2D0A-479A-A66B-99095D57AD0B}.job
[2012.03.29 17:08:38 | 000,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2012.03.29 17:08:11 | 000,001,088 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.29 17:08:06 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2012.03.28 18:22:00 | 000,001,092 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.28 18:15:00 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2012.03.27 19:01:55 | 000,000,762 | ---- | M] () -- D:\Dokumente und Einstellungen\Dietich\Startmenü\Programme\Autostart\cgs8h0.exe.lnk
[2012.03.27 07:52:32 | 000,165,612 | ---- | M] () -- D:\Dokumente und Einstellungen\Dietich\Desktop\PDFCreate.pdf
[2012.03.27 07:44:08 | 000,518,570 | ---- | M] () -- D:\WINDOWS\System32\perfh007.dat
[2012.03.27 07:44:08 | 000,501,860 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2012.03.27 07:44:08 | 000,106,618 | ---- | M] () -- D:\WINDOWS\System32\perfc007.dat
[2012.03.27 07:44:08 | 000,093,846 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2012.03.27 07:43:07 | 000,000,276 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.03.16 04:20:10 | 000,118,152 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.16 04:00:58 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2012.03.12 21:13:22 | 000,002,163 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk
[2012.03.09 20:17:44 | 000,001,724 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\COMfortel Set 2.7.1.lnk
[2012.03.07 12:54:17 | 005,993,660 | ---- | M] () -- D:\Dokumente und Einstellungen\Dietich\Desktop\Aufbauanleitung_Rettungssteeg.pdf
[2012.03.05 15:51:35 | 000,005,018 | ---- | M] () -- D:\Dokumente und Einstellungen\Dietich\Eigene Dateien\BV Ibald   Cochem Cond..htm
[2012.02.29 13:16:25 | 000,114,707 | ---- | M] () -- D:\Dokumente und Einstellungen\Dietich\Desktop\Essmann Balkongully.pdf
[5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.28 18:15:00 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2012.03.27 19:01:55 | 000,000,762 | ---- | C] () -- D:\Dokumente und Einstellungen\Dietich\Startmenü\Programme\Autostart\cgs8h0.exe.lnk
[2012.03.09 20:17:44 | 000,001,724 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Desktop\COMfortel Set 2.7.1.lnk
[2012.03.09 20:17:07 | 000,139,264 | ---- | C] () -- D:\WINDOWS\System32\moyocore.dll
[2012.03.09 20:16:20 | 000,315,444 | ---- | C] () -- D:\WINDOWS\System32\isdnapi32.dll
[2012.03.09 20:16:20 | 000,049,152 | ---- | C] () -- D:\WINDOWS\System32\AuerCapiJNINative.dll
[2012.03.09 20:16:20 | 000,032,768 | ---- | C] () -- D:\WINDOWS\System32\AuerUsbJNINative.dll
[2012.03.09 20:16:10 | 000,000,648 | R--- | C] () -- D:\WINDOWS\setup.iss
[2012.03.07 12:54:17 | 005,993,660 | ---- | C] () -- D:\Dokumente und Einstellungen\Dietich\Desktop\Aufbauanleitung_Rettungssteeg.pdf
[2012.03.05 15:51:35 | 000,005,018 | ---- | C] () -- D:\Dokumente und Einstellungen\Dietich\Eigene Dateien\BV Ibald   Cochem Cond..htm
[2012.02.29 13:16:25 | 000,114,707 | ---- | C] () -- D:\Dokumente und Einstellungen\Dietich\Desktop\Essmann Balkongully.pdf
[2012.02.23 13:08:40 | 000,000,143 | ---- | C] () -- D:\WINDOWS\SB30.ini
[2012.02.23 13:08:16 | 000,148,480 | ---- | C] () -- D:\WINDOWS\UNWISE.EXE
[2012.02.23 13:08:16 | 000,006,035 | ---- | C] () -- D:\WINDOWS\UNWISE.INI
[2012.02.15 09:40:19 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll
[2011.10.31 19:16:28 | 000,761,856 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2011.10.31 19:16:28 | 000,381,459 | ---- | C] () -- D:\WINDOWS\System32\Instcodec.exe
[2011.10.31 19:16:28 | 000,180,224 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2011.10.31 19:15:57 | 000,541,696 | ---- | C] () -- D:\WINDOWS\System32\IPCDCore.dll
[2011.10.31 19:15:57 | 000,421,888 | R--- | C] () -- D:\WINDOWS\System32\RTClientSDK71.dll
[2011.10.31 19:15:57 | 000,188,416 | ---- | C] () -- D:\WINDOWS\System32\decode.dll
[2011.10.31 19:15:57 | 000,131,072 | ---- | C] () -- D:\WINDOWS\System32\NetworkAPI.dll
[2011.10.31 19:15:57 | 000,001,147 | ---- | C] () -- D:\WINDOWS\System32\IPCamera.ini
[2011.10.18 21:19:33 | 000,076,712 | ---- | C] () -- D:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.10.18 20:11:31 | 000,116,224 | ---- | C] () -- D:\WINDOWS\System32\redmonnt.dll
[2011.10.18 20:11:31 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\unredmon.exe
[2011.01.12 19:38:46 | 000,019,000 | -H-- | C] () -- D:\WINDOWS\System32\mlfcache.dat
[2010.10.14 16:14:33 | 000,006,656 | ---- | C] () -- D:\Dokumente und Einstellungen\Dietich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.01 21:30:07 | 000,000,165 | ---- | C] () -- D:\WINDOWS\System32\AddPort.ini
[2010.09.01 21:29:48 | 000,000,711 | ---- | C] () -- D:\WINDOWS\hpntwksetup.ini
[2010.09.01 21:28:37 | 000,191,088 | ---- | C] () -- D:\WINDOWS\hppins10.dat
[2010.09.01 21:28:37 | 000,005,186 | ---- | C] () -- D:\WINDOWS\hppmdl10.dat
[2010.09.01 21:02:37 | 000,000,400 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2010.09.01 20:39:37 | 000,000,164 | ---- | C] () -- D:\WINDOWS\avrack.ini
[2010.09.01 20:39:31 | 000,156,672 | ---- | C] () -- D:\WINDOWS\System32\RTLCPAPI.dll
[2010.09.01 20:39:30 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\ChCfg.exe
[2010.09.01 20:38:36 | 000,003,281 | ---- | C] () -- D:\WINDOWS\Ascd_tmp.ini
[2010.09.01 20:38:32 | 000,005,824 | ---- | C] () -- D:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010.09.01 20:28:10 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2010.09.01 20:26:46 | 000,000,000 | ---- | C] () -- D:\WINDOWS\ativpsrm.bin
[2010.09.01 20:24:58 | 000,593,920 | ---- | C] () -- D:\WINDOWS\System32\ati2sgag.exe
[2010.08.31 13:07:49 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2010.08.31 13:06:02 | 000,118,152 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.31 12:27:10 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2010.08.31 12:19:15 | 000,021,740 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat

< End of report >

--- --- ---

Hi,

hier die Log con combofix
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-03-29.02 - Dietich 29.03.2012  17:25:50.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2047.1553 [GMT 2:00]
ausgeführt von:: d:\dokumente und einstellungen\Dietich\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\dokume~1\Dietich\LOKALE~1\Temp\cgs8h0.exe
d:\dokumente und einstellungen\Dietich\Lokale Einstellungen\Temp\cgs8h0.exe
d:\dokumente und einstellungen\Dietich\WINDOWS
d:\windows\system32\dllcache\dlimport.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-28 bis 2012-03-29  ))))))))))))))))))))))))))))))
.
.
2012-03-09 18:17 . 2008-04-14 20:06	139264	------w-	d:\windows\system32\moyocore.dll
2012-03-09 18:17 . 2012-03-09 18:17	--------	d-----w-	d:\programme\Auerswald
2012-03-09 18:16 . 2003-02-21 02:42	348160	----a-r-	d:\windows\system32\msvcr71.dll
2012-03-09 18:16 . 2002-06-13 09:56	315444	----a-w-	d:\windows\system32\isdnapi32.dll
2012-03-09 18:16 . 2002-06-13 09:55	262194	----a-w-	d:\windows\system32\tpapi32.dll
2012-03-09 18:16 . 2001-01-22 14:52	49152	----a-w-	d:\windows\system32\AuerCapiJNINative.dll
2012-03-09 18:16 . 2000-07-26 09:40	32768	----a-w-	d:\windows\system32\AuerUsbJNINative.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 07:05 . 2011-06-30 05:50	414368	----a-w-	d:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57 . 2006-02-28 12:00	1860224	----a-w-	d:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 07:40	3072	------w-	d:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-08-31 10:17	139784	----a-w-	d:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"FreePDF Assistant"="d:\programme\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"SunJavaUpdateSched"="d:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="d:\programme\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
d:\dokumente und einstellungen\Dietich\Startmenü\Programme\Autostart\
cgs8h0.exe.lnk - d:\windows\system32\rundll32.exe [2006-2-28 33792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
d:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07	843712	----a-r-	d:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51	37296	----a-w-	d:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 06:51	59240	----a-w-	d:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25	59240	----a-w-	d:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 00:36	421736	----a-w-	d:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	d:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-12-05 12:34	247728	----a-w-	d:\programme\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"d:\\Programme\\Java\\jre6\\bin\\java.exe"=
"d:\\WINDOWS\\system32\\hasplms.exe"=
"d:\\Programme\\Bonjour\\mDNSResponder.exe"=
"d:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Programme\\iTunes\\iTunes.exe"=
.
R1 RsFx0103;RsFx0103 Driver;d:\windows\system32\drivers\RsFx0103.sys [30.03.2009 03:09 239336]
R2 hasplms;Sentinel HASP License Manager;d:\windows\system32\hasplms.exe  -run --> d:\windows\system32\hasplms.exe  -run [?]
R2 MSSQL$SAGEHW2008;SQL Server (SAGEHW2008);d:\programme\MSSQL\MSSQL10.SAGEHW2008\MSSQL\Binn\sqlservr.exe [30.03.2009 03:25 43010392]
R2 SageDeploymentService;Sage Verteilungsdienst;d:\programme\Gemeinsame Dateien\Sage Software Shared\Deploymentservice.exe [08.01.2010 13:28 419480]
R2 TomTomHOMEService;TomTomHOMEService;d:\programme\TomTom HOME 2\TomTomHOMEService.exe [05.12.2011 14:34 92592]
S2 gupdate;Google Update Service (gupdate);d:\programme\Google\Update\GoogleUpdate.exe [04.10.2010 15:42 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);d:\programme\Google\Update\GoogleUpdate.exe [04.10.2010 15:42 136176]
S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;d:\programme\Microsoft SQL Server\100\Shared\sqladhlp.exe [31.03.2009 06:55 47128]
S4 SQLAgent$SAGEHW2008;SQL Server-Agent (SAGEHW2008);d:\programme\MSSQL\MSSQL10.SAGEHW2008\MSSQL\Binn\SQLAGENT.EXE [30.03.2009 03:23 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-27 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-03-29 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\programme\Google\Update\GoogleUpdate.exe [2010-10-04 13:42]
.
2012-03-29 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\programme\Google\Update\GoogleUpdate.exe [2010-10-04 13:42]
.
2012-03-29 d:\windows\Tasks\User_Feed_Synchronization-{A17BC205-2D0A-479A-A66B-99095D57AD0B}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://goggle.de/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {13930014-765A-45D2-B85E-D82F254D4736} - hxxp://192.168.1.99/WebCamX.cab
FF - ProfilePath - d:\dokumente und einstellungen\Dietich\Anwendungsdaten\Mozilla\Firefox\Profiles\nv8r9j33.default\
FF - prefs.js: browser.startup.homepage - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - d:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - d:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - d:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - d:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-29 17:32
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
d:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-03-29  17:35:14
ComboFix-quarantined-files.txt  2012-03-29 15:35
.
Vor Suchlauf: 12 Verzeichnis(se), 18.115.149.824 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 19.088.371.712 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C7A2E601204F4D0C78AFBADB9AAAEE49

--- --- ---

Nachdem Combofix drübergelaufen ist, kann ich den Rechner zumindest schonmal wieder nutzen...hab allerdings noch nich neu gestartet.

markusg · 29.03.2012, 19:27

malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

BKA 100€ Trojaner blockt mein XP-System!

Plagegeister aller Art und deren Bekämpfung: BKA 100€ Trojaner blockt mein XP-System!