|
Log-Analyse und Auswertung: Verschlüsselungs-Trojaner - nix geht mehr!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.05.2012, 12:30 | #1 |
| Verschlüsselungs-Trojaner - nix geht mehr! Hallo Zusammen, finde es super, dass ihr so toll unterstützt!!!!! Der PC meines Vaters wurde befallen, er hat eine Mail bekommen, er hätte angeblich was für 780 Euro bestellt und er hat den Anhang geöffnet, boom ging nix mehr... Wenn der PC hochfährt, dauert es wenige Sekunden bevor der gleiche Bildschirm des Trojaners erscheint und nix geht mehr... Auf dem PC sind aber 2 User, das von meinem Vater funktioniert nicht mehr (infiziert), das von meine Bruder aber geht...und da erscheint kein Trojaner. Wenn ich beim 2ten User die Virussoftware laufen lasse, findet die aber nichts... Abgesicherter Modus geht auch nicht... Ich habe mir eure Anleitungen durchgelesen und hänge anbei mein Log. Ich hoffe ihr könnt weiterhelfen, mein Vater hat schon einen halben Herzinfarkt bekommen, er lässt sich noch nicht überzeugen, dass er keine 780 Euro zahlen muss...!! PS: Konnte eben den mbam malware check über den 2ten User laufen lassen, 8 infizierte Dateien gefunden und gelöscht. Ich komme jetzt auch wieder über den User meines Vaters in den PC. Werde gleich mal nochmal den mbam laufen lassen. Anbei der Log. Sind alle User jetzt sauber? Geändert von joy2lee (22.05.2012 um 13:13 Uhr) |
23.05.2012, 11:01 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs-Trojaner - nix geht mehr! Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
25.05.2012, 17:22 | #3 |
| Verschlüsselungs-Trojaner - nix geht mehr! So, endlich hatte ich die Zeit den PC meines Vaters nochmal unter die Lupe zu nehmen. Habe wie von Dir vorgeschlagen den malwarebyte VOLLScan nochmal durchgeführt. Der hat auch was gefunden, hier der LOG:
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.23.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Besitzer :: MANCINI-QQHXFDO [administrator] 23.05.2012 14:45:34 mbam-log-2012-05-23 (14-45-34).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 236281 Time elapsed: 2 hour(s), 38 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 1 -> Quarantined and deleted successfully. Registry Data Items Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 1 E:\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=f852ec419ecdbc49beb9e588e1d4bfa8 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-05-25 04:12:09 # local_time=2012-05-25 06:12:09 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1792 16777195 100 0 128746293 128746293 0 0 # compatibility_mode=8192 67108863 100 0 170417 170417 0 0 # compatibility_mode=9217 16777214 75 66 22552289 39919345 0 0 # scanned=42225 # found=2 # cleaned=0 # scan_time=3689 C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\Rechnung 2012.zip a variant of Win32/Injector.RQR trojan (unable to clean) 00000000000000000000000000000000 I C:\WINDOWS\system32\memw.exe a variant of Win32/Kryptik.AFKT trojan (unable to clean) 00000000000000000000000000000000 I Ich hoffe, dass ich das irgendwie hinkriege. Die Dateien sind ja auch noch alle verschlüsselt. Wann kann ich den Decrypter laufen lassen? (das mit den Beispieldateien in der Anleitung habe ich nicht ganz verstanden...) DANKE SCHONMAL!!!!!! |
25.05.2012, 23:05 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs-Trojaner - nix geht mehr! Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
30.05.2012, 15:06 | #5 |
| Verschlüsselungs-Trojaner - nix geht mehr! Hallo, ja der Windows Modus funktioniert wieder uneingeschränkt. Es fehlen auf den ersten Blick auch keine Sachen im Startmenu und unter alle Programme sind keine Leeren Ordner... Die Dateien sind halt alle verschlüsselt...Wat nu? |
30.05.2012, 15:21 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs-Trojaner - nix geht mehr! Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ --> Verschlüsselungs-Trojaner - nix geht mehr! |
30.05.2012, 15:53 | #7 |
| Verschlüsselungs-Trojaner - nix geht mehr! OTL.txt Code:
ATTFilter OTL logfile created on: 30.05.2012 16:36:28 - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 510,48 Mb Total Physical Memory | 336,73 Mb Available Physical Memory | 65,96% Memory free 1,22 Gb Paging File | 0,91 Gb Available in Paging File | 74,62% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,26 Gb Total Space | 25,30 Gb Free Space | 67,91% Space Free | Partition Type: NTFS Computer Name: MANCINI-QQHXFDO | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.30 16:34:08 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\OTL.exe PRC - [2011.06.09 14:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe PRC - [2011.02.18 17:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2011.02.15 17:25:42 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.26 15:34:45 | 000,147,201 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe PRC - [2008.03.07 12:00:05 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe PRC - [2008.02.12 10:06:47 | 000,262,401 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe PRC - [2007.12.13 08:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEFE.EXE PRC - [2007.05.18 18:36:44 | 000,794,624 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe PRC - [2003.05.16 08:14:26 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe ========== Modules (No Company Name) ========== MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2008.01.22 19:28:02 | 000,339,968 | ---- | M] () -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sqlite3.dll MOD - [2007.08.24 17:38:08 | 000,077,312 | ---- | M] () -- C:\Programme\Avira\AntiVir PersonalEdition Classic\unacev2.dll MOD - [2006.10.26 22:30:12 | 000,131,072 | R--- | M] () -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\EnumDevLib.dll MOD - [2005.07.20 04:53:04 | 000,966,765 | R--- | M] () -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\acAuth.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.05.30 16:15:39 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm) SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE) SRV - [2008.04.14 04:22:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv) SRV - [2008.04.14 04:22:16 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger) SRV - [2008.04.14 04:22:15 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess) SRV - [2008.04.14 04:22:07 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter) SRV - [2008.03.26 15:34:45 | 000,147,201 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2008.03.07 12:00:05 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011.02.15 17:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2010.05.13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2008.04.14 04:02:16 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia) DRV - [2008.04.14 03:58:18 | 000,154,112 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio) DRV - [2008.04.14 03:58:13 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2008.04.13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat) DRV - [2008.04.13 20:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs) DRV - [2008.03.04 13:28:49 | 000,079,424 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2008.02.18 17:07:53 | 000,049,472 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.05.21 09:29:26 | 000,235,648 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB) DRV - [2007.02.27 15:24:55 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2001.08.18 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2001.08.18 14:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC) DRV - [2001.08.18 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload) DRV - [2001.08.17 13:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.03.10 18:34:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.30 16:18:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.30 16:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.01.22 12:42:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.12.22 11:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions [2010.12.22 11:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.23 16:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\extensions [2012.02.02 12:08:55 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\doTuoUOTUjlgjGJDG [2012.02.02 12:08:55 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\duTUoTgjUglxjDJLxvpfn [2012.02.02 12:08:55 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\jQQddaaAAOOxxDlnnJJV [2012.02.02 12:08:55 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\tnpNqVNesysuotu [2012.02.02 12:08:55 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\XxjDJLGJpfnpNqVNesy [2012.05.30 16:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001.08.18 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP) O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003..\Run: [04FE9CEF] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol\8378A3F104FE9CEFA3D0.exe File not found O4 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\REALTEK USB Wireless LAN Utility.lnk = C:\Programme\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.) O4 - Startup: C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Dokumente und Einstellungen\Lorenzo\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47DDCEC0-D548-4613-80BE-FC989B599B06}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.03.28 04:46:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3d1dc533-a29f-11dd-acf7-00400c028909}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell - "" = AutoRun O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell\AutoRun\command - "" = E:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.30 16:28:29 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2012.05.30 16:26:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.30 16:18:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2012.05.30 16:18:22 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.05.23 17:50:26 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.05.23 17:49:55 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\esetsmartinstaller_enu.exe [2012.05.23 14:45:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\PCHealth [2012.05.23 14:43:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes [2012.05.22 14:31:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.05.22 14:31:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.05.22 14:31:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.05.22 14:31:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.05.21 17:07:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol [2012.05.21 17:06:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.30 16:34:02 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2012.05.30 16:22:24 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.05.30 16:18:25 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.05.30 16:13:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.05.30 16:13:41 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys [2012.05.30 15:59:21 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.05.23 17:50:16 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\esetsmartinstaller_enu.exe [2012.05.23 14:33:40 | 000,000,522 | ---- | M] () -- C:\hpfr3320.xml [2012.05.22 14:31:36 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.21 16:55:00 | 000,114,176 | ---- | M] () -- C:\GgDtAevoxuTVEXg [2012.05.21 16:55:00 | 000,000,521 | ---- | M] () -- C:\GoXgydreGqDuns [2012.05.18 15:10:34 | 005,811,800 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\gsGXanErOVUlsjqvu [2012.05.15 17:38:56 | 005,704,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\QqxQlsopuLUrafqDN [2012.05.12 12:57:29 | 000,136,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.05.11 21:50:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323 [2012.05.11 21:50:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322 [2012.05.11 21:50:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321 [2012.05.11 21:50:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320 [2012.05.11 19:08:17 | 000,448,898 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.05.11 19:08:17 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.05.11 19:08:17 | 000,080,338 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.05.11 19:08:17 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.05.11 19:02:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.05.07 11:31:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.30 16:34:02 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2012.05.30 16:34:01 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk [2012.05.30 16:15:41 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.05.23 14:33:39 | 000,000,522 | ---- | C] () -- C:\hpfr3320.xml [2012.05.22 14:31:36 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325 [2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324 [2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323 [2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322 [2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321 [2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320 [2012.02.19 11:39:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.28 12:31:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.05.07 14:33:56 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI ========== LOP Check ========== [2009.07.07 18:21:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2008.04.26 14:28:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2011.09.07 16:14:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\CheckPoint [2012.05.22 13:54:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol [2008.11.03 17:32:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OpenOffice.org [2010.12.22 11:55:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Thunderbird [2011.02.10 12:56:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Watchtower [2011.09.09 17:38:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lorenzo\Anwendungsdaten\CheckPoint [2011.10.23 19:49:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lorenzo\Anwendungsdaten\OpenOffice.org ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.04.30 13:48:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Adobe [2011.09.07 16:14:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\CheckPoint [2008.04.09 15:51:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Help [2008.03.28 04:51:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Identities [2008.04.15 13:15:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\InstallShield [2012.05.22 13:54:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol [2009.01.13 18:00:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia [2012.05.23 14:43:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes [2012.05.21 17:11:26 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft [2009.07.28 06:58:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla [2009.09.07 19:55:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\MSN6 [2008.11.03 17:32:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OpenOffice.org [2008.11.03 17:25:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sun [2008.10.25 16:26:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Talkback [2010.12.22 11:55:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Thunderbird [2011.02.10 12:56:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Watchtower < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.10.27 19:24:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008.10.27 19:24:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.10.27 19:24:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008.10.27 19:24:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2003.01.01 03:16:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2003.01.01 03:16:15 | 000,610,304 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2003.01.01 03:16:15 | 000,409,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.05.2012 16:36:28 - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 510,48 Mb Total Physical Memory | 336,73 Mb Available Physical Memory | 65,96% Memory free 1,22 Gb Paging File | 0,91 Gb Available in Paging File | 74,62% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,26 Gb Total Space | 25,30 Gb Free Space | 67,91% Space Free | Partition Type: NTFS Computer Name: MANCINI-QQHXFDO | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-1220945662-1078081533-839522115-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1E36941C-7A4D-4E08-8B4B-3B556C45C528}" = Watchtower Library 2010 - Italiano "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK USB Wireless LAN Driver and Utility "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F672B967-BC29-4C4D-A16A-C71C0B9DC656}" = Watchtower Library 2011 - Italiano "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AntiVir PersonalEdition Classic" = Avira AntiVir Personal – Free Antivirus "EPSON Scanner" = EPSON Scan "EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall "EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch "ESET Online Scanner" = ESET Online Scanner v3 "hp deskjet 3320 series" = hp deskjet 3320 series (nur entfernen) "hp deskjet 3320 series_Driver" = hp deskjet 3320 series "ie8" = Windows Internet Explorer 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "ZoneAlarm" = ZoneAlarm "ZoneAlarm Free" = ZoneAlarm Free "ZoneAlarm Toolbar" = ZoneAlarm Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 23.05.2012 08:38:28 | Computer Name = MANCINI-QQHXFDO | Source = MsiInstaller | ID = 1023 Description = Produkt: Microsoft .NET Framework 2.0 Service Pack 2 - Update "KB2518864" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\WINDOWS\system32\config\SYSTEM~1\LOKALE~1\Temp\Microsoft .NET Framework 2.0-KB2518864_20120523_123759734-Msi0.txt enthalten. Error - 23.05.2012 08:38:36 | Computer Name = MANCINI-QQHXFDO | Source = HotFixInstaller | ID = 5000 Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2518864, P2 1031, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10 1719. Error - 23.05.2012 11:50:20 | Computer Name = MANCINI-QQHXFDO | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 23.05.2012 11:50:21 | Computer Name = MANCINI-QQHXFDO | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 23.05.2012 11:56:21 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 23.05.2012 11:56:58 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 23.05.2012 11:57:16 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 25.05.2012 11:01:28 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 25.05.2012 11:01:51 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 25.05.2012 11:01:54 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ Application Events ] Error - 23.05.2012 08:38:28 | Computer Name = MANCINI-QQHXFDO | Source = MsiInstaller | ID = 1023 Description = Produkt: Microsoft .NET Framework 2.0 Service Pack 2 - Update "KB2518864" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\WINDOWS\system32\config\SYSTEM~1\LOKALE~1\Temp\Microsoft .NET Framework 2.0-KB2518864_20120523_123759734-Msi0.txt enthalten. Error - 23.05.2012 08:38:36 | Computer Name = MANCINI-QQHXFDO | Source = HotFixInstaller | ID = 5000 Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2518864, P2 1031, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10 1719. Error - 23.05.2012 11:50:20 | Computer Name = MANCINI-QQHXFDO | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 23.05.2012 11:50:21 | Computer Name = MANCINI-QQHXFDO | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 23.05.2012 11:56:21 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 23.05.2012 11:56:58 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 23.05.2012 11:57:16 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 25.05.2012 11:01:28 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 25.05.2012 11:01:51 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 25.05.2012 11:01:54 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 21.05.2012 11:31:23 | Computer Name = MANCINI-QQHXFDO | Source = DCOM | ID = 10010 Description = Der Server "{80EE4901-33A8-11D1-A213-0080C88593A5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 22.05.2012 08:02:54 | Computer Name = MANCINI-QQHXFDO | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. Error - 23.05.2012 11:44:28 | Computer Name = MANCINI-QQHXFDO | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. < End of report > |
30.05.2012, 20:30 | #8 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs-Trojaner - nix geht mehr!Zitat:
Mach danach bitte wieder ein neues OTL-Log wie o.g.
__________________ Logfiles bitte immer in CODE-Tags posten |
01.06.2012, 15:57 | #9 |
| Verschlüsselungs-Trojaner - nix geht mehr! So, Zone Alarm deinstalliert, neue OTL: Code:
ATTFilter OTL logfile created on: 01.06.2012 16:38:44 - Run 2 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 510,48 Mb Total Physical Memory | 230,09 Mb Available Physical Memory | 45,07% Memory free 1,22 Gb Paging File | 0,92 Gb Available in Paging File | 75,82% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,26 Gb Total Space | 25,44 Gb Free Space | 68,27% Space Free | Partition Type: NTFS Computer Name: MANCINI-QQHXFDO | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.30 16:34:08 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\OTL.exe PRC - [2012.04.21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.06.09 14:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2008.09.30 17:57:54 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2008.09.30 17:57:32 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.26 15:34:45 | 000,147,201 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe PRC - [2008.03.07 12:00:05 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe PRC - [2008.02.12 10:06:47 | 000,262,401 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe PRC - [2007.12.13 08:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEFE.EXE PRC - [2007.05.18 18:36:44 | 000,794,624 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe PRC - [2003.05.16 08:14:26 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe ========== Modules (No Company Name) ========== MOD - [2012.04.21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2008.07.29 15:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2008.01.22 19:28:02 | 000,339,968 | ---- | M] () -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sqlite3.dll MOD - [2007.08.24 17:38:08 | 000,077,312 | ---- | M] () -- C:\Programme\Avira\AntiVir PersonalEdition Classic\unacev2.dll MOD - [2006.10.26 22:30:12 | 000,131,072 | R--- | M] () -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\EnumDevLib.dll MOD - [2005.07.20 04:53:04 | 000,966,765 | R--- | M] () -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\acAuth.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.05.30 16:15:39 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm) SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE) SRV - [2008.04.14 04:22:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv) SRV - [2008.04.14 04:22:16 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger) SRV - [2008.04.14 04:22:15 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess) SRV - [2008.04.14 04:22:07 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter) SRV - [2008.03.26 15:34:45 | 000,147,201 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2008.03.07 12:00:05 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2008.04.14 04:02:16 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia) DRV - [2008.04.14 03:58:18 | 000,154,112 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio) DRV - [2008.04.14 03:58:13 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2008.04.13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat) DRV - [2008.04.13 20:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs) DRV - [2008.03.04 13:28:49 | 000,079,424 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2008.02.18 17:07:53 | 000,049,472 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.05.21 09:29:26 | 000,235,648 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB) DRV - [2007.02.27 15:24:55 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2001.08.18 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2001.08.18 14:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC) DRV - [2001.08.18 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload) DRV - [2001.08.17 13:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.30 16:18:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.30 16:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.01.22 12:42:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.12.22 11:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions [2010.12.22 11:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.23 16:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\extensions [2012.02.02 12:08:55 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\doTuoUOTUjlgjGJDG [2012.02.02 12:08:55 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\duTUoTgjUglxjDJLxvpfn [2012.02.02 12:08:55 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\jQQddaaAAOOxxDlnnJJV [2012.02.02 12:08:55 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\tnpNqVNesysuotu [2012.02.02 12:08:55 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\XxjDJLGJpfnpNqVNesy [2012.05.30 16:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001.08.18 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP) O4 - HKLM..\Run: [ISW] "C:\Programme\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003..\Run: [04FE9CEF] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol\8378A3F104FE9CEFA3D0.exe File not found O4 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\REALTEK USB Wireless LAN Utility.lnk = C:\Programme\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.) O4 - Startup: C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Dokumente und Einstellungen\Lorenzo\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47DDCEC0-D548-4613-80BE-FC989B599B06}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.03.28 04:46:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3d1dc533-a29f-11dd-acf7-00400c028909}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell - "" = AutoRun O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell\AutoRun\command - "" = E:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.01 16:35:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2012.06.01 16:33:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data [2012.05.30 16:28:29 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2012.05.30 16:26:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.30 16:18:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2012.05.30 16:18:22 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.05.23 17:50:26 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.05.23 17:49:55 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\esetsmartinstaller_enu.exe [2012.05.23 14:45:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\PCHealth [2012.05.23 14:43:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes [2012.05.22 14:31:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.05.22 14:31:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.05.22 14:31:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.05.22 14:31:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.05.21 17:07:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol [2012.05.21 17:06:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.01 16:34:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.01 16:34:39 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys [2012.06.01 16:30:40 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2012.06.01 16:24:44 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.05.30 17:22:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.05.30 16:34:02 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2012.05.30 16:18:25 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.05.23 17:50:16 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\esetsmartinstaller_enu.exe [2012.05.23 14:33:40 | 000,000,522 | ---- | M] () -- C:\hpfr3320.xml [2012.05.22 14:31:36 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.21 16:55:00 | 000,114,176 | ---- | M] () -- C:\GgDtAevoxuTVEXg [2012.05.21 16:55:00 | 000,000,521 | ---- | M] () -- C:\GoXgydreGqDuns [2012.05.18 15:10:34 | 005,811,800 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\gsGXanErOVUlsjqvu [2012.05.15 17:38:56 | 005,704,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\QqxQlsopuLUrafqDN [2012.05.12 12:57:29 | 000,136,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.05.11 21:50:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323 [2012.05.11 21:50:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322 [2012.05.11 21:50:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321 [2012.05.11 21:50:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320 [2012.05.11 19:08:17 | 000,448,898 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.05.11 19:08:17 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.05.11 19:08:17 | 000,080,338 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.05.11 19:08:17 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.05.11 19:02:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.05.07 11:31:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.01 16:30:40 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2012.05.30 16:34:02 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2012.05.30 16:34:01 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk [2012.05.30 16:15:41 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.05.23 14:33:39 | 000,000,522 | ---- | C] () -- C:\hpfr3320.xml [2012.05.22 14:31:36 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325 [2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324 [2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323 [2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322 [2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321 [2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320 [2012.02.19 11:39:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.28 12:31:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.05.07 14:33:56 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI ========== LOP Check ========== [2009.07.07 18:21:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2008.04.26 14:28:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2012.06.01 16:28:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\CheckPoint [2012.05.22 13:54:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol [2008.11.03 17:32:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OpenOffice.org [2010.12.22 11:55:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Thunderbird [2011.02.10 12:56:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Watchtower [2011.09.09 17:38:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lorenzo\Anwendungsdaten\CheckPoint [2011.10.23 19:49:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lorenzo\Anwendungsdaten\OpenOffice.org ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.04.30 13:48:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Adobe [2012.06.01 16:28:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\CheckPoint [2008.04.09 15:51:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Help [2008.03.28 04:51:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Identities [2008.04.15 13:15:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\InstallShield [2012.05.22 13:54:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol [2009.01.13 18:00:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia [2012.05.23 14:43:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes [2012.05.21 17:11:26 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft [2009.07.28 06:58:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla [2009.09.07 19:55:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\MSN6 [2008.11.03 17:32:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OpenOffice.org [2008.11.03 17:25:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sun [2008.10.25 16:26:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Talkback [2010.12.22 11:55:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Thunderbird [2011.02.10 12:56:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Watchtower < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.10.27 19:24:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008.10.27 19:24:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.10.27 19:24:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008.10.27 19:24:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2003.01.01 03:16:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2003.01.01 03:16:15 | 000,610,304 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2003.01.01 03:16:15 | 000,409,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > Was nun, kann ich die Dateien entschlüsseln? Wie genau? Fragen über Fragen...ich DANKE nochmal vielmals im Voraus!!! :-) |
02.06.2012, 15:52 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs-Trojaner - nix geht mehr! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 [2012.02.02 12:08:55 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\doTuoUOTUjlgjGJDG [2012.02.02 12:08:55 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\duTUoTgjUglxjDJLxvpfn [2012.02.02 12:08:55 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\jQQddaaAAOOxxDlnnJJV [2012.02.02 12:08:55 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\tnpNqVNesysuotu [2012.02.02 12:08:55 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\XxjDJLGJpfnpNqVNesy O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O4 - HKLM..\Run: [ISW] "C:\Programme\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003..\Run: [04FE9CEF] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol\8378A3F104FE9CEFA3D0.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.03.28 04:46:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3d1dc533-a29f-11dd-acf7-00400c028909}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell - "" = AutoRun O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell\AutoRun\command - "" = E:\pushinst.exe :Files C:\WINDOWS\Internet Logs C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol C:\GgDtAevoxuTVEXg C:\GoXgydreGqDuns C:\WINDOWS\System32\winsh32? :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
02.06.2012, 19:36 | #11 |
| Verschlüsselungs-Trojaner - nix geht mehr! erledigt. Habe aber vergessen All Users anzuklicken, ist das schlimm? Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-1220945662-1078081533-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ deleted successfully. C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll moved successfully. HKEY_USERS\S-1-5-21-1220945662-1078081533-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1220945662-1078081533-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\doTuoUOTUjlgjGJDG moved successfully. C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\duTUoTgjUglxjDJLxvpfn moved successfully. C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\jQQddaaAAOOxxDlnnJJV moved successfully. C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\tnpNqVNesysuotu moved successfully. C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\XxjDJLGJpfnpNqVNesy moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found. File C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found. File Sicherheit\prxtbZone.dll not found. Registry value HKEY_USERS\S-1-5-21-1220945662-1078081533-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found. Registry value HKEY_USERS\S-1-5-21-1220945662-1078081533-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}\ not found. File Sicherheit\prxtbZone.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISW deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry value HKEY_USERS\S-1-5-21-1220945662-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\04FE9CEF deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-21-1220945662-1078081533-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\AUTOEXEC.BAT moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d1dc533-a29f-11dd-acf7-00400c028909}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d1dc533-a29f-11dd-acf7-00400c028909}\ not found. File E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\ not found. File E:\pushinst.exe not found. ========== FILES ========== C:\WINDOWS\Internet Logs folder moved successfully. C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol folder moved successfully. C:\GgDtAevoxuTVEXg moved successfully. C:\GoXgydreGqDuns moved successfully. C:\WINDOWS\System32\winsh320 moved successfully. C:\WINDOWS\System32\winsh321 moved successfully. C:\WINDOWS\System32\winsh322 moved successfully. C:\WINDOWS\System32\winsh323 moved successfully. C:\WINDOWS\System32\winsh324 moved successfully. C:\WINDOWS\System32\winsh325 moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Besitzer ->Temp folder emptied: 207802097 bytes ->Temporary Internet Files folder emptied: 76447096 bytes ->Java cache emptied: 16 bytes ->FireFox cache emptied: 79811047 bytes ->Flash cache emptied: 45314 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 2204040 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Lorenzo ->Temp folder emptied: 130740055 bytes ->Temporary Internet Files folder emptied: 25395127 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 129700305 bytes ->Flash cache emptied: 2792 bytes User: NetworkService ->Temp folder emptied: 2132440 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1138908 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 19934648 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 644,00 mb [EMPTYFLASH] User: All Users User: Besitzer ->Flash cache emptied: 0 bytes User: Default User User: LocalService User: Lorenzo ->Flash cache emptied: 0 bytes User: NetworkService Total Flash Files Cleaned = 0,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.44.0 log created on 06022012_202442 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
02.06.2012, 20:57 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs-Trojaner - nix geht mehr! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
02.06.2012, 21:40 | #13 |
| Verschlüsselungs-Trojaner - nix geht mehr! So, hier das TDSS LOG: Code:
ATTFilter 22:34:51.0125 1236 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 22:34:51.0453 1236 ============================================================ 22:34:51.0453 1236 Current date / time: 2012/06/02 22:34:51.0453 22:34:51.0453 1236 SystemInfo: 22:34:51.0453 1236 22:34:51.0453 1236 OS Version: 5.1.2600 ServicePack: 3.0 22:34:51.0453 1236 Product type: Workstation 22:34:51.0453 1236 ComputerName: MANCINI-QQHXFDO 22:34:51.0453 1236 UserName: Besitzer 22:34:51.0453 1236 Windows directory: C:\WINDOWS 22:34:51.0453 1236 System windows directory: C:\WINDOWS 22:34:51.0453 1236 Processor architecture: Intel x86 22:34:51.0453 1236 Number of processors: 1 22:34:51.0453 1236 Page size: 0x1000 22:34:51.0453 1236 Boot type: Normal boot 22:34:51.0453 1236 ============================================================ 22:34:53.0718 1236 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 22:34:53.0718 1236 Drive \Device\Harddisk1\DR2 - Size: 0x1E880000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 22:34:53.0734 1236 ============================================================ 22:34:53.0734 1236 \Device\Harddisk0\DR0: 22:34:53.0734 1236 MBR partitions: 22:34:53.0734 1236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1 22:34:53.0734 1236 \Device\Harddisk1\DR2: 22:34:53.0734 1236 MBR partitions: 22:34:53.0734 1236 ============================================================ 22:34:54.0000 1236 C: <-> \Device\Harddisk0\DR0\Partition0 22:34:54.0062 1236 ============================================================ 22:34:54.0062 1236 Initialize success 22:34:54.0062 1236 ============================================================ 22:35:17.0484 2084 ============================================================ 22:35:17.0484 2084 Scan started 22:35:17.0484 2084 Mode: Manual; SigCheck; TDLFS; 22:35:17.0484 2084 ============================================================ 22:35:17.0781 2084 Abiosdsk - ok 22:35:17.0812 2084 abp480n5 - ok 22:35:17.0906 2084 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 22:35:18.0859 2084 ACPI - ok 22:35:18.0906 2084 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 22:35:19.0171 2084 ACPIEC - ok 22:35:19.0343 2084 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 22:35:19.0406 2084 AdobeFlashPlayerUpdateSvc - ok 22:35:19.0421 2084 adpu160m - ok 22:35:19.0484 2084 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys 22:35:19.0531 2084 AegisP ( UnsignedFile.Multi.Generic ) - warning 22:35:19.0531 2084 AegisP - detected UnsignedFile.Multi.Generic (1) 22:35:19.0625 2084 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 22:35:19.0671 2084 AFD - ok 22:35:19.0687 2084 Aha154x - ok 22:35:19.0718 2084 aic78u2 - ok 22:35:19.0750 2084 aic78xx - ok 22:35:19.0812 2084 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll 22:35:20.0031 2084 Alerter - ok 22:35:20.0078 2084 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe 22:35:20.0281 2084 ALG - ok 22:35:20.0296 2084 AliIde - ok 22:35:20.0375 2084 AmdK7 (3a0dafac778236559c14c7203fb550eb) C:\WINDOWS\system32\DRIVERS\amdk7.sys 22:35:20.0562 2084 AmdK7 - ok 22:35:20.0609 2084 amsint - ok 22:35:20.0812 2084 AntiVirScheduler (1c51917c9b30530a781f438f6a4ac49f) C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe 22:35:20.0828 2084 AntiVirScheduler ( UnsignedFile.Multi.Generic ) - warning 22:35:20.0828 2084 AntiVirScheduler - detected UnsignedFile.Multi.Generic (1) 22:35:20.0921 2084 AntiVirService (980825559f7c70b565add5f5c71cfe8f) C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe 22:35:20.0953 2084 AntiVirService ( UnsignedFile.Multi.Generic ) - warning 22:35:20.0953 2084 AntiVirService - detected UnsignedFile.Multi.Generic (1) 22:35:20.0984 2084 AppMgmt - ok 22:35:21.0015 2084 asc - ok 22:35:21.0046 2084 asc3350p - ok 22:35:21.0093 2084 asc3550 - ok 22:35:21.0312 2084 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 22:35:21.0421 2084 aspnet_state - ok 22:35:21.0468 2084 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 22:35:21.0687 2084 AsyncMac - ok 22:35:21.0750 2084 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 22:35:21.0921 2084 atapi - ok 22:35:21.0953 2084 Atdisk - ok 22:35:22.0000 2084 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 22:35:22.0187 2084 Atmarpc - ok 22:35:22.0250 2084 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll 22:35:22.0421 2084 AudioSrv - ok 22:35:22.0500 2084 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 22:35:22.0718 2084 audstub - ok 22:35:22.0750 2084 avgio (71a751d7f8b0219bcf827596fc5af318) C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys 22:35:22.0750 2084 avgio - ok 22:35:22.0843 2084 avgntflt (37f8550dcd2bb6a3c0d38b48559f0380) C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 22:35:22.0843 2084 avgntflt - ok 22:35:22.0937 2084 avipbb (f41752812e23bdbdcafec310c38ab3fa) C:\WINDOWS\system32\DRIVERS\avipbb.sys 22:35:22.0937 2084 avipbb - ok 22:35:23.0046 2084 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 22:35:23.0281 2084 Beep - ok 22:35:23.0390 2084 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll 22:35:23.0765 2084 BITS - ok 22:35:23.0843 2084 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll 22:35:24.0015 2084 Browser - ok 22:35:24.0046 2084 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 22:35:24.0296 2084 cbidf2k - ok 22:35:24.0312 2084 cd20xrnt - ok 22:35:24.0390 2084 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 22:35:24.0640 2084 Cdaudio - ok 22:35:24.0718 2084 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 22:35:24.0890 2084 Cdfs - ok 22:35:24.0937 2084 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 22:35:25.0109 2084 Cdrom - ok 22:35:25.0140 2084 Changer - ok 22:35:25.0203 2084 cisvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\System32\cisvc.exe 22:35:25.0390 2084 cisvc - ok 22:35:25.0437 2084 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe 22:35:25.0609 2084 ClipSrv - ok 22:35:25.0703 2084 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:35:25.0812 2084 clr_optimization_v2.0.50727_32 - ok 22:35:25.0828 2084 CmdIde - ok 22:35:25.0859 2084 COMSysApp - ok 22:35:25.0906 2084 Cpqarray - ok 22:35:25.0984 2084 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll 22:35:26.0156 2084 CryptSvc - ok 22:35:26.0171 2084 dac2w2k - ok 22:35:26.0203 2084 dac960nt - ok 22:35:26.0296 2084 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll 22:35:26.0390 2084 DcomLaunch - ok 22:35:26.0484 2084 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll 22:35:26.0687 2084 Dhcp - ok 22:35:26.0734 2084 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 22:35:26.0906 2084 Disk - ok 22:35:26.0937 2084 dmadmin - ok 22:35:27.0046 2084 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 22:35:27.0312 2084 dmboot - ok 22:35:27.0375 2084 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 22:35:27.0562 2084 dmio - ok 22:35:27.0640 2084 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 22:35:27.0890 2084 dmload - ok 22:35:27.0937 2084 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll 22:35:28.0125 2084 dmserver - ok 22:35:28.0203 2084 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll 22:35:28.0296 2084 Dnscache - ok 22:35:28.0375 2084 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll 22:35:28.0562 2084 Dot3svc - ok 22:35:28.0593 2084 dpti2o - ok 22:35:28.0640 2084 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll 22:35:28.0796 2084 EapHost - ok 22:35:28.0875 2084 EAPPkt (d82414ec520453efe2eba936f6a9115a) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys 22:35:28.0906 2084 EAPPkt ( UnsignedFile.Multi.Generic ) - warning 22:35:28.0906 2084 EAPPkt - detected UnsignedFile.Multi.Generic (1) 22:35:28.0968 2084 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll 22:35:29.0140 2084 ERSvc - ok 22:35:29.0234 2084 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 22:35:29.0265 2084 Eventlog - ok 22:35:29.0375 2084 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll 22:35:29.0468 2084 EventSystem - ok 22:35:29.0546 2084 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 22:35:29.0718 2084 Fastfat - ok 22:35:29.0796 2084 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 22:35:29.0828 2084 FastUserSwitchingCompatibility - ok 22:35:29.0859 2084 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 22:35:30.0031 2084 Fdc - ok 22:35:30.0093 2084 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys 22:35:30.0296 2084 FETNDIS - ok 22:35:30.0343 2084 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 22:35:30.0515 2084 Fips - ok 22:35:30.0578 2084 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 22:35:30.0765 2084 Flpydisk - ok 22:35:30.0796 2084 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 22:35:30.0968 2084 FltMgr - ok 22:35:31.0125 2084 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 22:35:31.0250 2084 FontCache3.0.0.0 - ok 22:35:31.0328 2084 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 22:35:31.0546 2084 Fs_Rec - ok 22:35:31.0593 2084 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 22:35:31.0828 2084 Ftdisk - ok 22:35:31.0906 2084 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 22:35:32.0062 2084 Gpc - ok 22:35:32.0312 2084 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 22:35:32.0484 2084 helpsvc - ok 22:35:32.0578 2084 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll 22:35:32.0734 2084 HidServ - ok 22:35:32.0765 2084 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 22:35:32.0937 2084 hidusb - ok 22:35:33.0000 2084 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll 22:35:33.0156 2084 hkmsvc - ok 22:35:33.0187 2084 hpn - ok 22:35:33.0203 2084 hpt3xx - ok 22:35:33.0296 2084 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 22:35:33.0328 2084 HTTP - ok 22:35:33.0406 2084 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll 22:35:33.0578 2084 HTTPFilter - ok 22:35:33.0609 2084 i2omgmt - ok 22:35:33.0640 2084 i2omp - ok 22:35:33.0734 2084 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 22:35:33.0890 2084 i8042prt - ok 22:35:34.0093 2084 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:35:34.0343 2084 idsvc - ok 22:35:34.0406 2084 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 22:35:34.0593 2084 Imapi - ok 22:35:34.0703 2084 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\System32\imapi.exe 22:35:34.0859 2084 ImapiService - ok 22:35:34.0906 2084 ini910u - ok 22:35:34.0968 2084 IntelIde - ok 22:35:35.0046 2084 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 22:35:35.0234 2084 ip6fw - ok 22:35:35.0281 2084 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 22:35:35.0531 2084 IpFilterDriver - ok 22:35:35.0578 2084 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 22:35:35.0765 2084 IpInIp - ok 22:35:35.0812 2084 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 22:35:35.0968 2084 IpNat - ok 22:35:36.0031 2084 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 22:35:36.0203 2084 IPSec - ok 22:35:36.0265 2084 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 22:35:36.0437 2084 IRENUM - ok 22:35:36.0468 2084 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 22:35:36.0640 2084 isapnp - ok 22:35:36.0890 2084 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe 22:35:36.0906 2084 JavaQuickStarterService - ok 22:35:36.0937 2084 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 22:35:37.0109 2084 Kbdclass - ok 22:35:37.0171 2084 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 22:35:37.0343 2084 kbdhid - ok 22:35:37.0421 2084 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 22:35:37.0515 2084 KSecDD - ok 22:35:37.0593 2084 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll 22:35:37.0625 2084 lanmanserver - ok 22:35:37.0718 2084 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll 22:35:37.0765 2084 lanmanworkstation - ok 22:35:37.0796 2084 lbrtfdc - ok 22:35:37.0906 2084 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll 22:35:38.0078 2084 LmHosts - ok 22:35:38.0359 2084 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll 22:35:38.0531 2084 Messenger - ok 22:35:38.0593 2084 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 22:35:38.0796 2084 mnmdd - ok 22:35:38.0890 2084 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe 22:35:39.0062 2084 mnmsrvc - ok 22:35:39.0140 2084 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 22:35:39.0328 2084 Modem - ok 22:35:39.0375 2084 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 22:35:39.0531 2084 Mouclass - ok 22:35:39.0781 2084 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 22:35:39.0984 2084 mouhid - ok 22:35:40.0031 2084 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 22:35:40.0171 2084 MountMgr - ok 22:35:40.0281 2084 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 22:35:40.0343 2084 MozillaMaintenance - ok 22:35:40.0359 2084 mraid35x - ok 22:35:40.0406 2084 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 22:35:40.0625 2084 MRxDAV - ok 22:35:40.0734 2084 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 22:35:40.0812 2084 MRxSmb - ok 22:35:40.0875 2084 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe 22:35:41.0046 2084 MSDTC - ok 22:35:41.0125 2084 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 22:35:41.0312 2084 Msfs - ok 22:35:41.0328 2084 MSIServer - ok 22:35:41.0375 2084 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 22:35:41.0500 2084 mssmbios - ok 22:35:41.0593 2084 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 22:35:41.0671 2084 Mup - ok 22:35:41.0765 2084 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll 22:35:41.0953 2084 napagent - ok 22:35:42.0046 2084 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 22:35:42.0203 2084 NDIS - ok 22:35:42.0281 2084 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 22:35:42.0312 2084 NdisTapi - ok 22:35:42.0343 2084 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 22:35:42.0500 2084 Ndisuio - ok 22:35:42.0531 2084 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 22:35:42.0687 2084 NdisWan - ok 22:35:42.0765 2084 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 22:35:42.0859 2084 NDProxy - ok 22:35:42.0937 2084 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 22:35:43.0109 2084 NetBIOS - ok 22:35:43.0156 2084 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 22:35:43.0328 2084 NetBT - ok 22:35:43.0421 2084 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 22:35:43.0593 2084 NetDDE - ok 22:35:43.0625 2084 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 22:35:43.0781 2084 NetDDEdsdm - ok 22:35:43.0843 2084 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe 22:35:43.0984 2084 Netlogon - ok 22:35:44.0062 2084 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll 22:35:44.0234 2084 Netman - ok 22:35:44.0421 2084 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:35:44.0453 2084 NetTcpPortSharing - ok 22:35:44.0562 2084 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll 22:35:44.0593 2084 Nla - ok 22:35:44.0656 2084 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 22:35:44.0828 2084 Npfs - ok 22:35:44.0890 2084 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 22:35:45.0171 2084 Ntfs - ok 22:35:45.0187 2084 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe 22:35:45.0359 2084 NtLmSsp - ok 22:35:45.0468 2084 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll 22:35:45.0781 2084 NtmsSvc - ok 22:35:45.0859 2084 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 22:35:46.0093 2084 Null - ok 22:35:46.0328 2084 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 22:35:46.0671 2084 nv - ok 22:35:46.0968 2084 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys 22:35:47.0281 2084 nv4 - ok 22:35:47.0343 2084 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 22:35:47.0625 2084 NwlnkFlt - ok 22:35:47.0656 2084 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 22:35:47.0906 2084 NwlnkFwd - ok 22:35:48.0015 2084 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 22:35:48.0171 2084 Parport - ok 22:35:48.0203 2084 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 22:35:48.0375 2084 PartMgr - ok 22:35:48.0437 2084 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 22:35:48.0671 2084 ParVdm - ok 22:35:48.0718 2084 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 22:35:48.0843 2084 PCI - ok 22:35:48.0890 2084 PCIDump - ok 22:35:48.0921 2084 PCIIde - ok 22:35:49.0031 2084 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 22:35:49.0187 2084 Pcmcia - ok 22:35:49.0218 2084 PDCOMP - ok 22:35:49.0250 2084 PDFRAME - ok 22:35:49.0281 2084 PDRELI - ok 22:35:49.0296 2084 PDRFRAME - ok 22:35:49.0328 2084 perc2 - ok 22:35:49.0375 2084 perc2hib - ok 22:35:49.0515 2084 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 22:35:49.0546 2084 PlugPlay - ok 22:35:49.0625 2084 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe 22:35:49.0765 2084 PolicyAgent - ok 22:35:49.0843 2084 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 22:35:50.0000 2084 PptpMiniport - ok 22:35:50.0046 2084 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 22:35:50.0234 2084 Processor - ok 22:35:50.0265 2084 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 22:35:50.0406 2084 ProtectedStorage - ok 22:35:50.0437 2084 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 22:35:50.0593 2084 PSched - ok 22:35:50.0671 2084 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 22:35:50.0906 2084 Ptilink - ok 22:35:50.0937 2084 ql1080 - ok 22:35:50.0968 2084 Ql10wnt - ok 22:35:50.0984 2084 ql12160 - ok 22:35:51.0015 2084 ql1240 - ok 22:35:51.0046 2084 ql1280 - ok 22:35:51.0093 2084 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 22:35:51.0328 2084 RasAcd - ok 22:35:51.0421 2084 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll 22:35:51.0562 2084 RasAuto - ok 22:35:51.0593 2084 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 22:35:51.0765 2084 Rasl2tp - ok 22:35:51.0859 2084 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll 22:35:52.0031 2084 RasMan - ok 22:35:52.0078 2084 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 22:35:52.0234 2084 RasPppoe - ok 22:35:52.0265 2084 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 22:35:52.0500 2084 Raspti - ok 22:35:52.0546 2084 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 22:35:52.0718 2084 Rdbss - ok 22:35:52.0750 2084 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 22:35:52.0984 2084 RDPCDD - ok 22:35:53.0078 2084 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 22:35:53.0109 2084 RDPWD - ok 22:35:53.0218 2084 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe 22:35:53.0359 2084 RDSessMgr - ok 22:35:53.0421 2084 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 22:35:53.0578 2084 redbook - ok 22:35:53.0625 2084 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll 22:35:53.0796 2084 RemoteAccess - ok 22:35:53.0859 2084 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe 22:35:54.0031 2084 RpcLocator - ok 22:35:54.0140 2084 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll 22:35:54.0187 2084 RpcSs - ok 22:35:54.0265 2084 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe 22:35:54.0484 2084 RSVP - ok 22:35:54.0593 2084 RTLWUSB (0b3b199ab00cfa82747d0892c027c077) C:\WINDOWS\system32\DRIVERS\RTL8187.sys 22:35:54.0687 2084 RTLWUSB - ok 22:35:54.0750 2084 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 22:35:54.0875 2084 SamSs - ok 22:35:54.0953 2084 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe 22:35:55.0140 2084 SCardSvr - ok 22:35:55.0234 2084 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll 22:35:55.0390 2084 Schedule - ok 22:35:55.0468 2084 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 22:35:55.0609 2084 Secdrv - ok 22:35:55.0671 2084 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll 22:35:55.0843 2084 seclogon - ok 22:35:55.0875 2084 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll 22:35:56.0031 2084 SENS - ok 22:35:56.0093 2084 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 22:35:56.0250 2084 serenum - ok 22:35:56.0281 2084 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 22:35:56.0421 2084 Serial - ok 22:35:56.0531 2084 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 22:35:56.0687 2084 Sfloppy - ok 22:35:56.0796 2084 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll 22:35:57.0125 2084 SharedAccess - ok 22:35:57.0218 2084 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 22:35:57.0250 2084 ShellHWDetection - ok 22:35:57.0265 2084 Simbad - ok 22:35:57.0296 2084 Sparrow - ok 22:35:57.0390 2084 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 22:35:57.0468 2084 Spooler - ok 22:35:57.0515 2084 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 22:35:57.0671 2084 sr - ok 22:35:57.0750 2084 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll 22:35:57.0921 2084 srservice - ok 22:35:58.0046 2084 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 22:35:58.0218 2084 Srv - ok 22:35:58.0296 2084 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll 22:35:58.0453 2084 SSDPSRV - ok 22:35:58.0531 2084 ssmdrv (71d609c5dff067906d930bde031c4cfe) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 22:35:58.0546 2084 ssmdrv ( UnsignedFile.Multi.Generic ) - warning 22:35:58.0546 2084 ssmdrv - detected UnsignedFile.Multi.Generic (1) 22:35:58.0640 2084 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll 22:35:58.0890 2084 stisvc - ok 22:35:58.0968 2084 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 22:35:59.0125 2084 swenum - ok 22:35:59.0140 2084 SwPrv - ok 22:35:59.0187 2084 symc810 - ok 22:35:59.0203 2084 symc8xx - ok 22:35:59.0234 2084 sym_hi - ok 22:35:59.0265 2084 sym_u3 - ok 22:35:59.0375 2084 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe 22:35:59.0515 2084 SysmonLog - ok 22:35:59.0609 2084 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll 22:35:59.0781 2084 TapiSrv - ok 22:35:59.0906 2084 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 22:36:00.0031 2084 Tcpip - ok 22:36:00.0109 2084 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 22:36:00.0265 2084 TDPIPE - ok 22:36:00.0312 2084 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 22:36:00.0468 2084 TDTCP - ok 22:36:00.0484 2084 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 22:36:00.0625 2084 TermDD - ok 22:36:00.0703 2084 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll 22:36:00.0906 2084 TermService - ok 22:36:01.0031 2084 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 22:36:01.0046 2084 Themes - ok 22:36:01.0078 2084 TosIde - ok 22:36:01.0406 2084 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll 22:36:01.0546 2084 TrkWks - ok 22:36:01.0671 2084 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys 22:36:01.0828 2084 uagp35 - ok 22:36:01.0937 2084 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 22:36:02.0078 2084 Udfs - ok 22:36:02.0109 2084 ultra - ok 22:36:02.0203 2084 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 22:36:02.0390 2084 Update - ok 22:36:02.0468 2084 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll 22:36:02.0640 2084 upnphost - ok 22:36:02.0671 2084 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe 22:36:02.0828 2084 UPS - ok 22:36:02.0906 2084 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 22:36:03.0062 2084 usbccgp - ok 22:36:03.0109 2084 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 22:36:03.0265 2084 usbhub - ok 22:36:03.0343 2084 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 22:36:03.0500 2084 usbprint - ok 22:36:03.0578 2084 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 22:36:03.0734 2084 usbscan - ok 22:36:03.0812 2084 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:36:03.0968 2084 USBSTOR - ok 22:36:04.0015 2084 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 22:36:04.0156 2084 usbuhci - ok 22:36:04.0187 2084 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 22:36:04.0328 2084 VgaSave - ok 22:36:04.0359 2084 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 22:36:04.0515 2084 ViaIde - ok 22:36:04.0546 2084 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 22:36:04.0703 2084 VolSnap - ok 22:36:04.0796 2084 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe 22:36:04.0953 2084 VSS - ok 22:36:05.0000 2084 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\System32\w32time.dll 22:36:05.0140 2084 W32Time - ok 22:36:05.0234 2084 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 22:36:05.0406 2084 Wanarp - ok 22:36:05.0421 2084 WDICA - ok 22:36:05.0515 2084 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll 22:36:05.0656 2084 WebClient - ok 22:36:06.0015 2084 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll 22:36:06.0156 2084 winmgmt - ok 22:36:06.0281 2084 WmdmPmSN (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll 22:36:06.0437 2084 WmdmPmSN - ok 22:36:06.0546 2084 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe 22:36:06.0687 2084 WmiApSrv - ok 22:36:06.0765 2084 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll 22:36:06.0921 2084 wscsvc - ok 22:36:06.0937 2084 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll 22:36:07.0125 2084 wuauserv - ok 22:36:07.0218 2084 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll 22:36:07.0421 2084 WZCSVC - ok 22:36:07.0500 2084 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll 22:36:07.0640 2084 xmlprov - ok 22:36:07.0734 2084 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 22:36:08.0359 2084 \Device\Harddisk0\DR0 - ok 22:36:08.0421 2084 MBR (0x1B8) (7ca7e5712c1e22b4bc4171df4579ea07) \Device\Harddisk1\DR2 22:36:42.0578 2084 \Device\Harddisk1\DR2 - ok 22:36:42.0625 2084 Boot (0x1200) (28923f1eed9b1c1e8bc4d279573162c1) \Device\Harddisk0\DR0\Partition0 22:36:42.0625 2084 \Device\Harddisk0\DR0\Partition0 - ok 22:36:42.0640 2084 ============================================================ 22:36:42.0640 2084 Scan finished 22:36:42.0640 2084 ============================================================ 22:36:42.0781 2076 Detected object count: 5 22:36:42.0781 2076 Actual detected object count: 5 22:37:10.0468 2076 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 22:37:10.0468 2076 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:37:10.0468 2076 AntiVirScheduler ( UnsignedFile.Multi.Generic ) - skipped by user 22:37:10.0468 2076 AntiVirScheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:37:10.0484 2076 AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user 22:37:10.0484 2076 AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:37:10.0484 2076 EAPPkt ( UnsignedFile.Multi.Generic ) - skipped by user 22:37:10.0484 2076 EAPPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:37:10.0500 2076 ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user 22:37:10.0500 2076 ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip |
03.06.2012, 13:00 | #14 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs-Trojaner - nix geht mehr! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
03.06.2012, 19:55 | #15 |
| Verschlüsselungs-Trojaner - nix geht mehr! Anbei der ComboFix Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-06-03.01 - Besitzer 03.06.2012 20:36:31.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.510.307 [GMT 2:00] ausgeführt von:: E:\ComboFix.exe AV: Avira AntiVir PersonalEdition *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\EventSystem.log c:\windows\system32\dllcache\dlimport.exe c:\windows\system32\dllcache\wmpvis.dll c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((( Dateien erstellt von 2012-05-03 bis 2012-06-03 )))))))))))))))))))))))))))))) . . 2012-06-03 18:29 . 2008-04-14 02:22 26624 ----a-w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2012-06-02 18:24 . 2012-06-02 18:24 -------- d-----w- C:\_OTL 2012-05-30 14:18 . 2012-05-30 14:18 -------- d-----w- c:\programme\Mozilla Maintenance Service 2012-05-30 14:18 . 2012-04-21 01:18 97208 ----a-w- c:\programme\Mozilla Firefox\components\browsercomps.dll 2012-05-30 14:18 . 2012-04-21 01:16 43960 ----a-w- c:\programme\Mozilla Firefox\mozglue.dll 2012-05-30 14:18 . 2012-04-21 01:16 157352 ----a-w- c:\programme\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-30 14:18 . 2012-04-21 01:16 129976 ----a-w- c:\programme\Mozilla Firefox\maintenanceservice.exe 2012-05-30 14:18 . 2012-04-21 01:16 588728 ----a-w- c:\programme\Mozilla Firefox\gkmedias.dll 2012-05-30 14:15 . 2012-05-30 14:15 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-23 15:50 . 2012-05-23 15:50 -------- d-----w- c:\programme\ESET 2012-05-23 12:45 . 2012-05-23 12:45 -------- d-----w- c:\dokumente und einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\PCHealth 2012-05-23 12:43 . 2012-05-23 12:43 -------- d-----w- c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Malwarebytes 2012-05-22 12:31 . 2012-05-22 12:31 -------- d-----w- c:\dokumente und einstellungen\Lorenzo\Anwendungsdaten\Malwarebytes 2012-05-22 12:31 . 2012-05-22 12:31 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2012-05-22 12:31 . 2012-05-22 12:31 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2012-05-22 12:31 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-22 10:48 . 2012-05-22 10:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2012-05-21 15:06 . 2012-05-21 15:06 -------- d--h--w- c:\windows\PIF . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-30 14:15 . 2011-12-25 10:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-11 13:51 . 2001-08-18 04:28 2071424 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:51 . 2001-08-18 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:51 . 2001-08-18 12:00 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-21 01:18 . 2012-05-30 14:18 97208 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll [7] 2004-08-03 . 4721744CE11F385073F6F9F7831752C7 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll . c:\windows\System32\ksuser.dll ... Fehlt !! . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-16 188416] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\dokumente und einstellungen\Lorenzo\Startmenü\Programme\Autostart\ OpenOffice.org 3.0.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] . c:\dokumente und einstellungen\Besitzer\Startmenü\Programme\Autostart\ OpenOffice.org 3.0.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] . c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ REALTEK USB Wireless LAN Utility.lnk - c:\programme\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe [2008-4-15 794624] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 257696] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976] R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2007-05-21 235648] S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2006-11-15 38144] . . Inhalt des "geplante Tasks" Ordners . 2012-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 14:15] . . ------- Zusätzlicher Suchlauf ------- . FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-ZoneAlarm - c:\programme\Zone Labs\ZoneAlarm\zauninst.exe AddRemove-{F672B967-BC29-4C4D-A16A-C71C0B9DC656} - c:\programme\Watchtower\Watchtower Library 2011\I\uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-06-03 20:45 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . Zeit der Fertigstellung: 2012-06-03 20:50:44 ComboFix-quarantined-files.txt 2012-06-03 18:50 . Vor Suchlauf: 8 Verzeichnis(se), 27.904.708.608 Bytes frei Nach Suchlauf: 10 Verzeichnis(se), 28.145.242.112 Bytes frei . WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn . - - End Of File - - EE5D31C6E761FB3AF10A4655B47695A7 |
Themen zu Verschlüsselungs-Trojaner - nix geht mehr! |
angeblich, anhang, anhang geöffnet, befallen, bildschirm, bruder, dauert, erscheint, euro, funktioniert, funktioniert nicht, funktioniert nicht mehr, gen, hallo zusammen, hoffe, infiziert, infizierte dateien, laufen, mail, modus, nicht mehr, sekunden, super, troja, trojaners, weiterhelfen, überzeugen, zahlen, zusammen |