100€ Windows Verschlüsselungs-Trojaner

cosinus · 04.06.2012, 09:51

Wie sieht dien Desktop nun aus? Wie dein Startmenü? Alles wie vorher? Fehlt was?

Quarks · 04.06.2012, 13:06

Desktop hat sich nichts geändert (Hintergrund immer noch Blau ),

"(schwach Gelb-versteckte Ordner glaub ich)
Uninstall Information, WindowsUpdate sind Leer" Die beiden sind wieder voll Gelb

Ob was fehlt weiß ich nicht, so wie das sehe wohl nicht

cosinus · 04.06.2012, 16:17

Zitat:

Desktop hat sich nichts geändert (Hintergrund immer noch Blau ),

Ich glaube das Hintergrundbild wirst du noch selber ändern können

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Quarks · 04.06.2012, 16:56

OTL.txt

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.06.2012 17:42:08 - Run 1
OTL by OldTimer - Version 3.2.46.0     Folder = C:\Dokumente und Einstellungen\xxx xxx\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,78% Memory free
3,85 Gb Paging File | 3,42 Gb Available in Paging File | 88,94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 266,73 Gb Free Space | 89,48% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 82,12 Gb Free Space | 17,63% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 25,68 Gb Free Space | 5,51% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT-MJFGDCTM | User Name: xxx xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.04 17:39:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx xxx\desktop\OTL.exe
PRC - [2012.05.11 03:14:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.11 03:14:14 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.11 03:14:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.11 03:14:14 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.05.25 09:25:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.11.01 11:31:12 | 000,811,008 | ---- | M] (T-Systems International GmbH) -- C:\Programme\T-Online\DSL-Manager\TODslMgr.exe
PRC - [2005.11.01 11:30:46 | 000,172,032 | ---- | M] (T-Systems International GmbH) -- C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.11 03:14:17 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.02.17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2005.11.01 11:30:56 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\spacklsp.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.11 03:14:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.11 03:14:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.05 17:11:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.06.10 13:22:25 | 000,135,664 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Programme\Google\Update\GoogleUpdate.exe -- (gupdate)
SRV - [2011.05.25 09:25:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.07.25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.06.24 15:05:56 | 000,537,896 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008.04.14 04:22:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008.04.14 04:22:31 | 000,186,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008.04.14 04:22:30 | 000,071,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008.04.14 04:22:16 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008.04.14 04:22:15 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008.04.14 04:22:07 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2006.11.23 16:45:46 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2005.11.01 11:30:46 | 000,172,032 | ---- | M] (T-Systems International GmbH) [On_Demand | Running] -- C:\Programme\T-Online\DSL-Manager\TODslSvc.exe -- (TODslService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.05.11 03:14:17 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.11 03:14:17 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.06 22:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.08.05 06:16:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008.07.16 12:52:00 | 004,747,776 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.14 04:02:16 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008.04.14 03:58:18 | 000,154,112 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008.04.14 03:58:13 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008.04.13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008.04.13 20:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.04.02 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2003.04.02 14:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2003.04.02 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1060284298-842925246-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://reloaded.pennergame.de/
IE - HKU\S-1-5-21-1060284298-842925246-725345543-1004\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1060284298-842925246-725345543-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-21-1060284298-842925246-725345543-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1060284298-842925246-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_deDE435
IE - HKU\S-1-5-21-1060284298-842925246-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1060284298-842925246-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://reloaded.pennergame.de/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.02 14:41:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.14 11:16:21 | 000,000,000 | ---D | M]
 
[2011.07.08 16:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Mozilla\Extensions
[2012.06.01 18:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Mozilla\Firefox\Profiles\wkg1xkrf.default\extensions
[2012.06.01 17:35:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Mozilla\Firefox\Profiles\wkg1xkrf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.05.15 02:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.01 18:07:14 | 000,634,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SVEN PEINL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\WKG1XKRF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.06.08 03:47:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.06.02 14:41:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.18 19:02:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.02 14:41:51 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.03 21:10:54 | 000,002,288 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.06.02 14:41:51 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.02 14:41:51 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.02 14:41:51 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.02 14:41:51 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.02 14:41:51 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.01 03:07:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-1060284298-842925246-725345543-1004\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [T-Online DSL-Manager] C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (T-Systems International GmbH)
O4 - HKU\S-1-5-21-1060284298-842925246-725345543-1004..\Run: [1und1Dispatcher] C:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH)
O4 - HKU\S-1-5-21-1060284298-842925246-725345543-1004..\Run: [6CA077EF] C:\WINDOWS\system32\485380036CA077EF9C2B.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\Sven Peinl\Startmenü\Programme\Autostart\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-842925246-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-842925246-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\spacklsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\spacklsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\spacklsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\spacklsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\spacklsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\spacklsp.dll ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1307472592611 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1323484428640 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9F9AE670-CC3B-48B6-BB33-2EB7BD316D58} hxxp://download.greentube.com/magic/games/sc12/webplayer/plugin/0.9.8/greenwebplayerxp.0.9.8.cab (WebPlayerCtrl Class)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {DF2F1634-A3AA-4E1B-9945-13F2BC455C0C} hxxp://at.sc12.greentube.com/xsl_gamebase/_magic/game_loader/ActiveXInstaller1.2.cab (InstallerCtrl Class)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.06.07 17:45:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e49a1b10-b928-11e0-98c4-00235421a965}\Shell - "" = AutoRun
O33 - MountPoints2\{e49a1b10-b928-11e0-98c4-00235421a965}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e49a1b10-b928-11e0-98c4-00235421a965}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "WSearch"
MsConfig - Services: "gusvc"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: CheckDriveBackgroundGuard - hkey= - key= - C:\Programme\CheckDrive\CheckDriveBackgroundGuard.exe (Abelssoft)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: Google Quick Search Box - hkey= - key= - C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: uTorrent - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
 
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.04 17:39:32 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\OTL.exe
[2012.06.04 01:20:13 | 000,991,232 | ---- | C] (Viscom Software ) -- C:\WINDOWS\System32\imageviewer2.ocx
[2012.06.04 01:20:13 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\threed32.ocx
[2012.06.04 01:20:13 | 000,151,552 | ---- | C] (Domenico Statuto - CCRP) -- C:\WINDOWS\System32\ccrpfd6.ocx
[2012.06.04 01:20:13 | 000,110,592 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\WINDOWS\System32\ccrpbds6.dll
[2012.06.04 01:20:13 | 000,106,496 | ---- | C] (Marco Bellinaso) -- C:\WINDOWS\System32\mbprgbar.ocx
[2012.06.04 01:20:13 | 000,000,000 | ---D | C] -- C:\Programme\PIXresizer
[2012.06.04 01:20:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PIXresizer
[2012.06.03 19:40:35 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\unhide.exe
[2012.06.03 00:16:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\Spartacus.Gods.of.the.Arena
[2012.06.02 04:27:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\Safe.Todsicher.R5.MD.German.XViD-CIS
[2012.06.02 04:00:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\Men.in.Black.3.TS.LD.German.XViD-AOE
[2012.06.01 19:29:49 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.06.01 08:38:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\Highway.Hoes.2.XXX.DVDRip.XviD-STARLETS
[2012.06.01 07:20:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.06.01 07:20:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.01 07:20:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.06.01 07:19:29 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.01 03:07:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.30 03:05:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\Iron.Sky.DVDRip.Line.Dubbed.German.XviD-VCF
[2012.05.26 20:10:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\PIF
[2012.05.26 00:09:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\Gametwist
[2012.05.17 19:56:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\FESTPLATTEN - toolsd
[2012.05.17 13:39:38 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2012.05.17 13:39:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.05.16 00:39:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven Peinl\Lokale Einstellungen\Anwendungsdaten\Abelssoft
[2012.05.16 00:39:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CheckDrive
[2012.05.16 00:39:27 | 000,000,000 | ---D | C] -- C:\Programme\CheckDrive
[2012.05.15 23:01:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\HD Tune Pro
[2012.05.15 23:01:28 | 000,000,000 | ---D | C] -- C:\Programme\HD Tune Pro
[2012.05.15 23:01:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HD Tune Pro
[2012.05.15 22:42:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Seagate
[2012.05.15 21:59:34 | 000,000,000 | ---D | C] -- C:\Programme\Seagate
[2012.05.15 02:25:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
[2012.05.15 02:25:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA
[2012.05.15 02:25:10 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012.05.15 02:13:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2012.05.13 20:36:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven Peinl\Startmenü\Programme\WinRAR
[2012.05.13 20:36:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinRAR
[2012.05.13 16:31:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SmartPCFixer
[2012.05.13 16:31:39 | 000,000,000 | ---D | C] -- C:\Programme\SmartPCFixer
[2012.05.11 03:27:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven Peinl\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2012.05.11 03:05:03 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP
[2012.05.11 02:54:30 | 000,000,000 | ---D | C] -- C:\9ddf4b9c0a4814dc6387a52080e0
[2012.05.11 02:48:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CDBurnerXP
[2012.05.11 02:48:43 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP(2)
[2011.11.30 17:26:41 | 085,215,144 | ---- | C] (Greentube GmbH) -- C:\Programme\DE-SkiChallenge12.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.04 17:39:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\OTL.exe
[2012.06.04 17:11:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.06.04 13:43:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.04 02:20:09 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.06.04 02:19:54 | 000,048,128 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Peinl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.04 01:24:07 | 000,005,750 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\c2ed4431b73227cf019b7251fd82b896 (120 x 120).jpg
[2012.06.04 01:21:35 | 000,005,750 | ---- | M] () -- C:\Programme\c2ed4431b73227cf019b7251fd82b896 (120 x 120).jpg
[2012.06.04 01:20:13 | 000,000,718 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\PIXresizer.lnk
[2012.06.04 01:06:17 | 000,344,867 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\resize_2_7[1].zip
[2012.06.04 01:01:31 | 000,001,576 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\Ski Challenge 12 (DE) starten.lnk
[2012.06.04 00:59:49 | 000,011,630 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\c2ed4431b73227cf019b7251fd82b896.gif
[2012.06.03 22:35:42 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2012.06.03 22:28:46 | 000,009,519 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\UNHIDE.odt
[2012.06.03 19:40:36 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\unhide.exe
[2012.06.03 19:26:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.01 20:19:07 | 000,014,752 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\eset-scan.odt
[2012.06.01 20:18:08 | 000,000,848 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Peinl\Startmenü\Programme\Autostart\OpenOffice.org 2.4.lnk
[2012.06.01 07:20:22 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.01 07:19:41 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\mbam-setup-1.61.0.1400.exe
[2012.05.31 21:58:14 | 000,248,677 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\MovedFiles.7z
[2012.05.29 23:37:29 | 000,000,542 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Alice 2.lnk
[2012.05.29 19:43:15 | 000,002,451 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft-Maus.lnk
[2012.05.25 17:15:24 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.05.23 12:08:03 | 000,163,177 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.05.23 03:04:36 | 000,583,788 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.05.23 03:04:36 | 000,553,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.23 03:04:36 | 000,123,274 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.05.23 03:04:36 | 000,101,532 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.21 21:46:04 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012.05.21 21:46:04 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012.05.19 16:20:41 | 000,219,061 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\ppeettttddddddxx
[2012.05.18 19:59:18 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012.05.16 00:39:29 | 000,001,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\CheckDrive.lnk
[2012.05.16 00:39:01 | 014,007,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\TTTllDDDDppppppe
[2012.05.15 02:25:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012.05.14 22:09:57 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012.05.11 03:35:54 | 000,114,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.11 03:21:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.05.11 03:14:17 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.05.11 03:14:17 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.05.10 17:53:50 | 000,190,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\nAoEqLjEqLjAoyn
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.04 01:24:07 | 000,005,750 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\c2ed4431b73227cf019b7251fd82b896 (120 x 120).jpg
[2012.06.04 01:21:35 | 000,005,750 | ---- | C] () -- C:\Programme\c2ed4431b73227cf019b7251fd82b896 (120 x 120).jpg
[2012.06.04 01:20:13 | 000,000,718 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\PIXresizer.lnk
[2012.06.04 01:06:16 | 000,344,867 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\resize_2_7[1].zip
[2012.06.04 01:00:09 | 000,011,630 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\c2ed4431b73227cf019b7251fd82b896.gif
[2012.06.03 22:28:46 | 000,009,519 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\UNHIDE.odt
[2012.06.01 20:19:06 | 000,014,752 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\eset-scan.odt
[2012.06.01 20:18:08 | 000,000,848 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven Peinl\Startmenü\Programme\Autostart\OpenOffice.org 2.4.lnk
[2012.06.01 07:20:22 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.31 21:58:13 | 000,248,677 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\MovedFiles.7z
[2012.05.29 23:37:29 | 000,000,542 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Alice 2.lnk
[2012.05.23 02:57:04 | 000,158,263 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2012.05.16 00:39:29 | 000,001,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven Peinl\Desktop\CheckDrive.lnk
[2012.05.15 02:25:32 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012.05.15 02:25:32 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012.05.15 02:25:32 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012.05.15 02:25:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012.05.15 02:25:10 | 000,003,249 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012.05.15 02:25:09 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012.05.15 02:13:06 | 000,163,177 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2012.05.15 02:13:05 | 000,017,737 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2012.05.14 22:09:57 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2012.05.14 22:09:57 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012.02.16 11:48:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.08.22 15:47:41 | 000,160,096 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2011.08.22 15:47:41 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2011.07.21 17:52:49 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.06.10 13:21:51 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.06.10 13:21:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.06.10 13:21:47 | 000,631,808 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.06.10 13:21:47 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.06.10 13:21:46 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.06.09 01:42:57 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.06.08 02:22:25 | 000,048,128 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven Peinl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.07 22:40:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.06.07 21:39:27 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\spacklsp.dll
[2011.06.07 21:01:29 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011.06.07 20:29:37 | 000,033,201 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2011.06.07 20:25:36 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011.06.07 20:21:59 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011.06.07 20:21:45 | 000,033,163 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011.06.07 20:21:45 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011.06.07 18:37:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.06.07 18:36:22 | 000,114,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.06.07 17:46:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.06.07 17:43:24 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
 
========== LOP Check ==========
 
[2011.07.21 17:52:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.06.19 20:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.06.07 22:42:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online DSL-Manager
[2011.06.07 21:40:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.05.26 20:31:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb
[2011.12.19 03:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2011.12.19 19:41:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\1&1 Mail & Media GmbH
[2012.05.26 20:18:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Babylon
[2011.07.21 17:52:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Canneverbe Limited
[2011.11.09 20:11:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\ElevatedDiagnostics
[2012.05.05 02:03:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\FreeVideoConverter
[2012.05.26 20:18:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\HD Tune Pro
[2012.05.26 20:18:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\ICQ
[2012.05.26 20:18:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Nettalk
[2012.05.29 17:24:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\SimpleScreenshot
[2011.06.07 21:40:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\TuneUp Software
[2011.06.20 15:52:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Unity
[2011.11.16 13:02:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\UpdateStar Drivers
[2012.05.26 20:19:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\uTorrent
[2012.05.26 20:19:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Vso
[2012.05.25 17:15:24 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.19 19:41:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\1&1 Mail & Media GmbH
[2012.04.07 22:55:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Adobe
[2011.10.14 04:21:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Avira
[2012.05.26 20:18:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Babylon
[2011.07.21 17:52:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Canneverbe Limited
[2011.06.08 02:22:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\DivX
[2011.11.09 20:11:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\ElevatedDiagnostics
[2012.05.05 02:03:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\FreeVideoConverter
[2011.06.13 14:46:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Google
[2012.05.26 20:18:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\HD Tune Pro
[2011.09.28 20:10:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\HP
[2012.05.26 20:18:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\ICQ
[2011.06.07 17:49:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Identities
[2012.04.07 22:55:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Macromedia
[2011.06.07 21:45:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Malwarebytes
[2012.05.30 00:29:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Media Player Classic
[2012.03.01 14:08:39 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Microsoft
[2011.07.08 16:18:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Mozilla
[2011.06.08 03:09:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Nero
[2012.05.26 20:18:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Nettalk
[2012.06.04 13:48:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\OpenOffice.org2
[2012.05.29 17:24:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\SimpleScreenshot
[2011.06.07 21:38:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Sun
[2011.06.07 21:34:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\SUPERAntiSpyware.com
[2011.06.07 21:40:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\TuneUp Software
[2012.05.31 22:00:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\U3
[2011.06.20 15:52:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Unity
[2011.11.16 13:02:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\UpdateStar Drivers
[2012.05.26 20:19:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\uTorrent
[2012.05.26 20:19:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Vso
[2012.05.13 20:36:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.06.08 00:10:43 | 003,120,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2011.06.07 21:02:28 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.06.08 00:49:11 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.06.07 21:02:28 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2011.06.08 00:49:11 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2003.04.02 14:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2011.06.07 21:02:28 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.06.08 00:49:11 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.06.07 21:02:28 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2011.06.08 00:49:11 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 09:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 09:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 09:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 09:57:36 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 09:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 09:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2011.06.07 19:35:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.06.07 19:35:13 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.06.07 19:35:13 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---
[/code]

cosinus · 04.06.2012, 20:27

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - prefs.js..browser.startup.homepage: "http://reloaded.pennergame.de/"
FF - user.js - File not found
[2011.11.03 21:10:54 | 000,002,288 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-1060284298-842925246-725345543-1004\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKU\S-1-5-21-1060284298-842925246-725345543-1004..\Run: [6CA077EF] C:\WINDOWS\system32\485380036CA077EF9C2B.exe File not found
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-842925246-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-842925246-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\spacklsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\spacklsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\spacklsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\spacklsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\spacklsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\spacklsp.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.06.07 17:45:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e49a1b10-b928-11e0-98c4-00235421a965}\Shell - "" = AutoRun
O33 - MountPoints2\{e49a1b10-b928-11e0-98c4-00235421a965}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e49a1b10-b928-11e0-98c4-00235421a965}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
MsConfig - Services: "WSearch"
MsConfig - Services: "gusvc"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk - Reg Error: Value error. - File not found
:Files
C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Babylon
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SmartPCFixer
C:\Programme\SmartPCFixer
C:\Dokumente und Einstellungen\Sven Peinl\Desktop\CheckDrive.lnk
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Quarks · 04.06.2012, 20:51

OTL-Fix

Code:

ATTFilter

 All processes killed
========== OTL ==========
Prefs.js: "hxxp://reloaded.pennergame.de/" removed from browser.startup.homepage
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C424171E-592A-415a-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415a-9EB1-DFD6D95D3530}\ deleted successfully.
C:\Programme\WEB.DE Toolbar\IE\uitb.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1060284298-842925246-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
File C:\Programme\WEB.DE Toolbar\IE\uitb.dll not found.
Registry value HKEY_USERS\S-1-5-21-1060284298-842925246-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\6CA077EF deleted successfully.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1060284298-842925246-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1060284298-842925246-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
C:\WINDOWS\system32\spacklsp.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
File C:\WINDOWS\System32\spacklsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
File C:\WINDOWS\System32\spacklsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
File C:\WINDOWS\System32\spacklsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.
File C:\WINDOWS\System32\spacklsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021\ deleted successfully.
File C:\WINDOWS\System32\spacklsp.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e49a1b10-b928-11e0-98c4-00235421a965}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e49a1b10-b928-11e0-98c4-00235421a965}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e49a1b10-b928-11e0-98c4-00235421a965}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e49a1b10-b928-11e0-98c4-00235421a965}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e49a1b10-b928-11e0-98c4-00235421a965}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e49a1b10-b928-11e0-98c4-00235421a965}\ not found.
File G:\LaunchU3.exe -a not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\\WSearch deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\\gusvc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk\ deleted successfully.
C:\WINDOWS\pss\Windows Search.lnkCommon Startup moved successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Babylon folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SmartPCFixer folder moved successfully.
C:\Programme\SmartPCFixer\update folder moved successfully.
C:\Programme\SmartPCFixer\regbackup folder moved successfully.
C:\Programme\SmartPCFixer folder moved successfully.
C:\Dokumente und Einstellungen\Sven Peinl\Desktop\CheckDrive.lnk moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8122305 bytes
->Flash cache emptied: 456 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
 
User: Sven Peinl
->Temp folder emptied: 47887771 bytes
->Temporary Internet Files folder emptied: 1999643467 bytes
->Java cache emptied: 136845 bytes
->FireFox cache emptied: 217168139 bytes
->Flash cache emptied: 3121822 bytes
 
User: UpdatusUser
 
User: UpdatusUser.PRIVAT-MJFGDCTM
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1100080 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8657305 bytes
RecycleBin emptied: 3878250277 bytes
 
Total Files Cleaned = 5.879,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
 
User: LocalService
->Flash cache emptied: 0 bytes
 
User: NetworkService
 
User: Sven Peinl
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
 
User: UpdatusUser.PRIVAT-MJFGDCTM
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
 
OTL by OldTimer - Version 3.2.46.0 log created on 06042012_214159

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\Sven Peinl\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T3W0Y8YP\115843-100-windows-verschluesselungs-trojaner-2[1].html moved successfully.
C:\Dokumente und Einstellungen\Sven Peinl\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KBRT91OP\adsCAJ3MRHX.htm moved successfully.
C:\Dokumente und Einstellungen\Sven Peinl\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8CCCKINV\adsCAR632GC.htm moved successfully.
C:\Dokumente und Einstellungen\Sven Peinl\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3D3OM6EC\adsCAX2SORJ.htm moved successfully.

Registry entries deleted on Reboot...

cosinus · 04.06.2012, 21:33

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Quarks · 04.06.2012, 21:53

TDSS-Killer

Code:

ATTFilter

22:45:30.0328 2688	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:45:30.0562 2688	============================================================
22:45:30.0562 2688	Current date / time: 2012/06/04 22:45:30.0562
22:45:30.0562 2688	SystemInfo:
22:45:30.0562 2688	
22:45:30.0562 2688	OS Version: 5.1.2600 ServicePack: 3.0
22:45:30.0562 2688	Product type: Workstation
22:45:30.0562 2688	ComputerName: PRIVAT-MJFGDCTM
22:45:30.0562 2688	UserName: Sven Peinl
22:45:30.0562 2688	Windows directory: C:\WINDOWS
22:45:30.0562 2688	System windows directory: C:\WINDOWS
22:45:30.0562 2688	Processor architecture: Intel x86
22:45:30.0562 2688	Number of processors: 2
22:45:30.0562 2688	Page size: 0x1000
22:45:30.0562 2688	Boot type: Normal boot
22:45:30.0562 2688	============================================================
22:45:31.0828 2688	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:45:31.0843 2688	Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:45:31.0843 2688	Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:45:31.0843 2688	============================================================
22:45:31.0843 2688	\Device\Harddisk0\DR0:
22:45:31.0843 2688	MBR partitions:
22:45:31.0843 2688	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
22:45:31.0843 2688	\Device\Harddisk1\DR1:
22:45:31.0843 2688	MBR partitions:
22:45:31.0843 2688	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
22:45:31.0843 2688	\Device\Harddisk2\DR2:
22:45:31.0843 2688	MBR partitions:
22:45:31.0843 2688	\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
22:45:31.0843 2688	============================================================
22:45:31.0859 2688	D: <-> \Device\Harddisk1\DR1\Partition0
22:45:31.0859 2688	E: <-> \Device\Harddisk2\DR2\Partition0
22:45:31.0890 2688	C: <-> \Device\Harddisk0\DR0\Partition0
22:45:31.0890 2688	============================================================
22:45:31.0890 2688	Initialize success
22:45:31.0890 2688	============================================================
22:46:07.0062 3364	============================================================
22:46:07.0062 3364	Scan started
22:46:07.0062 3364	Mode: Manual; SigCheck; TDLFS; 
22:46:07.0062 3364	============================================================
22:46:07.0218 3364	Abiosdsk - ok
22:46:07.0218 3364	abp480n5 - ok
22:46:07.0250 3364	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:46:08.0765 3364	ACPI - ok
22:46:08.0781 3364	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:46:08.0875 3364	ACPIEC - ok
22:46:08.0968 3364	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:46:08.0968 3364	AdobeFlashPlayerUpdateSvc - ok
22:46:08.0984 3364	adpu160m - ok
22:46:09.0015 3364	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:46:09.0109 3364	aec - ok
22:46:09.0156 3364	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:46:09.0171 3364	AFD - ok
22:46:09.0171 3364	Aha154x - ok
22:46:09.0171 3364	aic78u2 - ok
22:46:09.0187 3364	aic78xx - ok
22:46:09.0203 3364	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
22:46:09.0296 3364	Alerter - ok
22:46:09.0312 3364	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
22:46:09.0343 3364	ALG - ok
22:46:09.0343 3364	AliIde - ok
22:46:09.0343 3364	amsint - ok
22:46:09.0453 3364	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
22:46:09.0453 3364	AntiVirSchedulerService - ok
22:46:09.0500 3364	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
22:46:09.0515 3364	AntiVirService - ok
22:46:09.0515 3364	AppMgmt - ok
22:46:09.0515 3364	asc - ok
22:46:09.0515 3364	asc3350p - ok
22:46:09.0515 3364	asc3550 - ok
22:46:09.0609 3364	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:46:09.0625 3364	aspnet_state - ok
22:46:09.0656 3364	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:46:09.0734 3364	AsyncMac - ok
22:46:09.0750 3364	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:46:09.0828 3364	atapi - ok
22:46:09.0828 3364	Atdisk - ok
22:46:09.0843 3364	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:46:09.0937 3364	Atmarpc - ok
22:46:09.0968 3364	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
22:46:10.0046 3364	AudioSrv - ok
22:46:10.0093 3364	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:46:10.0156 3364	audstub - ok
22:46:10.0187 3364	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:46:10.0203 3364	avgntflt - ok
22:46:10.0234 3364	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:46:10.0250 3364	avipbb - ok
22:46:10.0250 3364	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:46:10.0265 3364	avkmgr - ok
22:46:10.0296 3364	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:46:10.0375 3364	Beep - ok
22:46:10.0421 3364	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
22:46:10.0531 3364	BITS - ok
22:46:10.0562 3364	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
22:46:10.0656 3364	Browser - ok
22:46:10.0687 3364	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:46:10.0765 3364	cbidf2k - ok
22:46:10.0781 3364	cd20xrnt - ok
22:46:10.0812 3364	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:46:10.0890 3364	Cdaudio - ok
22:46:10.0937 3364	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:46:11.0015 3364	Cdfs - ok
22:46:11.0015 3364	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:46:11.0093 3364	Cdrom - ok
22:46:11.0093 3364	Changer - ok
22:46:11.0125 3364	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
22:46:11.0203 3364	CiSvc - ok
22:46:11.0218 3364	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
22:46:11.0312 3364	ClipSrv - ok
22:46:11.0359 3364	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:46:11.0359 3364	clr_optimization_v2.0.50727_32 - ok
22:46:11.0437 3364	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:46:11.0437 3364	clr_optimization_v4.0.30319_32 - ok
22:46:11.0437 3364	CmdIde - ok
22:46:11.0453 3364	COMSysApp - ok
22:46:11.0453 3364	Cpqarray - ok
22:46:11.0468 3364	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
22:46:11.0562 3364	CryptSvc - ok
22:46:11.0562 3364	dac2w2k - ok
22:46:11.0562 3364	dac960nt - ok
22:46:11.0609 3364	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
22:46:11.0640 3364	DcomLaunch - ok
22:46:11.0671 3364	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
22:46:11.0750 3364	Dhcp - ok
22:46:11.0781 3364	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:46:11.0859 3364	Disk - ok
22:46:11.0859 3364	dmadmin - ok
22:46:11.0890 3364	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
22:46:12.0000 3364	dmboot - ok
22:46:12.0015 3364	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
22:46:12.0109 3364	dmio - ok
22:46:12.0125 3364	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:46:12.0187 3364	dmload - ok
22:46:12.0203 3364	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
22:46:12.0296 3364	dmserver - ok
22:46:12.0312 3364	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:46:12.0375 3364	DMusic - ok
22:46:12.0406 3364	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
22:46:12.0468 3364	Dnscache - ok
22:46:12.0500 3364	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
22:46:12.0609 3364	Dot3svc - ok
22:46:12.0609 3364	dpti2o - ok
22:46:12.0640 3364	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:46:12.0718 3364	drmkaud - ok
22:46:12.0734 3364	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
22:46:12.0812 3364	EapHost - ok
22:46:12.0828 3364	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
22:46:12.0890 3364	ERSvc - ok
22:46:12.0921 3364	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
22:46:12.0937 3364	Eventlog - ok
22:46:13.0000 3364	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
22:46:13.0015 3364	EventSystem - ok
22:46:13.0031 3364	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:46:13.0109 3364	Fastfat - ok
22:46:13.0140 3364	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
22:46:13.0187 3364	FastUserSwitchingCompatibility - ok
22:46:13.0218 3364	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:46:13.0281 3364	Fdc - ok
22:46:13.0312 3364	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
22:46:13.0390 3364	Fips - ok
22:46:13.0421 3364	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:46:13.0484 3364	Flpydisk - ok
22:46:13.0531 3364	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:46:13.0609 3364	FltMgr - ok
22:46:13.0703 3364	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:46:13.0703 3364	FontCache3.0.0.0 - ok
22:46:13.0734 3364	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:46:13.0812 3364	Fs_Rec - ok
22:46:13.0828 3364	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:46:13.0890 3364	Ftdisk - ok
22:46:13.0937 3364	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:46:14.0015 3364	Gpc - ok
22:46:14.0140 3364	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
22:46:14.0140 3364	gupdate - ok
22:46:14.0187 3364	HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:46:14.0187 3364	HDAudBus ( UnsignedFile.Multi.Generic ) - warning
22:46:14.0187 3364	HDAudBus - detected UnsignedFile.Multi.Generic (1)
22:46:14.0265 3364	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:46:14.0328 3364	helpsvc - ok
22:46:14.0343 3364	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
22:46:14.0437 3364	HidServ - ok
22:46:14.0468 3364	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:46:14.0531 3364	hidusb - ok
22:46:14.0562 3364	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
22:46:14.0625 3364	hkmsvc - ok
22:46:14.0625 3364	hpn - ok
22:46:14.0703 3364	hpqcxs08        (38d6b51f04def7fb248fa56e4c47407e) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
22:46:14.0703 3364	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:46:14.0703 3364	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:46:14.0718 3364	hpqddsvc        (3ee4a63539ec04ee2d4bd293985087ab) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
22:46:14.0734 3364	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:46:14.0734 3364	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:46:14.0765 3364	HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:46:14.0859 3364	HPZid412 - ok
22:46:14.0875 3364	HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:46:14.0906 3364	HPZipr12 - ok
22:46:14.0921 3364	HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:46:14.0937 3364	HPZius12 - ok
22:46:14.0968 3364	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:46:15.0015 3364	HTTP - ok
22:46:15.0031 3364	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
22:46:15.0109 3364	HTTPFilter - ok
22:46:15.0109 3364	i2omgmt - ok
22:46:15.0109 3364	i2omp - ok
22:46:15.0140 3364	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:46:15.0203 3364	i8042prt - ok
22:46:15.0265 3364	ICQ Service     (7a95a3ad931b97fec5067e40636ce37f) C:\Programme\ICQ6Toolbar\ICQ Service.exe
22:46:15.0281 3364	ICQ Service - ok
22:46:15.0390 3364	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:46:15.0421 3364	idsvc - ok
22:46:15.0453 3364	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:46:15.0515 3364	Imapi - ok
22:46:15.0546 3364	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\System32\imapi.exe
22:46:15.0625 3364	ImapiService - ok
22:46:15.0625 3364	ini910u - ok
22:46:15.0765 3364	IntcAzAudAddService (47c79f7e330cbb829934d00f64d55fc9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:46:15.0890 3364	IntcAzAudAddService - ok
22:46:15.0953 3364	IntelIde - ok
22:46:15.0984 3364	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:46:16.0062 3364	intelppm - ok
22:46:16.0078 3364	ip6fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:46:16.0156 3364	ip6fw - ok
22:46:16.0203 3364	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:46:16.0265 3364	IpFilterDriver - ok
22:46:16.0281 3364	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:46:16.0359 3364	IpInIp - ok
22:46:16.0375 3364	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:46:16.0453 3364	IpNat - ok
22:46:16.0453 3364	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:46:16.0531 3364	IPSec - ok
22:46:16.0531 3364	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:46:16.0578 3364	IRENUM - ok
22:46:16.0593 3364	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:46:16.0656 3364	isapnp - ok
22:46:16.0781 3364	JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
22:46:16.0796 3364	JavaQuickStarterService - ok
22:46:16.0843 3364	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:46:16.0906 3364	Kbdclass - ok
22:46:16.0953 3364	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:46:17.0031 3364	kbdhid - ok
22:46:17.0031 3364	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:46:17.0109 3364	kmixer - ok
22:46:17.0156 3364	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:46:17.0218 3364	KSecDD - ok
22:46:17.0250 3364	L1e             (080cf8720a306a64f7a09d1226491791) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
22:46:17.0265 3364	L1e - ok
22:46:17.0296 3364	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
22:46:17.0328 3364	lanmanserver - ok
22:46:17.0343 3364	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
22:46:17.0375 3364	lanmanworkstation - ok
22:46:17.0375 3364	lbrtfdc - ok
22:46:17.0390 3364	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
22:46:17.0468 3364	LmHosts - ok
22:46:17.0484 3364	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
22:46:17.0578 3364	Messenger - ok
22:46:17.0609 3364	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:46:17.0687 3364	mnmdd - ok
22:46:17.0718 3364	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
22:46:17.0781 3364	mnmsrvc - ok
22:46:17.0812 3364	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
22:46:17.0875 3364	Modem - ok
22:46:17.0906 3364	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:46:17.0968 3364	Mouclass - ok
22:46:18.0000 3364	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:46:18.0078 3364	mouhid - ok
22:46:18.0093 3364	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:46:18.0171 3364	MountMgr - ok
22:46:18.0171 3364	mraid35x - ok
22:46:18.0187 3364	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:46:18.0250 3364	MRxDAV - ok
22:46:18.0296 3364	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:46:18.0343 3364	MRxSmb - ok
22:46:18.0375 3364	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
22:46:18.0453 3364	MSDTC - ok
22:46:18.0453 3364	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:46:18.0546 3364	Msfs - ok
22:46:18.0546 3364	MSIServer - ok
22:46:18.0578 3364	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:46:18.0656 3364	MSKSSRV - ok
22:46:18.0656 3364	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:46:18.0718 3364	MSPCLOCK - ok
22:46:18.0734 3364	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:46:18.0796 3364	MSPQM - ok
22:46:18.0812 3364	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:46:18.0890 3364	mssmbios - ok
22:46:18.0921 3364	MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
22:46:18.0984 3364	MTsensor - ok
22:46:19.0015 3364	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:46:19.0046 3364	Mup - ok
22:46:19.0078 3364	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
22:46:19.0171 3364	napagent - ok
22:46:19.0218 3364	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:46:19.0281 3364	NDIS - ok
22:46:19.0328 3364	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:46:19.0359 3364	NdisTapi - ok
22:46:19.0359 3364	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:46:19.0421 3364	Ndisuio - ok
22:46:19.0437 3364	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:46:19.0515 3364	NdisWan - ok
22:46:19.0531 3364	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:46:19.0546 3364	NDProxy - ok
22:46:19.0687 3364	Nero BackItUp Scheduler 3 (2aae889742376edc5c3203dfb74f28fd) C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
22:46:19.0718 3364	Nero BackItUp Scheduler 3 - ok
22:46:19.0750 3364	Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
22:46:19.0765 3364	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:46:19.0765 3364	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:46:19.0781 3364	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:46:19.0843 3364	NetBIOS - ok
22:46:19.0875 3364	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:46:19.0953 3364	NetBT - ok
22:46:19.0984 3364	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
22:46:20.0078 3364	NetDDE - ok
22:46:20.0078 3364	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
22:46:20.0140 3364	NetDDEdsdm - ok
22:46:20.0187 3364	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
22:46:20.0265 3364	Netlogon - ok
22:46:20.0296 3364	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
22:46:20.0375 3364	Netman - ok
22:46:20.0468 3364	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:46:20.0484 3364	NetTcpPortSharing - ok
22:46:20.0500 3364	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
22:46:20.0515 3364	Nla - ok
22:46:20.0640 3364	NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
22:46:20.0671 3364	NMIndexingService - ok
22:46:20.0734 3364	NMSAccess       (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Programme\CDBurnerXP\NMSAccessU.exe
22:46:20.0734 3364	NMSAccess - ok
22:46:20.0781 3364	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:46:20.0843 3364	Npfs - ok
22:46:20.0890 3364	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:46:20.0984 3364	Ntfs - ok
22:46:21.0015 3364	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
22:46:21.0078 3364	NtLmSsp - ok
22:46:21.0109 3364	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
22:46:21.0203 3364	NtmsSvc - ok
22:46:21.0234 3364	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:46:21.0296 3364	Null - ok
22:46:21.0515 3364	nv              (3712d332633b853101ab786380c969ec) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:46:21.0734 3364	nv - ok
22:46:21.0828 3364	NVSvc           (357cde6c24eb15888e810c6d2787c238) C:\WINDOWS\system32\nvsvc32.exe
22:46:21.0828 3364	NVSvc - ok
22:46:22.0093 3364	nvUpdatusService (2cc4e45b0eb4c48392cec9c83b5b8e3b) C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
22:46:22.0171 3364	nvUpdatusService - ok
22:46:22.0218 3364	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:46:22.0312 3364	NwlnkFlt - ok
22:46:22.0328 3364	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:46:22.0406 3364	NwlnkFwd - ok
22:46:22.0437 3364	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
22:46:22.0515 3364	Parport - ok
22:46:22.0562 3364	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:46:22.0640 3364	PartMgr - ok
22:46:22.0656 3364	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:46:22.0718 3364	ParVdm - ok
22:46:22.0796 3364	pbfilter        (61a5701e3f543861b21bbe0932c4cc03) C:\Programme\PeerBlock\pbfilter.sys
22:46:22.0812 3364	pbfilter - ok
22:46:22.0812 3364	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
22:46:22.0890 3364	PCI - ok
22:46:22.0890 3364	PCIDump - ok
22:46:22.0906 3364	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:46:22.0984 3364	PCIIde - ok
22:46:23.0000 3364	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:46:23.0078 3364	Pcmcia - ok
22:46:23.0078 3364	PDCOMP - ok
22:46:23.0078 3364	PDFRAME - ok
22:46:23.0078 3364	PDRELI - ok
22:46:23.0078 3364	PDRFRAME - ok
22:46:23.0078 3364	perc2 - ok
22:46:23.0078 3364	perc2hib - ok
22:46:23.0109 3364	PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe
22:46:23.0109 3364	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
22:46:23.0109 3364	PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
22:46:23.0156 3364	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
22:46:23.0171 3364	PlugPlay - ok
22:46:23.0203 3364	Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
22:46:23.0218 3364	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:46:23.0218 3364	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:46:23.0250 3364	Point32         (2e3394c8ebf31a9b4f0a531eb5cc7bc7) C:\WINDOWS\system32\DRIVERS\point32.sys
22:46:23.0265 3364	Point32 - ok
22:46:23.0281 3364	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
22:46:23.0343 3364	PolicyAgent - ok
22:46:23.0375 3364	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:46:23.0437 3364	PptpMiniport - ok
22:46:23.0453 3364	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
22:46:23.0531 3364	Processor - ok
22:46:23.0531 3364	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:46:23.0593 3364	ProtectedStorage - ok
22:46:23.0625 3364	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:46:23.0703 3364	PSched - ok
22:46:23.0734 3364	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:46:23.0812 3364	Ptilink - ok
22:46:23.0843 3364	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:46:23.0859 3364	PxHelp20 - ok
22:46:23.0859 3364	ql1080 - ok
22:46:23.0859 3364	Ql10wnt - ok
22:46:23.0859 3364	ql12160 - ok
22:46:23.0859 3364	ql1240 - ok
22:46:23.0875 3364	ql1280 - ok
22:46:23.0875 3364	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:46:23.0953 3364	RasAcd - ok
22:46:23.0968 3364	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
22:46:24.0031 3364	RasAuto - ok
22:46:24.0062 3364	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:46:24.0140 3364	Rasl2tp - ok
22:46:24.0171 3364	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
22:46:24.0234 3364	RasMan - ok
22:46:24.0250 3364	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:46:24.0312 3364	RasPppoe - ok
22:46:24.0328 3364	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:46:24.0390 3364	Raspti - ok
22:46:24.0421 3364	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:46:24.0484 3364	Rdbss - ok
22:46:24.0500 3364	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:46:24.0578 3364	RDPCDD - ok
22:46:24.0609 3364	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:46:24.0640 3364	RDPWD - ok
22:46:24.0671 3364	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
22:46:24.0750 3364	RDSessMgr - ok
22:46:24.0765 3364	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:46:24.0828 3364	redbook - ok
22:46:24.0859 3364	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
22:46:24.0937 3364	RemoteAccess - ok
22:46:24.0937 3364	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
22:46:25.0000 3364	RpcLocator - ok
22:46:25.0062 3364	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
22:46:25.0078 3364	RpcSs - ok
22:46:25.0109 3364	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
22:46:25.0171 3364	RSVP - ok
22:46:25.0187 3364	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:46:25.0265 3364	SamSs - ok
22:46:25.0359 3364	SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
22:46:25.0359 3364	SASDIFSV - ok
22:46:25.0375 3364	SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
22:46:25.0390 3364	SASKUTIL - ok
22:46:25.0390 3364	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
22:46:25.0468 3364	SCardSvr - ok
22:46:25.0500 3364	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
22:46:25.0562 3364	Schedule - ok
22:46:25.0578 3364	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:46:25.0625 3364	Secdrv - ok
22:46:25.0640 3364	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
22:46:25.0718 3364	seclogon - ok
22:46:25.0734 3364	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
22:46:25.0812 3364	SENS - ok
22:46:25.0843 3364	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:46:25.0921 3364	serenum - ok
22:46:25.0921 3364	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
22:46:26.0000 3364	Serial - ok
22:46:26.0046 3364	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:46:26.0125 3364	Sfloppy - ok
22:46:26.0156 3364	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
22:46:26.0250 3364	SharedAccess - ok
22:46:26.0281 3364	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
22:46:26.0281 3364	ShellHWDetection - ok
22:46:26.0296 3364	Simbad - ok
22:46:26.0296 3364	Sparrow - ok
22:46:26.0296 3364	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:46:26.0359 3364	splitter - ok
22:46:26.0406 3364	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:46:26.0421 3364	Spooler - ok
22:46:26.0437 3364	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
22:46:26.0468 3364	sr - ok
22:46:26.0515 3364	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll
22:46:26.0546 3364	srservice - ok
22:46:26.0578 3364	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:46:26.0625 3364	Srv - ok
22:46:26.0640 3364	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
22:46:26.0671 3364	SSDPSRV - ok
22:46:26.0718 3364	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:46:26.0718 3364	ssmdrv - ok
22:46:26.0750 3364	StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
22:46:26.0765 3364	StarOpen ( UnsignedFile.Multi.Generic ) - warning
22:46:26.0765 3364	StarOpen - detected UnsignedFile.Multi.Generic (1)
22:46:26.0796 3364	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
22:46:26.0875 3364	stisvc - ok
22:46:26.0906 3364	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:46:26.0984 3364	swenum - ok
22:46:26.0984 3364	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:46:27.0046 3364	swmidi - ok
22:46:27.0046 3364	SwPrv - ok
22:46:27.0062 3364	symc810 - ok
22:46:27.0062 3364	symc8xx - ok
22:46:27.0062 3364	sym_hi - ok
22:46:27.0062 3364	sym_u3 - ok
22:46:27.0078 3364	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:46:27.0140 3364	sysaudio - ok
22:46:27.0156 3364	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
22:46:27.0218 3364	SysmonLog - ok
22:46:27.0250 3364	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
22:46:27.0312 3364	TapiSrv - ok
22:46:27.0359 3364	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:46:27.0375 3364	Tcpip - ok
22:46:27.0406 3364	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:46:27.0484 3364	TDPIPE - ok
22:46:27.0484 3364	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:46:27.0562 3364	TDTCP - ok
22:46:27.0593 3364	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:46:27.0656 3364	TermDD - ok
22:46:27.0687 3364	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
22:46:27.0750 3364	TermService - ok
22:46:27.0781 3364	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
22:46:27.0796 3364	Themes - ok
22:46:27.0875 3364	TODslService    (ff82257d2a3e9465f8ea77669f423e3f) C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
22:46:27.0890 3364	TODslService ( UnsignedFile.Multi.Generic ) - warning
22:46:27.0890 3364	TODslService - detected UnsignedFile.Multi.Generic (1)
22:46:27.0890 3364	TosIde - ok
22:46:27.0906 3364	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
22:46:27.0968 3364	TrkWks - ok
22:46:27.0984 3364	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:46:28.0062 3364	Udfs - ok
22:46:28.0062 3364	ultra - ok
22:46:28.0125 3364	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:46:28.0203 3364	Update - ok
22:46:28.0218 3364	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
22:46:28.0265 3364	upnphost - ok
22:46:28.0281 3364	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
22:46:28.0343 3364	UPS - ok
22:46:28.0375 3364	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:46:28.0437 3364	usbccgp - ok
22:46:28.0437 3364	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:46:28.0515 3364	usbehci - ok
22:46:28.0515 3364	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:46:28.0578 3364	usbhub - ok
22:46:28.0625 3364	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:46:28.0703 3364	usbprint - ok
22:46:28.0734 3364	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:46:28.0796 3364	usbscan - ok
22:46:28.0812 3364	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:46:28.0890 3364	USBSTOR - ok
22:46:28.0906 3364	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:46:28.0968 3364	usbuhci - ok
22:46:29.0015 3364	UxTuneUp        (d473f74c8ecc9851ac08704a5fdb5abd) C:\WINDOWS\System32\uxtuneup.dll
22:46:29.0031 3364	UxTuneUp - ok
22:46:29.0031 3364	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:46:29.0093 3364	VgaSave - ok
22:46:29.0093 3364	ViaIde - ok
22:46:29.0109 3364	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
22:46:29.0187 3364	VolSnap - ok
22:46:29.0187 3364	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
22:46:29.0234 3364	VSS - ok
22:46:29.0234 3364	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\System32\w32time.dll
22:46:29.0312 3364	W32Time - ok
22:46:29.0328 3364	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:46:29.0406 3364	Wanarp - ok
22:46:29.0406 3364	WDICA - ok
22:46:29.0437 3364	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:46:29.0500 3364	wdmaud - ok
22:46:29.0531 3364	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
22:46:29.0593 3364	WebClient - ok
22:46:29.0671 3364	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:46:29.0750 3364	winmgmt - ok
22:46:29.0796 3364	WinRM           (f10075c2ec96d2eb118012e78ece2fc2) C:\WINDOWS\system32\WsmSvc.dll
22:46:29.0859 3364	WinRM - ok
22:46:29.0890 3364	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:46:29.0953 3364	WmdmPmSN - ok
22:46:29.0984 3364	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:46:30.0046 3364	WmiApSrv - ok
22:46:30.0171 3364	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
22:46:30.0234 3364	WMPNetworkSvc - ok
22:46:30.0343 3364	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:46:30.0375 3364	WPFFontCache_v0400 - ok
22:46:30.0453 3364	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:46:30.0531 3364	WS2IFSL - ok
22:46:30.0546 3364	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
22:46:30.0625 3364	wscsvc - ok
22:46:30.0640 3364	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
22:46:30.0718 3364	wuauserv - ok
22:46:30.0750 3364	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:46:30.0765 3364	WudfPf - ok
22:46:30.0781 3364	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:46:30.0781 3364	WudfRd - ok
22:46:30.0796 3364	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:46:30.0828 3364	WudfSvc - ok
22:46:30.0875 3364	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
22:46:30.0953 3364	WZCSVC - ok
22:46:30.0968 3364	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
22:46:31.0031 3364	xmlprov - ok
22:46:31.0046 3364	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
22:46:31.0406 3364	\Device\Harddisk0\DR0 - ok
22:46:31.0406 3364	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:46:31.0453 3364	\Device\Harddisk1\DR1 - ok
22:46:31.0453 3364	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
22:46:31.0500 3364	\Device\Harddisk2\DR2 - ok
22:46:31.0515 3364	Boot (0x1200)   (515f3dc91c76f8c48a29c522ce1ab291) \Device\Harddisk0\DR0\Partition0
22:46:31.0515 3364	\Device\Harddisk0\DR0\Partition0 - ok
22:46:31.0515 3364	Boot (0x1200)   (b8a723b7e2e25cca600397c47caec2a5) \Device\Harddisk1\DR1\Partition0
22:46:31.0515 3364	\Device\Harddisk1\DR1\Partition0 - ok
22:46:31.0515 3364	Boot (0x1200)   (c98313d1ee9717f5f6c00858d5535a12) \Device\Harddisk2\DR2\Partition0
22:46:31.0515 3364	\Device\Harddisk2\DR2\Partition0 - ok
22:46:31.0515 3364	============================================================
22:46:31.0515 3364	Scan finished
22:46:31.0515 3364	============================================================
22:46:31.0625 3356	Detected object count: 8
22:46:31.0625 3356	Actual detected object count: 8
22:49:09.0937 3356	HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
22:49:09.0937 3356	HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:49:09.0937 3356	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:49:09.0937 3356	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:49:09.0937 3356	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:49:09.0937 3356	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:49:09.0937 3356	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:49:09.0937 3356	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:49:09.0953 3356	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:49:09.0953 3356	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:49:09.0953 3356	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:49:09.0953 3356	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:49:09.0953 3356	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
22:49:09.0953 3356	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:49:09.0953 3356	TODslService ( UnsignedFile.Multi.Generic ) - skipped by user
22:49:09.0953 3356	TODslService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 05.06.2012, 08:57

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Quarks · 05.06.2012, 15:15

Combo-Fix

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-06-05.01 - Sven Peinl 05.06.2012  16:04:23.1.2 - x86
ausgeführt von:: c:\dokumente und einstellungen\Sven Peinl\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\sss
c:\programme\sss\licence.txt
c:\programme\sss\ReadMe.txt
c:\programme\sss\SimpleScreenshot.exe
c:\programme\sss\upload.php
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\windows\system32\AutoRun.inf
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-05 bis 2012-06-05  ))))))))))))))))))))))))))))))
.
.
2012-06-03 23:20 . 2012-06-03 23:20	--------	d-----w-	c:\programme\PIXresizer
2012-06-03 23:20 . 2007-04-14 23:05	991232	----a-w-	c:\windows\system32\imageviewer2.ocx
2012-06-03 23:20 . 2004-03-08 22:00	224016	----a-w-	c:\windows\system32\tabctl32.ocx
2012-06-03 23:20 . 2000-07-09 17:15	106496	----a-w-	c:\windows\system32\mbprgbar.ocx
2012-06-03 23:20 . 2000-05-01 22:02	110592	----a-w-	c:\windows\system32\ccrpbds6.dll
2012-06-03 23:20 . 1999-09-16 08:04	151552	----a-w-	c:\windows\system32\ccrpfd6.ocx
2012-06-03 23:20 . 1998-06-23 23:00	164144	----a-w-	c:\windows\system32\comct232.ocx
2012-06-03 23:20 . 1996-01-11 23:00	200704	----a-w-	c:\windows\system32\threed32.ocx
2012-06-02 12:41 . 2012-06-02 12:41	157352	----a-w-	c:\programme\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-02 12:41 . 2012-06-02 12:41	129976	----a-w-	c:\programme\Mozilla Firefox\maintenanceservice.exe
2012-06-01 17:29 . 2012-06-01 17:29	--------	d-----w-	c:\programme\ESET
2012-06-01 05:20 . 2012-06-01 05:21	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-06-01 05:20 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-01 01:07 . 2012-06-01 01:07	--------	d-----w-	C:\_OTL
2012-05-26 18:10 . 2012-05-26 18:10	--------	d-----w-	c:\windows\PIF
2012-05-17 11:39 . 2012-05-17 11:39	--------	d-----w-	c:\programme\7-Zip
2012-05-15 22:39 . 2012-05-15 22:39	--------	d-----w-	c:\dokumente und einstellungen\Sven Peinl\Lokale Einstellungen\Anwendungsdaten\Abelssoft
2012-05-15 22:39 . 2012-05-15 22:39	--------	d-----w-	c:\programme\CheckDrive
2012-05-15 21:01 . 2012-05-26 18:18	--------	d-----w-	c:\dokumente und einstellungen\Sven Peinl\Anwendungsdaten\HD Tune Pro
2012-05-15 21:01 . 2012-05-15 21:01	--------	d-----w-	c:\programme\HD Tune Pro
2012-05-15 19:59 . 2012-05-15 19:59	--------	d-----w-	c:\programme\Seagate
2012-05-15 00:13 . 2012-05-23 09:50	--------	d-----w-	c:\windows\nview
2012-05-15 00:13 . 2007-11-06 18:00	356352	----a-w-	c:\windows\system32\nvudisp.exe
2012-05-11 01:27 . 2012-05-11 01:27	--------	d-----w-	c:\dokumente und einstellungen\Sven Peinl\Lokale Einstellungen\Anwendungsdaten\PCHealth
2012-05-11 01:12 . 2012-05-11 01:12	--------	d-----w-	c:\dokumente und einstellungen\Default User\Lokale Einstellungen\Anwendungsdaten\Microsoft
2012-05-11 01:05 . 2012-05-11 01:05	--------	d-----w-	c:\programme\CDBurnerXP
2012-05-11 00:54 . 2012-05-26 18:18	--------	d-----w-	C:\9ddf4b9c0a4814dc6387a52080e0
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2003-04-02 12:00	604160	----a-w-	c:\windows\system32\crypt32.dll
2012-05-11 01:14 . 2011-10-14 02:21	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-11 01:14 . 2011-10-14 02:21	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-05 15:11 . 2012-04-08 12:28	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-05 15:11 . 2011-06-07 22:10	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 15:11 . 2012-04-13 19:11	4140192	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2012-04-11 13:51 . 2002-08-29 03:41	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2003-04-02 12:00	2150912	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51 . 2003-04-02 12:00	1862400	----a-w-	c:\windows\system32\win32k.sys
2012-04-11 13:51 . 2003-04-02 12:00	1862400	----a-w-	c:\windows\system32\win32k(2)(2).sys
2011-11-30 15:27 . 2011-11-30 15:26	85215144	----a-w-	c:\programme\DE-SkiChallenge12.exe
2012-06-02 12:41 . 2012-05-14 20:09	97208	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-13 39408]
"1und1Dispatcher"="c:\programme\1und1Softwareaktualisierung\SchedDispatcher.exe" [2011-07-13 223600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
"T-Online DSL-Manager"="c:\programme\T-Online\DSL-Manager\TODslMgr.exe" [2005-11-01 811008]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-11 348624]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"IntelliPoint"="c:\programme\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]
"NvMediaCenter"="NvMCTray.dll" [2007-11-06 81920]
"nwiz"="nwiz.exe" [2007-11-06 1626112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Sven Peinl\Startmenü\Programme\Autostart\
OpenOffice.org 2.4.lnk - c:\programme\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckDriveBackgroundGuard]
2012-04-20 07:13	394656	----a-w-	c:\programme\CheckDrive\CheckDriveBackgroundGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56	1230704	----a-w-	c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2011-06-15 15:31	126976	----a-w-	c:\programme\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34	49152	----a-w-	c:\programme\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 06:31	2221352	----a-w-	c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 12:39	570664	----a-w-	c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-10-25 18:46	2424560	----a-w-	c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-06-13 12:23	39408	----a-w-	c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\ICQ7.5\\ICQ.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Programme\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung 
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 pbfilter;pbfilter;c:\programme\PeerBlock\pbfilter.sys [2010-11-06 19056]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;gupdate;c:\programme\Google\Update\GoogleUpdate.exe [2011-06-10 135664]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2012-05-11 86224]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S3 TODslService;T-Online DSL-Manager;c:\programme\T-Online\DSL-Manager\TODslSvc.exe [2005-11-01 172032]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-25 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2007\SystemOptimizer.exe [2006-11-23 14:46]
.
2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 15:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://reloaded.pennergame.de/
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programme\ICQ7.5\ICQ.exe
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - 
DPF: {9F9AE670-CC3B-48B6-BB33-2EB7BD316D58} - hxxp://download.greentube.com/magic/games/sc12/webplayer/plugin/0.9.8/greenwebplayerxp.0.9.8.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {DF2F1634-A3AA-4E1B-9945-13F2BC455C0C} - hxxp://at.sc12.greentube.com/xsl_gamebase/_magic/game_loader/ActiveXInstaller1.2.cab
FF - ProfilePath - c:\dokumente und einstellungen\Sven Peinl\Anwendungsdaten\Mozilla\Firefox\Profiles\wkg1xkrf.default\
FF - prefs.js: browser.startup.homepage - hxxp://reloaded.pennergame.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-uTorrent - D:\utorrent.exe
AddRemove-DivX Setup.divx.com - c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
AddRemove-sc12-DE_MAIN - c:\games\Ski Challenge 12 (DE)\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-05 16:07
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
Zeit der Fertigstellung: 2012-06-05  16:09:26
ComboFix-quarantined-files.txt  2012-06-05 14:09
.
Vor Suchlauf: 17 Verzeichnis(se), 290.870.149.120 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 290.911.891.456 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - EF1BFF3AE64D10A82B194E4825467A16

--- --- ---

cosinus · 05.06.2012, 16:04

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Quarks · 05.06.2012, 19:27

GMER

Code:

ATTFilter

 GMER Logfile:

	Code: 

 ATTFilter

  
	GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-05 19:34:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 MAXTOR_STM3320613AS rev.MC1H
Running: cj0wpj2y.exe; Driver: C:\DOKUME~1\SVENPE~1\LOKALE~1\Temp\ugpcypod.sys


---- System - GMER 1.0.15 ----

SSDT   B876814E                                                                                                         ZwCreateKey
SSDT   B8768144                                                                                                         ZwCreateThread
SSDT   B8768153                                                                                                         ZwDeleteKey
SSDT   B876815D                                                                                                         ZwDeleteValueKey
SSDT   B8768162                                                                                                         ZwLoadKey
SSDT   B8768130                                                                                                         ZwOpenProcess
SSDT   B8768135                                                                                                         ZwOpenThread
SSDT   B876816C                                                                                                         ZwReplaceKey
SSDT   B8768167                                                                                                         ZwRestoreKey
SSDT   B8768158                                                                                                         ZwSetValueKey

Code   \??\C:\DOKUME~1\SVENPE~1\LOKALE~1\Temp\catchme.sys                                                               pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                         section is writeable [0xB6666360, 0x3441C7, 0xE8000020]
?      C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                       Das System kann die angegebene Datei nicht finden. !
?      C:\DOKUME~1\SVENPE~1\LOKALE~1\Temp\catchme.sys                                                                   Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text  C:\Programme\Internet Explorer\iexplore.exe[648] USER32.dll!DialogBoxParamW                                      7E3747AB 5 Bytes  JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[648] USER32.dll!SetWindowsHookExW                                    7E37820F 5 Bytes  JMP 41269AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[648] USER32.dll!CallNextHookEx                                       7E37B3C6 5 Bytes  JMP 4125D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[648] USER32.dll!CreateWindowExW                                      7E37D0A3 5 Bytes  JMP 4126DB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[648] USER32.dll!UnhookWindowsHookEx                                  7E37D5F3 5 Bytes  JMP 411D4686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[648] USER32.dll!DialogBoxIndirectParamW                              7E382072 5 Bytes  JMP 413653AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[648] USER32.dll!MessageBoxIndirectA                                  7E38A082 5 Bytes  JMP 413652E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[648] USER32.dll!DialogBoxParamA                                      7E38B144 5 Bytes  JMP 4136534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[648] USER32.dll!MessageBoxExW                                        7E3A0838 5 Bytes  JMP 413651B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[648] USER32.dll!MessageBoxExA                                        7E3A085C 5 Bytes  JMP 41365214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[648] USER32.dll!DialogBoxIndirectParamA                              7E3A6D7D 5 Bytes  JMP 41365412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[648] USER32.dll!MessageBoxIndirectW                                  7E3B64D5 5 Bytes  JMP 41365276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[648] ole32.dll!CoCreateInstance                                      774CF1BC 5 Bytes  JMP 4126DB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[648] ole32.dll!OleLoadFromStream                                     774F983B 5 Bytes  JMP 41365717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2464] USER32.dll!DialogBoxParamW                                     7E3747AB 5 Bytes  JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2464] USER32.dll!CreateWindowExW                                     7E37D0A3 5 Bytes  JMP 4126DB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2464] USER32.dll!DialogBoxIndirectParamW                             7E382072 5 Bytes  JMP 413653AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2464] USER32.dll!MessageBoxIndirectA                                 7E38A082 5 Bytes  JMP 413652E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2464] USER32.dll!DialogBoxParamA                                     7E38B144 5 Bytes  JMP 4136534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2464] USER32.dll!MessageBoxExW                                       7E3A0838 5 Bytes  JMP 413651B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2464] USER32.dll!MessageBoxExA                                       7E3A085C 5 Bytes  JMP 41365214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2464] USER32.dll!DialogBoxIndirectParamA                             7E3A6D7D 5 Bytes  JMP 41365412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2464] USER32.dll!MessageBoxIndirectW                                 7E3B64D5 5 Bytes  JMP 41365276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[4060] USER32.dll!DialogBoxParamW                                     7E3747AB 5 Bytes  JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[4060] USER32.dll!SetWindowsHookExW                                   7E37820F 5 Bytes  JMP 41269AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[4060] USER32.dll!CallNextHookEx                                      7E37B3C6 5 Bytes  JMP 4125D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[4060] USER32.dll!CreateWindowExW                                     7E37D0A3 5 Bytes  JMP 4126DB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[4060] USER32.dll!UnhookWindowsHookEx                                 7E37D5F3 5 Bytes  JMP 411D4686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[4060] USER32.dll!DialogBoxIndirectParamW                             7E382072 5 Bytes  JMP 413653AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[4060] USER32.dll!MessageBoxIndirectA                                 7E38A082 5 Bytes  JMP 413652E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[4060] USER32.dll!DialogBoxParamA                                     7E38B144 5 Bytes  JMP 4136534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[4060] USER32.dll!MessageBoxExW                                       7E3A0838 5 Bytes  JMP 413651B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[4060] USER32.dll!MessageBoxExA                                       7E3A085C 5 Bytes  JMP 41365214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[4060] USER32.dll!DialogBoxIndirectParamA                             7E3A6D7D 5 Bytes  JMP 41365412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[4060] USER32.dll!MessageBoxIndirectW                                 7E3B64D5 5 Bytes  JMP 41365276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[4060] ole32.dll!CoCreateInstance                                     774CF1BC 5 Bytes  JMP 4126DB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[4060] ole32.dll!OleLoadFromStream                                    774F983B 5 Bytes  JMP 41365717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT    C:\Programme\Internet Explorer\iexplore.exe[648] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]   [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT    C:\Programme\Internet Explorer\iexplore.exe[4060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]  [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
 
 osam OSAM Logfile:
 Code: 

 ATTFilter
 
 Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:52:15 on 05.06.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\DOKUME~1\SVENPE~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"Microsoft UAA Bus Driver for High Definition Audio" (HDAudBus) - "Windows (R) Server 2003 DDK provider" - C:\WINDOWS\System32\DRIVERS\HDAudBus.sys
"pbfilter" (pbfilter) - ? - C:\Programme\PeerBlock\pbfilter.sys  (File found, but it contains no detailed information)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"ugpcypod" (ugpcypod) - ? - C:\DOKUME~1\SVENPE~1\LOKALE~1\Temp\ugpcypod.sys  (Hidden registry entry, rootkit activity | File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{8FAF0273-9CA8-4efc-9536-1E35E254D5CD} "WEB.DE NewTab Protocol" - ? - C:\Programme\WEB.DE Toolbar\IE\uitb.dll  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliPoint\ipcplact.dll
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliPoint\ipcplbtn.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliPoint\ipcplsens.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2007\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\system32\uxtuneup.dll
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliPoint\ipcplwhl.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliPoint\ipcplwir.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
{855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{DF2F1634-A3AA-4E1B-9945-13F2BC455C0C} "InstallerCtrl Class" - "Greentube Internet Entertainment Solutions GmbH" - C:\WINDOWS\Downloaded Program Files\activexinstaller.dll / hxxp://at.sc12.greentube.com/xsl_gamebase/_magic/game_loader/ActiveXInstaller1.2.cab
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{9F9AE670-CC3B-48B6-BB33-2EB7BD316D58} "WebPlayerCtrl Class" - "Greentube Internet Entertainment Solutions GmbH" - C:\WINDOWS\Downloaded Program Files\greenwebplayerax.dll / hxxp://download.greentube.com/magic/games/sc12/webplayer/plugin/0.9.8/greenwebplayerxp.0.9.8.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\System32\LegitCheckControl.DLL / hxxp://go.microsoft.com/fwlink/?linkid=39204
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "Zylom Games Player" - "Zylom Games" - C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll / hxxp://game.zylom.com/activex/zylomgamesplayer.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.5" - "ICQ, LLC." - C:\Programme\ICQ7.5\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Sven Peinl\Startmenü\Programme\Autostart\desktop.ini
"OpenOffice.org 2.4.lnk" - ? - C:\Programme\OpenOffice.org 2.4\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"1und1Dispatcher" - "1&1 Mail & Media GmbH" - "C:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe" xp
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"IntelliPoint" - "Microsoft Corporation" - "C:\Programme\Microsoft IntelliPoint\ipoint.exe"
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"T-Online DSL-Manager" - "T-Systems International GmbH" - "C:\Programme\T-Online\DSL-Manager\TODslMgr.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
"ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
"NMSAccess" (NMSAccess) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS\system32\IoctlSvc.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll
"T-Online DSL-Manager" (TODslService) - "T-Systems International GmbH" - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
         
 --- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR

Code:

ATTFilter

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-05 19:53:19
-----------------------------
19:53:19.859    OS Version: Windows 5.1.2600 Service Pack 3
19:53:19.859    Number of processors: 2 586 0xF0B
19:53:19.859    ComputerName: PRIVAT-MJFGDCTM  UserName: Sven Peinl
19:53:20.546    Initialize success
19:55:09.687    AVAST engine defs: 12060501
19:55:39.890    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
19:55:39.890    Disk 0 Vendor: MAXTOR_STM3320613AS MC1H Size: 305245MB BusType: 3
19:55:39.890    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-13
19:55:39.890    Disk 1 Vendor: SAMSUNG_HD502HI 1AG01118 Size: 476940MB BusType: 3
19:55:39.890    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T1L0-1b
19:55:39.890    Disk 2 Vendor: SAMSUNG_HD502HI 1AG01118 Size: 476940MB BusType: 3
19:55:39.906    Disk 0 MBR read successfully
19:55:39.906    Disk 0 MBR scan
19:55:39.921    Disk 0 Windows XP default MBR code
19:55:39.937    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       305234 MB offset 63
19:55:39.953    Disk 0 scanning sectors +625121280
19:55:40.078    Disk 0 scanning C:\WINDOWS\system32\drivers
19:56:00.015    Service scanning
19:56:10.171    Modules scanning
19:56:34.593    Disk 0 trace - called modules:
19:56:34.609    ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
19:56:34.609    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a66dab8]
19:56:34.609    3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000065[0x8a67c7e8]
19:56:34.609    5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x8a675030]
19:56:35.390    AVAST engine scan C:\WINDOWS
19:57:31.531    AVAST engine scan C:\WINDOWS\system32
20:05:17.140    AVAST engine scan C:\WINDOWS\system32\drivers
20:06:35.484    AVAST engine scan C:\Dokumente und Einstellungen\Sven Peinl
20:13:23.515    AVAST engine scan C:\Dokumente und Einstellungen\All Users
20:14:25.468    Scan finished successfully
20:19:13.562    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Sven Peinl\Desktop\MBR.dat"
20:19:13.578    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Sven Peinl\Desktop\aswMBR.txt"

cosinus · 05.06.2012, 20:04

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Quarks · 05.06.2012, 21:43

Malwarebyte

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.05.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sven Peinl :: PRIVAT-MJFGDCTM [Administrator]

05.06.2012 21:32:55
mbam-log-2012-06-05 (22-08-00).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 275073
Laufzeit: 34 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\System Volume Information\_restore{BC50EB8F-9D6B-4D42-AF35-260FCC4642E1}\RP5\A0005292.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\System Volume Information\_restore{BC50EB8F-9D6B-4D42-AF35-260FCC4642E1}\RP5\A0005291.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.

(Ende)

SUPERantispyware

Code:

ATTFilter

 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/05/2012 at 10:30 PM

Application Version : 4.45.1000

Core Rules Database Version : 8206
Trace Rules Database Version: 6018

Scan type       : Complete Scan
Total Scan Time : 00:21:30

Memory items scanned      : 497
Memory threats detected   : 0
Registry items scanned    : 7273
Registry threats detected : 0
File items scanned        : 20512
File threats detected     : 54

Adware.Tracking Cookie
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\5GNDV1S6.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\UTYEYKF8.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\7VO3TJKG.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\ECFTHUL0.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\LHHF0P2D.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\527HS20P.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\OJV1MP1O.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\3S72A435.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\EBGOA68L.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\ERQF03YC.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\I75BW1ZQ.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\9F1M5D3A.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\EFQWE0UR.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\EQ659Y6X.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\UDOF1XS7.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\JNKY1R4I.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\CH989D6R.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\O4YU1YP4.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\E8GU5YOR.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\XFA7Q3QU.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\6V72T83O.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\5N2B2TH9.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\W3GPHUQ4.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\EAGYQ86W.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\78Q5UBLL.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\C04T87C3.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\MVF2I55K.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\7L5MNFQW.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\8BUHLC23.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\38OSL6WS.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\L19BMA1A.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\4O0RFG6P.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\QI333Y3Q.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\0VUZZSX0.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\ZBOESK2X.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\W874P6A6.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\Z7A66M3K.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\8WYBYGZ8.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\1812RZAU.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\322EB7IA.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\DJ921BAQ.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\PJBY3LX5.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\LH9Z6W1N.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\J7RPKUGE.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\PV96RW8X.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\RUU34X6I.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\SDKWDMYW.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\4SCZ4X2G.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\MG2TV89Z.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\L5DZA3I2.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\9LN1E38B.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\OXWZ6DMU.txt
	C:\Dokumente und Einstellungen\Sven Peinl\Cookies\GKS32B5L.txt
	delivery.ibanner.de [ C:\Dokumente und Einstellungen\Sven Peinl\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\BN55WTEJ ]

cosinus · 05.06.2012, 22:09

In System Volume Information sind die Dateien für Wiederherstellungspunkte gespeichert.

Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde.

Sieht ok aus, da wurden ansonsten nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

04.06.2012, 09:51	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	100€ Windows Verschlüsselungs-Trojaner Wie sieht dien Desktop nun aus? Wie dein Startmenü? Alles wie vorher? Fehlt was? __________________ Logfiles bitte immer in CODE-Tags posten

05.06.2012, 20:04	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	100€ Windows Verschlüsselungs-Trojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

100€ Windows Verschlüsselungs-Trojaner

Plagegeister aller Art und deren Bekämpfung: 100€ Windows Verschlüsselungs-Trojaner