Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Trojaner auf Win XP

GVU Trojaner auf Win XP


Log-Analyse und Auswertung: GVU Trojaner auf Win XP

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 3 1 2 3
Alt 12.07.2012, 19:35   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner auf Win XP - Standard

GVU Trojaner auf Win XP


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.07.2012, 20:04   #17
fizze
 
GVU Trojaner auf Win XP - Standard

GVU Trojaner auf Win XP


Code:
ATTFilter
21:01:25.0906 3848	TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
21:01:25.0953 3848	============================================================
21:01:25.0953 3848	Current date / time: 2012/07/12 21:01:25.0953
21:01:25.0953 3848	SystemInfo:
21:01:25.0953 3848	
21:01:25.0953 3848	OS Version: 5.1.2600 ServicePack: 3.0
21:01:25.0953 3848	Product type: Workstation
21:01:25.0953 3848	ComputerName: CHILLI
21:01:25.0953 3848	UserName: Rainer
21:01:25.0953 3848	Windows directory: C:\WINDOWS
21:01:25.0953 3848	System windows directory: C:\WINDOWS
21:01:25.0953 3848	Processor architecture: Intel x86
21:01:25.0953 3848	Number of processors: 8
21:01:25.0953 3848	Page size: 0x1000
21:01:25.0953 3848	Boot type: Normal boot
21:01:25.0953 3848	============================================================
21:01:26.0953 3848	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:01:26.0953 3848	============================================================
21:01:26.0953 3848	\Device\Harddisk0\DR0:
21:01:26.0953 3848	MBR partitions:
21:01:26.0953 3848	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
21:01:26.0953 3848	============================================================
21:01:26.0968 3848	C: <-> \Device\Harddisk0\DR0\Partition0
21:01:26.0968 3848	============================================================
21:01:26.0968 3848	Initialize success
21:01:26.0968 3848	============================================================
21:01:59.0187 1952	============================================================
21:01:59.0187 1952	Scan started
21:01:59.0187 1952	Mode: Manual; SigCheck; TDLFS; 
21:01:59.0187 1952	============================================================
21:01:59.0453 1952	Abiosdsk - ok
21:01:59.0453 1952	abp480n5 - ok
21:01:59.0500 1952	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:02:00.0296 1952	ACPI - ok
21:02:00.0343 1952	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:02:00.0406 1952	ACPIEC - ok
21:02:00.0453 1952	Adobe LM Service (4b06235ae1085aab809cb40e22a7a98c) C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
21:02:00.0468 1952	Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
21:02:00.0468 1952	Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
21:02:00.0531 1952	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:02:00.0531 1952	AdobeFlashPlayerUpdateSvc - ok
21:02:00.0531 1952	adpu160m - ok
21:02:00.0578 1952	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:02:00.0625 1952	aec - ok
21:02:00.0656 1952	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:02:00.0671 1952	AFD - ok
21:02:00.0671 1952	Aha154x - ok
21:02:00.0671 1952	aic78u2 - ok
21:02:00.0687 1952	aic78xx - ok
21:02:00.0718 1952	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
21:02:00.0781 1952	Alerter - ok
21:02:00.0796 1952	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
21:02:00.0843 1952	ALG - ok
21:02:00.0843 1952	AliIde - ok
21:02:00.0937 1952	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
21:02:01.0000 1952	Ambfilt - ok
21:02:01.0046 1952	amsint - ok
21:02:01.0062 1952	AppleCharger    (f0a48ce44d3f368990ca8954340bd9a0) C:\WINDOWS\system32\DRIVERS\AppleCharger.sys
21:02:01.0062 1952	AppleCharger - ok
21:02:01.0062 1952	AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\WINDOWS\system32\AppleChargerSrv.exe
21:02:01.0078 1952	AppleChargerSrv - ok
21:02:01.0078 1952	AppMgmt - ok
21:02:01.0171 1952	AR9271          (8dbeb23baf83d7161a69503bd5fc0162) C:\WINDOWS\system32\DRIVERS\athuw.sys
21:02:01.0281 1952	AR9271 - ok
21:02:01.0296 1952	asc - ok
21:02:01.0296 1952	asc3350p - ok
21:02:01.0296 1952	asc3550 - ok
21:02:01.0343 1952	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:02:01.0343 1952	aspnet_state - ok
21:02:01.0375 1952	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:02:01.0437 1952	AsyncMac - ok
21:02:01.0453 1952	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:02:01.0500 1952	atapi - ok
21:02:01.0500 1952	Atdisk - ok
21:02:01.0546 1952	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
21:02:01.0562 1952	atksgt - ok
21:02:01.0578 1952	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:02:01.0640 1952	Atmarpc - ok
21:02:01.0671 1952	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
21:02:01.0718 1952	AudioSrv - ok
21:02:01.0750 1952	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:02:01.0796 1952	audstub - ok
21:02:01.0828 1952	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:02:01.0875 1952	Beep - ok
21:02:01.0906 1952	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
21:02:02.0000 1952	BITS - ok
21:02:02.0078 1952	Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Programme\Bonjour\mDNSResponder.exe
21:02:02.0078 1952	Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
21:02:02.0078 1952	Bonjour Service - detected UnsignedFile.Multi.Generic (1)
21:02:02.0093 1952	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
21:02:02.0140 1952	Browser - ok
21:02:02.0171 1952	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:02:02.0234 1952	cbidf2k - ok
21:02:02.0234 1952	cd20xrnt - ok
21:02:02.0265 1952	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:02:02.0312 1952	Cdaudio - ok
21:02:02.0312 1952	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:02:02.0359 1952	Cdfs - ok
21:02:02.0390 1952	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:02:02.0437 1952	Cdrom - ok
21:02:02.0437 1952	Changer - ok
21:02:02.0453 1952	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
21:02:02.0500 1952	CiSvc - ok
21:02:02.0500 1952	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
21:02:02.0546 1952	ClipSrv - ok
21:02:02.0609 1952	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:02:02.0609 1952	clr_optimization_v2.0.50727_32 - ok
21:02:02.0656 1952	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:02:02.0656 1952	clr_optimization_v4.0.30319_32 - ok
21:02:02.0656 1952	CmdIde - ok
21:02:02.0656 1952	COMSysApp - ok
21:02:02.0687 1952	Cpqarray - ok
21:02:02.0687 1952	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
21:02:02.0750 1952	CryptSvc - ok
21:02:02.0750 1952	dac2w2k - ok
21:02:02.0750 1952	dac960nt - ok
21:02:02.0796 1952	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
21:02:02.0875 1952	DcomLaunch - ok
21:02:02.0890 1952	dgderdrv        (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
21:02:02.0906 1952	dgderdrv - ok
21:02:02.0937 1952	dg_ssudbus      (f9f31a9f2a8c0dd0ceb6e380bf0985d4) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
21:02:02.0937 1952	dg_ssudbus - ok
21:02:02.0968 1952	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
21:02:03.0031 1952	Dhcp - ok
21:02:03.0031 1952	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:02:03.0078 1952	Disk - ok
21:02:03.0078 1952	dmadmin - ok
21:02:03.0125 1952	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
21:02:03.0218 1952	dmboot - ok
21:02:03.0218 1952	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
21:02:03.0265 1952	dmio - ok
21:02:03.0296 1952	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:02:03.0343 1952	dmload - ok
21:02:03.0359 1952	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
21:02:03.0421 1952	dmserver - ok
21:02:03.0421 1952	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:02:03.0468 1952	DMusic - ok
21:02:03.0500 1952	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
21:02:03.0578 1952	Dnscache - ok
21:02:03.0609 1952	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
21:02:03.0671 1952	Dot3svc - ok
21:02:03.0671 1952	dpti2o - ok
21:02:03.0687 1952	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:02:03.0718 1952	drmkaud - ok
21:02:03.0734 1952	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
21:02:03.0796 1952	EapHost - ok
21:02:03.0812 1952	ElbyCDFL        (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
21:02:03.0828 1952	ElbyCDFL - ok
21:02:03.0859 1952	ElbyCDIO        (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
21:02:03.0859 1952	ElbyCDIO - ok
21:02:03.0875 1952	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
21:02:03.0921 1952	ERSvc - ok
21:02:03.0937 1952	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
21:02:03.0953 1952	Eventlog - ok
21:02:04.0000 1952	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
21:02:04.0031 1952	EventSystem - ok
21:02:04.0046 1952	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:02:04.0109 1952	Fastfat - ok
21:02:04.0140 1952	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
21:02:04.0203 1952	FastUserSwitchingCompatibility - ok
21:02:04.0218 1952	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:02:04.0265 1952	Fdc - ok
21:02:04.0265 1952	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
21:02:04.0312 1952	Fips - ok
21:02:04.0406 1952	FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:02:04.0437 1952	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
21:02:04.0437 1952	FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
21:02:04.0437 1952	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:02:04.0468 1952	Flpydisk - ok
21:02:04.0500 1952	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:02:04.0546 1952	FltMgr - ok
21:02:04.0640 1952	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:02:04.0656 1952	FontCache3.0.0.0 - ok
21:02:04.0671 1952	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:02:04.0734 1952	Fs_Rec - ok
21:02:04.0734 1952	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:02:04.0781 1952	Ftdisk - ok
21:02:04.0781 1952	gdrv - ok
21:02:04.0796 1952	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:02:04.0859 1952	Gpc - ok
21:02:04.0921 1952	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
21:02:04.0921 1952	gupdate - ok
21:02:04.0921 1952	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
21:02:04.0937 1952	gupdatem - ok
21:02:04.0968 1952	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:02:05.0015 1952	HDAudBus - ok
21:02:05.0046 1952	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:02:05.0093 1952	helpsvc - ok
21:02:05.0109 1952	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
21:02:05.0156 1952	HidServ - ok
21:02:05.0171 1952	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:02:05.0218 1952	hidusb - ok
21:02:05.0250 1952	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
21:02:05.0296 1952	hkmsvc - ok
21:02:05.0296 1952	hpn - ok
21:02:05.0343 1952	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:02:05.0375 1952	HTTP - ok
21:02:05.0390 1952	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
21:02:05.0453 1952	HTTPFilter - ok
21:02:05.0453 1952	i2omgmt - ok
21:02:05.0453 1952	i2omp - ok
21:02:05.0531 1952	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:02:05.0562 1952	idsvc - ok
21:02:05.0562 1952	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:02:05.0640 1952	Imapi - ok
21:02:05.0671 1952	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
21:02:05.0718 1952	ImapiService - ok
21:02:05.0718 1952	ini910u - ok
21:02:05.0984 1952	IntcAzAudAddService (db01625d8e286cd17b94dcf088713d7f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:02:06.0109 1952	IntcAzAudAddService - ok
21:02:06.0171 1952	IntelIde - ok
21:02:06.0203 1952	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:02:06.0250 1952	intelppm - ok
21:02:06.0265 1952	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:02:06.0312 1952	Ip6Fw - ok
21:02:06.0328 1952	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:02:06.0390 1952	IpFilterDriver - ok
21:02:06.0406 1952	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:02:06.0468 1952	IpInIp - ok
21:02:06.0484 1952	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:02:06.0531 1952	IpNat - ok
21:02:06.0531 1952	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:02:06.0593 1952	IPSec - ok
21:02:06.0609 1952	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:02:06.0656 1952	IRENUM - ok
21:02:06.0671 1952	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:02:06.0703 1952	isapnp - ok
21:02:06.0718 1952	ivusb - ok
21:02:06.0828 1952	JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
21:02:06.0828 1952	JavaQuickStarterService - ok
21:02:06.0890 1952	jswpsapi        (501ebb1aa7e3358ae70dd5f2be2a69e0) C:\Programme\TP-LINK\QSS\jswpsapi.exe
21:02:06.0890 1952	jswpsapi ( UnsignedFile.Multi.Generic ) - warning
21:02:06.0890 1952	jswpsapi - detected UnsignedFile.Multi.Generic (1)
21:02:06.0937 1952	JSWSCIMD        (20e5e4d1c055f36d341d7cda92b99dc8) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
21:02:06.0984 1952	JSWSCIMD - ok
21:02:07.0000 1952	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:02:07.0046 1952	Kbdclass - ok
21:02:07.0046 1952	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:02:07.0093 1952	kbdhid - ok
21:02:07.0109 1952	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:02:07.0156 1952	kmixer - ok
21:02:07.0203 1952	KOBCCEX         (2cd55b8f5a3dceedd13214a712d76236) C:\WINDOWS\system32\drivers\KOBCCEX.sys
21:02:07.0234 1952	KOBCCEX - ok
21:02:07.0265 1952	KOBCCID         (515e12789f114ce0f500bec185805358) C:\WINDOWS\system32\drivers\KOBCCID.sys
21:02:07.0265 1952	KOBCCID - ok
21:02:07.0281 1952	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:02:07.0328 1952	KSecDD - ok
21:02:07.0359 1952	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
21:02:07.0375 1952	lanmanserver - ok
21:02:07.0390 1952	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
21:02:07.0421 1952	lanmanworkstation - ok
21:02:07.0421 1952	lbrtfdc - ok
21:02:07.0437 1952	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
21:02:07.0437 1952	lirsgt - ok
21:02:07.0468 1952	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
21:02:07.0515 1952	LmHosts - ok
21:02:07.0531 1952	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
21:02:07.0546 1952	MBAMProtector - ok
21:02:07.0609 1952	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
21:02:07.0625 1952	MBAMService - ok
21:02:07.0656 1952	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
21:02:07.0718 1952	Messenger - ok
21:02:07.0750 1952	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
21:02:07.0765 1952	Microsoft Office Groove Audit Service - ok
21:02:07.0796 1952	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:02:07.0843 1952	mnmdd - ok
21:02:07.0843 1952	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
21:02:07.0906 1952	mnmsrvc - ok
21:02:07.0921 1952	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
21:02:07.0984 1952	Modem - ok
21:02:08.0062 1952	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
21:02:08.0109 1952	Monfilt - ok
21:02:08.0125 1952	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:02:08.0171 1952	Mouclass - ok
21:02:08.0218 1952	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:02:08.0265 1952	mouhid - ok
21:02:08.0265 1952	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:02:08.0312 1952	MountMgr - ok
21:02:08.0390 1952	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:02:08.0390 1952	MozillaMaintenance - ok
21:02:08.0390 1952	mraid35x - ok
21:02:08.0406 1952	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:02:08.0453 1952	MRxDAV - ok
21:02:08.0500 1952	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:02:08.0546 1952	MRxSmb - ok
21:02:08.0562 1952	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
21:02:08.0609 1952	MSDTC - ok
21:02:08.0609 1952	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:02:08.0671 1952	Msfs - ok
21:02:08.0671 1952	MSIServer - ok
21:02:08.0687 1952	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:02:08.0734 1952	MSKSSRV - ok
21:02:08.0734 1952	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:02:08.0781 1952	MSPCLOCK - ok
21:02:08.0796 1952	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:02:08.0828 1952	MSPQM - ok
21:02:08.0859 1952	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:02:08.0906 1952	mssmbios - ok
21:02:08.0921 1952	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:02:08.0953 1952	Mup - ok
21:02:08.0984 1952	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
21:02:09.0031 1952	napagent - ok
21:02:09.0046 1952	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:02:09.0093 1952	NDIS - ok
21:02:09.0125 1952	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:02:09.0171 1952	NdisTapi - ok
21:02:09.0187 1952	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:02:09.0234 1952	Ndisuio - ok
21:02:09.0234 1952	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:02:09.0281 1952	NdisWan - ok
21:02:09.0296 1952	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:02:09.0359 1952	NDProxy - ok
21:02:09.0359 1952	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:02:09.0406 1952	NetBIOS - ok
21:02:09.0421 1952	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:02:09.0468 1952	NetBT - ok
21:02:09.0500 1952	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
21:02:09.0546 1952	NetDDE - ok
21:02:09.0546 1952	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
21:02:09.0593 1952	NetDDEdsdm - ok
21:02:09.0593 1952	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:02:09.0640 1952	Netlogon - ok
21:02:09.0687 1952	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
21:02:09.0734 1952	Netman - ok
21:02:09.0828 1952	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:02:09.0828 1952	NetTcpPortSharing - ok
21:02:09.0875 1952	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
21:02:09.0890 1952	Nla - ok
21:02:09.0890 1952	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:02:09.0937 1952	Npfs - ok
21:02:09.0953 1952	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:02:10.0015 1952	Ntfs - ok
21:02:10.0015 1952	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:02:10.0062 1952	NtLmSsp - ok
21:02:10.0109 1952	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
21:02:10.0156 1952	NtmsSvc - ok
21:02:10.0187 1952	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:02:10.0234 1952	Null - ok
21:02:10.0250 1952	nusb3hub        (68c890ddb21028cb1ea5551b47b29e1b) C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
21:02:10.0281 1952	nusb3hub - ok
21:02:10.0296 1952	nusb3xhc        (2cf970c1a9e05d3b91039c2dd4471c0e) C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
21:02:10.0312 1952	nusb3xhc - ok
21:02:10.0718 1952	nv              (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:02:11.0031 1952	nv ( UnsignedFile.Multi.Generic ) - warning
21:02:11.0031 1952	nv - detected UnsignedFile.Multi.Generic (1)
21:02:11.0125 1952	NVHDA           (049aa7021e5406e77f3535be66635b74) C:\WINDOWS\system32\drivers\nvhda32.sys
21:02:11.0140 1952	NVHDA - ok
21:02:11.0171 1952	nvsvc           (a2322c6207ebb0761a6c8cc9003ebacf) C:\WINDOWS\system32\nvsvc32.exe
21:02:11.0187 1952	nvsvc - ok
21:02:11.0203 1952	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:02:11.0265 1952	NwlnkFlt - ok
21:02:11.0281 1952	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:02:11.0328 1952	NwlnkFwd - ok
21:02:11.0421 1952	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
21:02:11.0437 1952	odserv - ok
21:02:11.0453 1952	ose             (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
21:02:11.0468 1952	ose - ok
21:02:11.0500 1952	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
21:02:11.0546 1952	Parport - ok
21:02:11.0562 1952	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:02:11.0593 1952	PartMgr - ok
21:02:11.0625 1952	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:02:11.0687 1952	ParVdm - ok
21:02:11.0687 1952	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
21:02:11.0734 1952	PCI - ok
21:02:11.0734 1952	PCIDump - ok
21:02:11.0750 1952	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:02:11.0812 1952	PCIIde - ok
21:02:11.0828 1952	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:02:11.0890 1952	Pcmcia - ok
21:02:11.0890 1952	PDCOMP - ok
21:02:11.0890 1952	PDFRAME - ok
21:02:11.0906 1952	PDRELI - ok
21:02:11.0906 1952	PDRFRAME - ok
21:02:11.0921 1952	perc2 - ok
21:02:11.0921 1952	perc2hib - ok
21:02:11.0984 1952	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
21:02:12.0000 1952	PlugPlay - ok
21:02:12.0000 1952	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:02:12.0046 1952	PolicyAgent - ok
21:02:12.0062 1952	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:02:12.0109 1952	PptpMiniport - ok
21:02:12.0109 1952	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:02:12.0156 1952	ProtectedStorage - ok
21:02:12.0156 1952	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:02:12.0203 1952	PSched - ok
21:02:12.0218 1952	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:02:12.0265 1952	Ptilink - ok
21:02:12.0281 1952	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:02:12.0296 1952	PxHelp20 - ok
21:02:12.0296 1952	ql1080 - ok
21:02:12.0296 1952	Ql10wnt - ok
21:02:12.0312 1952	ql12160 - ok
21:02:12.0312 1952	ql1240 - ok
21:02:12.0328 1952	ql1280 - ok
21:02:12.0343 1952	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:02:12.0390 1952	RasAcd - ok
21:02:12.0421 1952	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
21:02:12.0468 1952	RasAuto - ok
21:02:12.0484 1952	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:02:12.0531 1952	Rasl2tp - ok
21:02:12.0562 1952	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
21:02:12.0625 1952	RasMan - ok
21:02:12.0625 1952	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:02:12.0671 1952	RasPppoe - ok
21:02:12.0671 1952	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:02:12.0718 1952	Raspti - ok
21:02:12.0734 1952	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:02:12.0796 1952	Rdbss - ok
21:02:12.0796 1952	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:02:12.0843 1952	RDPCDD - ok
21:02:12.0875 1952	RDPWD           (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:02:12.0937 1952	RDPWD - ok
21:02:12.0968 1952	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
21:02:13.0015 1952	RDSessMgr - ok
21:02:13.0015 1952	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:02:13.0062 1952	redbook - ok
21:02:13.0093 1952	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
21:02:13.0140 1952	RemoteAccess - ok
21:02:13.0156 1952	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
21:02:13.0187 1952	RpcLocator - ok
21:02:13.0218 1952	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
21:02:13.0218 1952	RpcSs - ok
21:02:13.0250 1952	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
21:02:13.0296 1952	RSVP - ok
21:02:13.0328 1952	RTLE8023xp      (a1ad65718870dbf2bcb81e3c1406469e) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:02:13.0343 1952	RTLE8023xp - ok
21:02:13.0375 1952	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:02:13.0421 1952	SamSs - ok
21:02:13.0437 1952	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
21:02:13.0468 1952	SCardSvr - ok
21:02:13.0515 1952	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
21:02:13.0562 1952	Schedule - ok
21:02:13.0562 1952	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:02:13.0609 1952	Secdrv - ok
21:02:13.0640 1952	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
21:02:13.0687 1952	seclogon - ok
21:02:13.0703 1952	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
21:02:13.0750 1952	SENS - ok
21:02:13.0750 1952	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
21:02:13.0796 1952	Serial - ok
21:02:13.0828 1952	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:02:13.0875 1952	Sfloppy - ok
21:02:13.0890 1952	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
21:02:13.0984 1952	SharedAccess - ok
21:02:14.0015 1952	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
21:02:14.0031 1952	ShellHWDetection - ok
21:02:14.0031 1952	Simbad - ok
21:02:14.0031 1952	Sparrow - ok
21:02:14.0078 1952	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:02:14.0125 1952	splitter - ok
21:02:14.0140 1952	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:02:14.0171 1952	Spooler - ok
21:02:14.0171 1952	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
21:02:14.0218 1952	sr - ok
21:02:14.0234 1952	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
21:02:14.0281 1952	srservice - ok
21:02:14.0296 1952	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:02:14.0328 1952	Srv - ok
21:02:14.0359 1952	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
21:02:14.0406 1952	SSDPSRV - ok
21:02:14.0437 1952	ssudmdm         (07318149e102fd9197ab444c27774372) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
21:02:14.0453 1952	ssudmdm - ok
21:02:14.0468 1952	ssudobex        (ae73ce1fc0c6d8f3249f23b906aef490) C:\WINDOWS\system32\DRIVERS\ssudobex.sys
21:02:14.0484 1952	ssudobex - ok
21:02:14.0546 1952	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
21:02:14.0625 1952	stisvc - ok
21:02:14.0656 1952	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:02:14.0718 1952	swenum - ok
21:02:14.0718 1952	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:02:14.0765 1952	swmidi - ok
21:02:14.0765 1952	SwPrv - ok
21:02:14.0765 1952	symc810 - ok
21:02:14.0781 1952	symc8xx - ok
21:02:14.0781 1952	sym_hi - ok
21:02:14.0796 1952	sym_u3 - ok
21:02:14.0812 1952	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:02:14.0843 1952	sysaudio - ok
21:02:14.0859 1952	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
21:02:14.0921 1952	SysmonLog - ok
21:02:14.0968 1952	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
21:02:15.0015 1952	TapiSrv - ok
21:02:15.0062 1952	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:02:15.0062 1952	Tcpip - ok
21:02:15.0109 1952	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:02:15.0171 1952	TDPIPE - ok
21:02:15.0187 1952	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:02:15.0234 1952	TDTCP - ok
21:02:15.0250 1952	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:02:15.0296 1952	TermDD - ok
21:02:15.0328 1952	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
21:02:15.0390 1952	TermService - ok
21:02:15.0421 1952	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
21:02:15.0437 1952	Themes - ok
21:02:15.0437 1952	TosIde - ok
21:02:15.0437 1952	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
21:02:15.0484 1952	TrkWks - ok
21:02:15.0500 1952	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:02:15.0562 1952	Udfs - ok
21:02:15.0562 1952	ultra - ok
21:02:15.0609 1952	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:02:15.0671 1952	Update - ok
21:02:15.0703 1952	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
21:02:15.0750 1952	upnphost - ok
21:02:15.0765 1952	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
21:02:15.0828 1952	UPS - ok
21:02:15.0859 1952	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:02:15.0906 1952	usbccgp - ok
21:02:15.0921 1952	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:02:15.0953 1952	usbehci - ok
21:02:15.0984 1952	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:02:16.0015 1952	usbhub - ok
21:02:16.0031 1952	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:02:16.0062 1952	usbprint - ok
21:02:16.0093 1952	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:02:16.0125 1952	usbscan - ok
21:02:16.0156 1952	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:02:16.0203 1952	USBSTOR - ok
21:02:16.0234 1952	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:02:16.0281 1952	usbuhci - ok
21:02:16.0312 1952	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:02:16.0375 1952	VgaSave - ok
21:02:16.0375 1952	ViaIde - ok
21:02:16.0390 1952	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
21:02:16.0421 1952	VolSnap - ok
21:02:16.0437 1952	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
21:02:16.0500 1952	VSS - ok
21:02:16.0515 1952	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
21:02:16.0562 1952	W32Time - ok
21:02:16.0593 1952	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:02:16.0640 1952	Wanarp - ok
21:02:16.0671 1952	WDC_SAM         (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:02:16.0703 1952	WDC_SAM - ok
21:02:16.0781 1952	WDDMService     (7d1e301e2eeaf6d3730887de933413e6) C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
21:02:16.0796 1952	WDDMService ( UnsignedFile.Multi.Generic ) - warning
21:02:16.0796 1952	WDDMService - detected UnsignedFile.Multi.Generic (1)
21:02:16.0843 1952	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:02:16.0859 1952	Wdf01000 - ok
21:02:16.0859 1952	WDICA - ok
21:02:16.0890 1952	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:02:16.0937 1952	wdmaud - ok
21:02:16.0953 1952	WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
21:02:16.0953 1952	WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
21:02:16.0953 1952	WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
21:02:16.0968 1952	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
21:02:17.0015 1952	WebClient - ok
21:02:17.0078 1952	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:02:17.0140 1952	winmgmt - ok
21:02:17.0171 1952	WinUSB          (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
21:02:17.0171 1952	WinUSB - ok
21:02:17.0187 1952	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:02:17.0218 1952	WmdmPmSN - ok
21:02:17.0234 1952	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:02:17.0281 1952	WmiAcpi - ok
21:02:17.0281 1952	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:02:17.0328 1952	WmiApSrv - ok
21:02:17.0468 1952	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:02:17.0500 1952	WPFFontCache_v0400 - ok
21:02:17.0531 1952	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
21:02:17.0578 1952	wscsvc - ok
21:02:17.0593 1952	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
21:02:17.0671 1952	wuauserv - ok
21:02:17.0687 1952	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:02:17.0718 1952	WudfPf - ok
21:02:17.0734 1952	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:02:17.0750 1952	WudfRd - ok
21:02:17.0781 1952	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:02:17.0796 1952	WudfSvc - ok
21:02:17.0859 1952	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
21:02:17.0906 1952	WZCSVC - ok
21:02:17.0937 1952	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
21:02:18.0000 1952	xmlprov - ok
21:02:18.0015 1952	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
21:02:18.0312 1952	\Device\Harddisk0\DR0 - ok
21:02:18.0312 1952	Boot (0x1200)   (541d72d6e56fbcd6c9347c3f42a658c5) \Device\Harddisk0\DR0\Partition0
21:02:18.0312 1952	\Device\Harddisk0\DR0\Partition0 - ok
21:02:18.0312 1952	============================================================
21:02:18.0312 1952	Scan finished
21:02:18.0312 1952	============================================================
21:02:18.0421 3252	Detected object count: 7
21:02:18.0421 3252	Actual detected object count: 7
21:02:59.0140 3252	Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:59.0140 3252	Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:02:59.0140 3252	Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:59.0140 3252	Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:02:59.0156 3252	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:59.0156 3252	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:02:59.0156 3252	jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:59.0156 3252	jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:02:59.0156 3252	nv ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:59.0156 3252	nv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:02:59.0156 3252	WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:59.0156 3252	WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:02:59.0171 3252	WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:59.0171 3252	WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:04:02.0078 2700	Deinitialize success
__________________
Alt 12.07.2012, 21:14   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner auf Win XP - Standard

GVU Trojaner auf Win XP


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
__________________
Alt 12.07.2012, 22:14   #19
fizze
 
GVU Trojaner auf Win XP - Standard

GVU Trojaner auf Win XP


Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-12.02 - Rainer 12.07.2012  23:00:41.1.8 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.3582.2958 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Rainer\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokume~1\Rainer\LOKALE~1\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\dokumente und einstellungen\Rainer\Lokale Einstellungen\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\windows\system32\components
c:\windows\system32\components\AcroFF.txt
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\kock
c:\windows\system32\MSCOMCTL.1
c:\windows\system32\muzapp.exe
.
c:\windows\system32\drivers\i8042prt.sys fehlte 
Kopie von - c:\windows\ServicePackFiles\i386\i8042prt.sys wurde wiederhergestellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-12 bis 2012-07-12  ))))))))))))))))))))))))))))))
.
.
2012-07-12 21:02 . 2008-04-14 01:55	52992	-c--a-w-	c:\windows\system32\dllcache\i8042prt.sys
2012-07-12 21:02 . 2008-04-14 01:55	52992	----a-w-	c:\windows\system32\drivers\i8042prt.sys
2012-07-12 17:08 . 2012-07-12 17:08	--------	d-----w-	C:\_OTL
2012-07-06 19:50 . 2012-07-06 19:50	--------	d-----w-	c:\programme\ESET
2012-07-06 18:33 . 2012-07-06 18:33	--------	d-----w-	c:\dokumente und einstellungen\Rainer\Anwendungsdaten\Malwarebytes
2012-07-06 18:33 . 2012-07-06 18:33	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-07-06 18:33 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-01 11:24 . 2012-07-01 11:24	--------	d-----w-	c:\windows\system32\System32
2012-06-17 21:51 . 2012-06-17 21:51	770384	----a-w-	c:\programme\Mozilla Firefox\msvcr100.dll
2012-06-17 21:51 . 2012-06-17 21:51	421200	----a-w-	c:\programme\Mozilla Firefox\msvcp100.dll
2012-06-13 23:05 . 2012-05-11 14:40	521728	-c----w-	c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 18:11 . 2012-04-06 11:14	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-12 18:11 . 2011-05-19 16:33	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:55 . 2004-08-04 12:00	1866240	----a-w-	c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2009-08-19 16:07	1372672	------w-	c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2004-08-04 12:00	1172480	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 12:00	152576	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2010-03-02 21:59	18456	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2010-03-02 21:59	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2010-03-02 17:50	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-03-02 17:50	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-03-02 17:50	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-03-02 21:59	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2010-03-02 21:59	15896	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-03-02 17:50	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-03-02 17:50	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-04 12:00	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-03-02 21:59	23576	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-03-02 17:50	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-03-02 17:50	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2011-03-13 12:48	275696	----a-w-	c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-03-13 12:48	214256	----a-w-	c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2011-03-13 12:48	18160	----a-w-	c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 12:00	604160	----a-w-	c:\windows\system32\crypt32.dll
2012-05-28 22:38 . 2012-05-28 22:38	330240	----a-w-	c:\windows\MASetupCaller.dll
2012-05-23 16:50 . 2012-06-05 11:39	4659712	----a-w-	c:\windows\system32\Redemption.dll
2012-05-23 16:49 . 2012-05-23 16:49	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2012-05-23 16:49 . 2012-05-23 16:49	30568	----a-w-	c:\windows\MusiccityDownload.exe
2012-05-23 16:49 . 2012-05-23 16:49	974848	----a-w-	c:\windows\system32\cis-2.4.dll
2012-05-23 16:49 . 2012-05-23 16:49	81920	----a-w-	c:\windows\system32\issacapi_bs-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49	65536	----a-w-	c:\windows\system32\issacapi_pe-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49	57344	----a-w-	c:\windows\system32\MTXSYNCICON.dll
2012-05-23 16:49 . 2012-05-23 16:49	57344	----a-w-	c:\windows\system32\MK_Lyric.dll
2012-05-23 16:49 . 2012-05-23 16:49	57344	----a-w-	c:\windows\system32\issacapi_se-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49	569344	----a-w-	c:\windows\system32\muzdecode.ax
2012-05-23 16:49 . 2012-05-23 16:49	491520	----a-w-	c:\windows\system32\muzapp.dll
2012-05-23 16:49 . 2012-05-23 16:49	49152	----a-w-	c:\windows\system32\MaJGUILib.dll
2012-05-23 16:49 . 2012-05-23 16:49	45320	----a-w-	c:\windows\system32\MAMACExtract.dll
2012-05-23 16:49 . 2012-05-23 16:49	45056	----a-w-	c:\windows\system32\MaXMLProto.dll
2012-05-23 16:49 . 2012-05-23 16:49	45056	----a-w-	c:\windows\system32\MACXMLProto.dll
2012-05-23 16:49 . 2012-05-23 16:49	40960	----a-w-	c:\windows\system32\MTTELECHIP.dll
2012-05-23 16:49 . 2012-05-23 16:49	352256	----a-w-	c:\windows\system32\MSLUR71.dll
2012-05-23 16:49 . 2012-05-23 16:49	258048	----a-w-	c:\windows\system32\muzoggsp.ax
2012-05-23 16:49 . 2012-05-23 16:49	245760	----a-w-	c:\windows\system32\MSCLib.dll
2012-05-23 16:49 . 2012-05-23 16:49	24576	----a-w-	c:\windows\system32\MASetupCleaner.exe
2012-05-23 16:49 . 2012-05-23 16:49	200704	----a-w-	c:\windows\system32\muzwmts.dll
2012-05-23 16:49 . 2012-05-23 16:49	155648	----a-w-	c:\windows\system32\MSFLib.dll
2012-05-23 16:49 . 2012-05-23 16:49	143360	----a-w-	c:\windows\system32\3DAudio.ax
2012-05-23 16:49 . 2012-05-23 16:49	14336	----a-w-	c:\windows\system32\avrt.dll
2012-05-23 16:49 . 2012-05-23 16:49	135168	----a-w-	c:\windows\system32\muzaf1.dll
2012-05-23 16:49 . 2012-05-23 16:49	131072	----a-w-	c:\windows\system32\muzmpgsp.ax
2012-05-23 16:49 . 2012-05-23 16:49	122880	----a-w-	c:\windows\system32\muzeffect.ax
2012-05-23 16:49 . 2012-05-23 16:49	118784	----a-w-	c:\windows\system32\MaDRM.dll
2012-05-23 16:49 . 2012-05-23 16:49	110592	----a-w-	c:\windows\system32\muzmp4sp.ax
2012-05-23 16:49 . 2012-06-05 11:39	319456	----a-w-	c:\windows\system32\DIFxAPI.dll
2012-05-23 16:49 . 2012-06-05 11:39	20032	----a-w-	c:\windows\system32\drivers\dgderdrv.sys
2012-05-23 16:49 . 2012-06-05 11:39	821824	----a-w-	c:\windows\system32\dgderapi.dll
2012-05-21 02:09 . 2012-06-05 11:40	181432	----a-w-	c:\windows\system32\drivers\ssudobex.sys
2012-05-21 02:09 . 2012-06-05 11:40	80824	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2012-05-21 02:09 . 2012-06-05 11:40	181432	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2012-05-16 15:07 . 2004-08-04 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-11 14:40 . 2004-08-04 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2004-08-04 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 12:00	385024	------w-	c:\windows\system32\html.iec
2012-05-05 03:14 . 2004-08-04 12:00	2150912	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-04 00:50	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-03-02 17:48	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-17 21:51 . 2012-01-28 13:05	85472	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"jswtrayutil"="c:\programme\TP-LINK\QSS\jswtrayutil.exe" [2008-05-12 36949]
"HwBtnDetector"="c:\programme\TP-LINK\QSS\HwBtnDetector.exe" [2008-02-29 28672]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"KiesTrayAgent"="c:\programme\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Rainer\Startmenü\Programme\Autostart\
ctfmon.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33792]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WDDMStatus.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WDSmartWare.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-05-10 21:46	624248	----a-w-	c:\programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20	57344	----a-w-	c:\programme\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-03-03 17:33	136176	----atw-	c:\dokumente und einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36	30040	----a-w-	c:\programme\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-12-09 10:45	74752	----a-w-	c:\programme\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Winamp\\winamp.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Programme\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4444:TCP"= 4444:TCP:FileZilla
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
.
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [02.03.2010 21:29 19496]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [06.07.2012 20:33 654408]
R2 WDDMService;WD SmartWare Drive Manager;c:\programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [13.11.2009 12:28 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.06.2009 09:58 20480]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [02.01.2012 21:17 1756384]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [02.01.2012 19:22 57344]
R3 KOBCCEX;KOBCCEX;c:\windows\system32\drivers\KOBCCEX.sys [06.03.2011 11:59 24960]
R3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys [06.03.2011 11:59 118144]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06.07.2012 20:33 22344]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [20.11.2009 13:15 58880]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [20.11.2009 13:15 137728]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [02.03.2010 23:51 91496]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [03.01.2012 17:52 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06.04.2012 13:14 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [02.03.2010 21:28 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [05.06.2012 13:40 80824]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [05.06.2012 13:39 20032]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [03.01.2012 17:52 136176]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\programme\TP-LINK\QSS\jswpsapi.exe [02.01.2012 19:22 356434]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [03.05.2012 18:44 113120]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [05.06.2012 13:40 181432]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudobex.sys [05.06.2012 13:40 181432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [04.03.2011 20:03 11520]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 18:11]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-01-03 15:52]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-01-03 15:52]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-2025429265-725345543-1004Core.job
- c:\dokumente und einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2011-03-03 17:33]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-2025429265-725345543-1004UA.job
- c:\dokumente und einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2011-03-03 17:33]
.
2012-07-09 c:\windows\Tasks\switchShakeIcon.job
- c:\programme\NCH Software\Switch\switch.exe [2012-04-08 23:13]
.
2012-07-09 c:\windows\Tasks\WavePadReminder.job
- c:\programme\NCH Software\WavePad\wavepad.exe [2012-04-08 23:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\Rainer\Anwendungsdaten\Mozilla\Firefox\Profiles\3eutccku.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.zkwette.de/gb.php
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Kalender - c:\programme\Kalender\Kalender.exe
HKCU-Run-KiesHelper - c:\programme\Samsung\Kies\KiesHelper.exe
HKCU-Run-KiesAirMessage - c:\programme\Samsung\Kies\KiesAirMessage.exe
MSConfigStartUp-BCU - c:\programme\DeviceVM\Browser Configuration Utility\BCU.exe
AddRemove-NVIDIA nView Desktop Manager - c:\programme\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
AddRemove-01_Simmental - c:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\programme\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\programme\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\programme\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\programme\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\programme\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\programme\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\programme\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\programme\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\programme\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-12 23:04
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-57989841-2025429265-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:9c,18,5d,f9,e1,f8,75,d4,0f,71,05,07,98,14,75,3d,24,ea,cc,51,0c,
   3c,10,4d,78,83,72,9a,dc,f6,f0,38,4f,ed,d0,ed,b6,b3,c6,ac,f5,80,b5,59,4f,03,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(2736)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\System32\SCardSvr.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-12  23:07:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-12 21:07
.
Vor Suchlauf: 12 Verzeichnis(se), 405.217.599.488 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 405.336.199.168 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 14118D572017BC26A4857F97F4446821
--- --- ---


Hallo Arne,
ist damit der Prozess abgeschlossen und ich kann mich ganz herzlich bei Dir bedanken?

Alt 13.07.2012, 12:42   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner auf Win XP - Standard

GVU Trojaner auf Win XP


Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.07.2012, 00:31   #21
fizze
 
GVU Trojaner auf Win XP - Standard

GVU Trojaner auf Win XP


Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-13 21:37:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD5000AAKS-00D2B0 rev.12.01C02
Running: y6zzbrpe[1].exe; Driver: C:\DOKUME~1\Rainer\LOKALE~1\Temp\pxtdqpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                         section is writeable [0xB6E8A3A0, 0x59FFE5, 0xE8000020]
.text  C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                           section is writeable [0xB37A6300, 0x3B6D8, 0xE8000020]
.text  C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                           section is writeable [0xB40C5300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text  C:\Programme\Mozilla Thunderbird\thunderbird.exe[1352] ntdll.dll!LdrLoadDll                                      7C92632D 5 Bytes  JMP 00E9D2FC C:\Programme\Mozilla Thunderbird\xul.dll (Mozilla Foundation)
.text  C:\Programme\Mozilla Thunderbird\thunderbird.exe[1352] kernel32.dll!VirtualAlloc                                 7C809AF1 5 Bytes  JMP 01828D71 C:\Programme\Mozilla Thunderbird\xul.dll (Mozilla Foundation)
.text  C:\Programme\Mozilla Thunderbird\thunderbird.exe[1352] kernel32.dll!MapViewOfFile                                7C80B9A5 5 Bytes  JMP 01828DB7 C:\Programme\Mozilla Thunderbird\xul.dll (Mozilla Foundation)
.text  C:\Programme\Mozilla Thunderbird\thunderbird.exe[1352] GDI32.dll!CreateDIBSection                                77EF9E19 5 Bytes  JMP 01828DDE C:\Programme\Mozilla Thunderbird\xul.dll (Mozilla Foundation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2068] USER32.dll!DialogBoxParamW                                     7E3747AB 5 Bytes  JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2068] USER32.dll!CreateWindowExW                                     7E37D0A3 5 Bytes  JMP 4126DAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2068] USER32.dll!DialogBoxIndirectParamW                             7E382072 5 Bytes  JMP 41367207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2068] USER32.dll!MessageBoxIndirectA                                 7E38A082 5 Bytes  JMP 41367139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2068] USER32.dll!DialogBoxParamA                                     7E38B144 5 Bytes  JMP 413671A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2068] USER32.dll!MessageBoxExW                                       7E3A0838 5 Bytes  JMP 4136700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2068] USER32.dll!MessageBoxExA                                       7E3A085C 5 Bytes  JMP 4136706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2068] USER32.dll!DialogBoxIndirectParamA                             7E3A6D7D 5 Bytes  JMP 4136726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2068] USER32.dll!MessageBoxIndirectW                                 7E3B64D5 5 Bytes  JMP 413670CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2124] USER32.dll!DialogBoxParamW                                     7E3747AB 5 Bytes  JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2124] USER32.dll!SetWindowsHookExW                                   7E37820F 5 Bytes  JMP 41269A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2124] USER32.dll!CallNextHookEx                                      7E37B3C6 5 Bytes  JMP 4125D0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2124] USER32.dll!CreateWindowExW                                     7E37D0A3 5 Bytes  JMP 4126DAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2124] USER32.dll!UnhookWindowsHookEx                                 7E37D5F3 5 Bytes  JMP 411D466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2124] USER32.dll!DialogBoxIndirectParamW                             7E382072 5 Bytes  JMP 41367207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2124] USER32.dll!MessageBoxIndirectA                                 7E38A082 5 Bytes  JMP 41367139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2124] USER32.dll!DialogBoxParamA                                     7E38B144 5 Bytes  JMP 413671A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2124] USER32.dll!MessageBoxExW                                       7E3A0838 5 Bytes  JMP 4136700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2124] USER32.dll!MessageBoxExA                                       7E3A085C 5 Bytes  JMP 4136706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2124] USER32.dll!DialogBoxIndirectParamA                             7E3A6D7D 5 Bytes  JMP 4136726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2124] USER32.dll!MessageBoxIndirectW                                 7E3B64D5 5 Bytes  JMP 413670CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2124] ole32.dll!CoCreateInstance                                     774CF1BC 5 Bytes  JMP 4126DB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2124] ole32.dll!OleLoadFromStream                                    774F983B 5 Bytes  JMP 4136756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2192] USER32.dll!DialogBoxParamW                                     7E3747AB 5 Bytes  JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2192] USER32.dll!SetWindowsHookExW                                   7E37820F 5 Bytes  JMP 41269A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2192] USER32.dll!CallNextHookEx                                      7E37B3C6 5 Bytes  JMP 4125D0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2192] USER32.dll!CreateWindowExW                                     7E37D0A3 5 Bytes  JMP 4126DAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2192] USER32.dll!UnhookWindowsHookEx                                 7E37D5F3 5 Bytes  JMP 411D466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2192] USER32.dll!DialogBoxIndirectParamW                             7E382072 5 Bytes  JMP 41367207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2192] USER32.dll!MessageBoxIndirectA                                 7E38A082 5 Bytes  JMP 41367139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2192] USER32.dll!DialogBoxParamA                                     7E38B144 5 Bytes  JMP 413671A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2192] USER32.dll!MessageBoxExW                                       7E3A0838 5 Bytes  JMP 4136700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2192] USER32.dll!MessageBoxExA                                       7E3A085C 5 Bytes  JMP 4136706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2192] USER32.dll!DialogBoxIndirectParamA                             7E3A6D7D 5 Bytes  JMP 4136726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2192] USER32.dll!MessageBoxIndirectW                                 7E3B64D5 5 Bytes  JMP 413670CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2192] ole32.dll!CoCreateInstance                                     774CF1BC 5 Bytes  JMP 4126DB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[2192] ole32.dll!OleLoadFromStream                                    774F983B 5 Bytes  JMP 4136756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2908] ntdll.dll!DbgUiRemoteBreakin                7C9620EC 1 Byte  [C3]
.text  C:\Programme\Mozilla Firefox\firefox.exe[3208] ntdll.dll!LdrLoadDll                                              7C92632D 5 Bytes  JMP 0115FA35 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Programme\Mozilla Firefox\firefox.exe[3208] kernel32.dll!VirtualAlloc                                         7C809AF1 5 Bytes  JMP 014007C5 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Programme\Mozilla Firefox\firefox.exe[3208] kernel32.dll!MapViewOfFile                                        7C80B9A5 5 Bytes  JMP 0140079E C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Programme\Mozilla Firefox\firefox.exe[3208] GDI32.dll!CreateDIBSection                                        77EF9E19 5 Bytes  JMP 01400728 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Programme\Internet Explorer\iexplore.exe[3904] USER32.dll!DialogBoxParamW                                     7E3747AB 5 Bytes  JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[3904] USER32.dll!SetWindowsHookExW                                   7E37820F 5 Bytes  JMP 41269A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[3904] USER32.dll!CallNextHookEx                                      7E37B3C6 5 Bytes  JMP 4125D0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[3904] USER32.dll!CreateWindowExW                                     7E37D0A3 5 Bytes  JMP 4126DAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[3904] USER32.dll!UnhookWindowsHookEx                                 7E37D5F3 5 Bytes  JMP 411D466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[3904] USER32.dll!DialogBoxIndirectParamW                             7E382072 5 Bytes  JMP 41367207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[3904] USER32.dll!MessageBoxIndirectA                                 7E38A082 5 Bytes  JMP 41367139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[3904] USER32.dll!DialogBoxParamA                                     7E38B144 5 Bytes  JMP 413671A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[3904] USER32.dll!MessageBoxExW                                       7E3A0838 5 Bytes  JMP 4136700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[3904] USER32.dll!MessageBoxExA                                       7E3A085C 5 Bytes  JMP 4136706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[3904] USER32.dll!DialogBoxIndirectParamA                             7E3A6D7D 5 Bytes  JMP 4136726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[3904] USER32.dll!MessageBoxIndirectW                                 7E3B64D5 5 Bytes  JMP 413670CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[3904] ole32.dll!CoCreateInstance                                     774CF1BC 5 Bytes  JMP 4126DB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Programme\Internet Explorer\iexplore.exe[3904] ole32.dll!OleLoadFromStream                                    774F983B 5 Bytes  JMP 4136756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT    C:\Programme\Internet Explorer\iexplore.exe[2124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]  [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT    C:\Programme\Internet Explorer\iexplore.exe[2192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]  [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT    C:\Programme\Internet Explorer\iexplore.exe[3904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]  [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:47:17 on 13.07.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-57989841-2025429265-725345543-1004Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-57989841-2025429265-725345543-1004UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"switchShakeIcon.job" - "NCH Software" - C:\Programme\NCH Software\Switch\switch.exe
"WavePadReminder.job" - "NCH Software" - C:\Programme\NCH Software\WavePad\wavepad.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"CTAPI_Control.cpl" - "KOBIL Systems" - C:\WINDOWS\system32\CTAPI_Control.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AppleCharger" (AppleCharger) - ? - C:\WINDOWS\System32\DRIVERS\AppleCharger.sys  (File found, but it contains no detailed information)
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"dgderdrv" (dgderdrv) - "Devguru Co., Ltd" - C:\WINDOWS\System32\drivers\dgderdrv.sys
"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\ElbyCDFL.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
"gdrv" (gdrv) - ? - C:\WINDOWS\gdrv.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"Initio Driver for USB Default Controller" (ivusb) - ? - C:\WINDOWS\System32\DRIVERS\ivusb.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"pxtdqpob" (pxtdqpob) - ? - C:\DOKUME~1\Rainer\LOKALE~1\Temp\pxtdqpob.sys  (Hidden registry entry, rootkit activity | File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} "Burn4Freecontext menu" - "Ikysasoft s.r.l. uninominale" - C:\Programme\Burn4Free\B4FM.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://go.microsoft.com/fwlink/?linkid=39204
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{90EFF544-3981-4d46-85C9-C0361D0931D6} "af0.Adblock.BHO" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Rainer\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"KiesPDLR" - ? - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"HwBtnDetector" - ? - C:\Programme\TP-LINK\QSS\HwBtnDetector.exe
"jswtrayutil" - "TP-LINK TECHNOLOGIES CO., LTD." - C:\Programme\TP-LINK\QSS\jswtrayutil.exe
"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Programme\Samsung\Kies\KiesTrayAgent.exe
"NUSB3MON" - "NEC Electronics Corporation" - "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Programme\Bonjour\mDNSResponder.exe
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"AppleChargerSrv" (AppleChargerSrv) - ? - C:\WINDOWS\System32\AppleChargerSrv.exe  (File found, but it contains no detailed information)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Jumpstart Wifi Protected Setup" (jswpsapi) - "Atheros Communications, Inc." - C:\Programme\TP-LINK\QSS\jswpsapi.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"WD SmartWare Background Service" (WDSmartWareBackgroundService) - "Memeo" - C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
"WD SmartWare Drive Manager" (WDDMService) - "WDC" - C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Computer, Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-13 21:50:55
-----------------------------
21:50:55.109    OS Version: Windows 5.1.2600 Service Pack 3
21:50:55.109    Number of processors: 8 586 0x1A05
21:50:55.109    ComputerName: CHILLI  UserName: Rainer
21:50:56.156    Initialize success
21:52:01.750    AVAST engine defs: 12071300
21:52:21.828    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:52:21.828    Disk 0 Vendor: WDC_WD5000AAKS-00D2B0 12.01C02 Size: 476940MB BusType: 3
21:52:21.906    Disk 0 MBR read successfully
21:52:21.906    Disk 0 MBR scan
21:52:21.921    Disk 0 Windows XP default MBR code
21:52:21.921    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476929 MB offset 63
21:52:21.968    Disk 0 scanning sectors +976752000
21:52:22.109    Disk 0 scanning C:\WINDOWS\system32\drivers
21:52:44.437    Service scanning
21:52:52.859    Modules scanning
21:53:12.062    Disk 0 trace - called modules:
21:53:12.093    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
21:53:12.093    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a841ab8]
21:53:12.093    3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8a8d0858]
21:53:12.093    5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a8834c8]
21:53:12.921    AVAST engine scan C:\WINDOWS
21:54:07.609    AVAST engine scan C:\WINDOWS\system32
22:00:15.843    AVAST engine scan C:\WINDOWS\system32\drivers
22:01:29.453    AVAST engine scan C:\Dokumente und Einstellungen\Rainer
22:21:28.734    AVAST engine scan C:\Dokumente und Einstellungen\All Users
22:30:10.671    Scan finished successfully
01:29:03.890    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rainer\Eigene Dateien\MBR.dat"
01:29:03.890    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rainer\Eigene Dateien\aswMBR.txt"
01:30:20.203    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rainer\Desktop\MBR.dat"
01:30:20.218    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rainer\Desktop\aswMBR.txt"

Alt 14.07.2012, 13:42   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner auf Win XP - Standard

GVU Trojaner auf Win XP


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.07.2012, 16:41   #23
fizze
 
GVU Trojaner auf Win XP - Standard

GVU Trojaner auf Win XP


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.14.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rainer :: CHILLI [Administrator]

Schutz: Aktiviert

14.07.2012 15:16:55
mbam-log-2012-07-14 (15-54-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 359400
Laufzeit: 34 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Dokumente und Einstellungen\Rainer\Startmenü\Programme\Autostart\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/14/2012 at 05:27 PM

Application Version : 5.5.1012

Core Rules Database Version : 8901
Trace Rules Database Version: 6713

Scan type       : Complete Scan
Total Scan Time : 00:54:29

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 535
Memory threats detected   : 0
Registry items scanned    : 35378
Registry threats detected : 0
File items scanned        : 140672
File threats detected     : 1

Trojan.Agent/Gen-KillFiles
	C:\DOKUMENTE UND EINSTELLUNGEN\RAINER\EIGENE DATEIEN\SOFTWARE\YAR-MATEY!_PLAYLIST_COPIER_V1_11.EXE

Alt 14.07.2012, 19:51   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner auf Win XP - Standard

GVU Trojaner auf Win XP


Zitat:
C:\DOKUMENTE UND EINSTELLUNGEN\RAINER\EIGENE DATEIEN\SOFTWARE\YAR-MATEY!_PLAYLIST_COPIER_V1_11.EXE
Was genau soll das sein?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.07.2012, 23:49   #25
fizze
 
GVU Trojaner auf Win XP - Standard

GVU Trojaner auf Win XP


Yar-Matey ist eine software, die in Winamp eine Zufallsplaylist erstellt, indem sie eine zusätzliche nummer vor die vorher erstellte randomplaylist in winamp stellt. Damit kann dann eine dvd oder cd gebrannt werden und man hat eine scheinbar zufällige Abfolge der mp3s. Ich hoffe, dass ich mich einigermassen verständlich ausgedrückt habe.

Alt 15.07.2012, 16:17   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner auf Win XP - Standard

GVU Trojaner auf Win XP


Dann wird das ein Fehlalarm sein.

Keine Funde!
Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.07.2012, 17:25   #27
fizze
 
GVU Trojaner auf Win XP - Standard

GVU Trojaner auf Win XP


Ich erhalte nach dem Start folgende Meldung "rundll" c:\Dokumente~\Rainer\Lokale~1\Temp\O_Ou_I.exe fehlt und kann nicht ausgeführt werden.

Ansonsten scheint alles i.O.

Alt 15.07.2012, 18:50   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner auf Win XP - Standard

GVU Trojaner auf Win XP


Kriegen wir auch noch weg!

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.07.2012, 19:02   #29
fizze
 
GVU Trojaner auf Win XP - Standard

GVU Trojaner auf Win XP


Code:
ATTFilter
OTL logfile created on: 15.07.2012 19:54:59 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\Rainer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,90 Gb Available Physical Memory | 82,93% Memory free
5,34 Gb Paging File | 4,60 Gb Available in Paging File | 86,26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 377,52 Gb Free Space | 81,06% Space Free | Partition Type: NTFS
 
Computer Name: CHILLI | User Name: Rainer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.15 19:53:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rainer\Desktop\OTL.exe
PRC - [2012.07.10 01:38:53 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.06.08 13:02:10 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.06.08 13:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.11.13 12:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009.06.16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008.05.12 09:36:46 | 000,036,949 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD.) -- C:\Programme\TP-LINK\QSS\jswtrayutil.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.29 15:26:00 | 000,028,672 | ---- | M] () -- C:\Programme\TP-LINK\QSS\HwBtnDetector.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.15 19:44:00 | 000,065,024 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.07.15 19:44:00 | 000,052,736 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.07.14 16:02:52 | 000,117,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.07.14 16:02:52 | 000,052,224 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.07.13 09:25:08 | 000,115,137 | ---- | M] () -- C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
MOD - [2012.06.14 19:16:42 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012.06.14 01:39:33 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.06.14 01:38:35 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\4b22dad19a03b0a1cf7b70ff29518693\System.Windows.Forms.ni.dll
MOD - [2012.06.14 01:36:31 | 018,017,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5e234618000edb585e4307e30a5eb085\PresentationFramework.ni.dll
MOD - [2012.06.14 01:36:19 | 011,522,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\334f4a2b874af82700a37098b4b27e50\PresentationCore.ni.dll
MOD - [2012.06.14 01:36:11 | 003,879,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\eca1bc38b28d3caf12dc3f6469c2be90\WindowsBase.ni.dll
MOD - [2012.06.14 01:36:08 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\774be62ce5b089eb7118736d63a8b3e0\System.Drawing.ni.dll
MOD - [2012.06.08 13:02:10 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.06.06 22:46:33 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\54db1da14798f683f534ebbd82f854f2\System.Runtime.Remoting.ni.dll
MOD - [2012.06.06 22:46:14 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\aff6ed56e2b81aadea9fe208e2e50c24\System.Management.ni.dll
MOD - [2012.06.06 22:45:44 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\6e2e6c933b6f13a9bcac17c9a8350f83\System.Xaml.ni.dll
MOD - [2012.06.06 21:05:20 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\39dd00c5ddf4cb228aa4fb864d5f410b\PresentationFramework.Luna.ni.dll
MOD - [2012.06.06 21:03:42 | 007,053,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a77b7b58c3a6b12d8e1d4862a5e4707c\System.Core.ni.dll
MOD - [2012.06.06 21:03:39 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\27db9abf05348711baf8ce46589ea251\System.Xml.ni.dll
MOD - [2012.06.06 21:03:36 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\b8c47ff8eba1c63c4b5d50fe571cac5a\System.Configuration.ni.dll
MOD - [2012.06.06 21:03:34 | 009,091,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\d9f2d9f4d4bda48670bdae6555fec6dd\System.ni.dll
MOD - [2012.06.06 21:03:29 | 014,414,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012.05.11 00:41:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.11 00:20:07 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.11 00:18:47 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.11 00:18:41 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2008.02.29 15:26:00 | 000,028,672 | ---- | M] () -- C:\Programme\TP-LINK\QSS\HwBtnDetector.exe
MOD - [2007.05.11 02:31:33 | 000,921,600 | ---- | M] () -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdistRes.DEU
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.12 20:11:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.17 23:51:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.04 20:52:21 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2011.03.04 20:29:08 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2009.11.13 12:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009.06.16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008.04.16 16:52:18 | 000,356,434 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\TP-LINK\QSS\jswpsapi.exe -- (jswpsapi)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ivusb.sys -- (ivusb)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.23 18:49:30 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012.05.21 04:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudobex.sys -- (ssudobex) SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.)
DRV - [2012.05.21 04:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2012.05.21 04:09:00 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.03.24 21:38:50 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.03.24 21:38:50 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.07.28 05:45:30 | 001,756,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2010.06.22 00:07:39 | 000,091,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010.04.22 16:08:26 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2010.03.26 12:21:26 | 005,883,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.03.08 12:41:48 | 000,220,112 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.11.20 13:15:18 | 000,137,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009.11.20 13:15:16 | 000,058,880 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009.11.18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.02.13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007.08.28 23:46:02 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.11.02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004.09.29 12:21:48 | 000,024,960 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KOBCCEX.sys -- (KOBCCEX)
DRV - [2004.09.27 08:47:20 | 000,118,144 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KOBCCID.sys -- (KOBCCID)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-57989841-2025429265-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-57989841-2025429265-725345543-1004\..\SearchScopes,DefaultScope = {3D61D3CE-1DCE-4739-9828-E285F6BBDCC1}
IE - HKU\S-1-5-21-57989841-2025429265-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-57989841-2025429265-725345543-1004\..\SearchScopes\{3D61D3CE-1DCE-4739-9828-E285F6BBDCC1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-57989841-2025429265-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-57989841-2025429265-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.zkwette.de/gb.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5052 [2011.12.02 19:30:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.17 23:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.13 11:57:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.06.22 01:24:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.04.13 11:57:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5052 [2011.12.02 19:30:31 | 000,000,000 | ---D | M]
 
[2011.03.05 19:11:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Mozilla\Extensions
[2011.03.03 19:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.15 13:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Mozilla\Firefox\Profiles\3eutccku.default\extensions
[2012.07.15 13:36:46 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Mozilla\Firefox\Profiles\3eutccku.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.02.10 20:25:38 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Mozilla\Firefox\Profiles\3eutccku.default\extensions\piclens@cooliris.com
[2012.03.17 21:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.26 22:23:18 | 000,339,843 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\RAINER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\3EUTCCKU.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012.07.06 20:33:43 | 000,743,290 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\RAINER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\3EUTCCKU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.12 17:58:03 | 000,185,600 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\RAINER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\3EUTCCKU.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
[2012.03.13 19:26:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.03.03 00:38:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.12.02 19:30:31 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5052
[2012.06.17 23:51:50 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.03.13 19:26:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.17 23:51:48 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.17 23:51:48 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.17 23:51:48 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 23:51:48 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 23:51:48 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 23:51:48 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Disabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Late Night = C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.07.12 23:04:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-57989841-2025429265-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [HwBtnDetector] C:\Programme\TP-LINK\QSS\HwBtnDetector.exe ()
O4 - HKLM..\Run: [jswtrayutil] C:\Programme\TP-LINK\QSS\jswtrayutil.exe (TP-LINK TECHNOLOGIES CO., LTD.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-57989841-2025429265-725345543-1004..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-57989841-2025429265-725345543-1004..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-2025429265-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-2025429265-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-57989841-2025429265-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-57989841-2025429265-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267567107812 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DA2B623-A09B-4900-9183-B77E670761B5}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "gupdate"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WDDMStatus.lnk - C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe - (WDC)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WDSmartWare.lnk - C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe - (Western Digital)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\Programme\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AF282BDB-573A-11DC-196F-2EA223DBDD13} - Internet Explorer
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E7FB8233-BC4B-1CE8-C719-3085E48063C5} - Browser Customizations
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.15 19:53:48 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rainer\Desktop\OTL.exe
[2012.07.15 18:26:25 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Rainer\Recent
[2012.07.14 16:32:00 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2012.07.14 16:02:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\SUPERAntiSpyware.com
[2012.07.14 16:01:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2012.07.14 16:00:48 | 018,573,280 | ---- | C] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Rainer\Desktop\SUPERAntiSpyware.exe
[2012.07.13 21:50:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Rainer\Desktop\aswMBR.exe
[2012.07.12 23:17:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.07.12 23:02:46 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2012.07.12 22:59:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.07.12 22:57:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.07.12 22:57:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.07.12 22:57:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.07.12 22:57:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.07.12 22:57:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.12 22:57:23 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos
[2012.07.12 22:57:23 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik
[2012.07.12 22:57:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.07.12 22:55:52 | 004,576,941 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Rainer\Desktop\ComboFix.exe
[2012.07.12 19:08:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.10 23:33:31 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.07.06 21:50:44 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.07.06 20:33:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Malwarebytes
[2012.07.06 20:33:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.07.06 20:33:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.06 20:33:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.07.01 13:24:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\System32
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.15 19:53:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rainer\Desktop\OTL.exe
[2012.07.15 19:43:53 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.15 19:43:51 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012.07.15 19:43:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.15 18:13:00 | 000,001,214 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-2025429265-725345543-1004UA.job
[2012.07.15 18:12:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.15 18:11:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.14 19:13:00 | 000,001,162 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-2025429265-725345543-1004Core.job
[2012.07.14 16:32:03 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.14 16:00:48 | 018,573,280 | ---- | M] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Rainer\Desktop\SUPERAntiSpyware.exe
[2012.07.14 15:14:47 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.14 12:49:00 | 000,496,216 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.14 12:49:00 | 000,475,980 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.14 12:49:00 | 000,092,230 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.14 12:49:00 | 000,077,014 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.14 01:29:03 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Rainer\Eigene Dateien\MBR.dat
[2012.07.13 21:50:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Rainer\Desktop\aswMBR.exe
[2012.07.12 23:04:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.07.12 22:59:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.07.12 22:56:04 | 004,576,941 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Rainer\Desktop\ComboFix.exe
[2012.07.12 20:11:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.07.12 20:11:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.07.10 23:35:28 | 001,566,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.10 23:33:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.09 18:08:58 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.09 17:24:32 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\WavePadReminder.job
[2012.07.09 17:24:23 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2012.07.07 17:04:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.02 22:49:11 | 000,001,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Rainer\Startmenü\Programme\Autostart\ctfmon.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.14 16:01:57 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.14 15:14:47 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.14 01:29:03 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Rainer\Eigene Dateien\MBR.dat
[2012.07.12 22:59:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.07.12 22:59:51 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.07.12 22:57:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.07.12 22:57:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.07.12 22:57:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.07.12 22:57:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.07.12 22:57:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.07.02 22:49:23 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.07.02 22:49:11 | 000,001,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Rainer\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.06.06 01:19:08 | 000,922,968 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-57989841-2025429265-725345543-1004-0.dat
[2012.06.06 01:19:08 | 000,351,158 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012.04.08 23:57:40 | 000,000,434 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.02.16 21:07:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.03.24 21:38:50 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011.03.24 21:38:50 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011.03.06 12:00:27 | 000,000,254 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini
[2011.03.04 20:34:41 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2011.03.03 19:48:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.03.02 20:55:49 | 000,021,504 | ---- | C] () -- C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.07.01 16:39:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Adobe
[2012.07.14 14:26:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\ALFBanCo3
[2011.03.13 11:51:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Amazon
[2011.03.04 20:18:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\AVS4YOU
[2011.10.09 19:07:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\BOM
[2012.06.02 15:52:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\EDrawings
[2012.07.02 00:48:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\FileZilla
[2011.03.20 18:06:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Google
[2010.03.02 19:54:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Identities
[2011.03.03 19:37:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Macromedia
[2012.07.06 20:33:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Malwarebytes
[2012.04.28 01:03:05 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Microsoft
[2011.03.05 19:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Mozilla
[2012.05.08 23:12:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Mp3tag
[2012.07.09 17:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\NCH Software
[2012.06.05 13:42:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Samsung
[2011.03.07 18:20:15 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\SecuROM
[2011.03.10 20:46:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Sun
[2012.07.14 16:02:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\SUPERAntiSpyware.com
[2011.03.03 19:48:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Thunderbird
[2011.03.24 21:41:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Ubisoft
[2012.07.01 14:34:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\uTorrent
[2012.03.25 14:03:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\vlc
[2011.08.17 17:25:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Weaverslave
[2011.03.04 20:04:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Western Digital
[2011.04.02 21:51:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Winamp
[2011.03.04 20:12:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.03.06 21:31:39 | 000,172,336 | ---- | M] () -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Mozilla\Firefox\Profiles\3eutccku.default\FlashGot.exe
[2012.02.06 14:07:28 | 000,425,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Mozilla\Firefox\Profiles\3eutccku.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
[2012.02.06 14:07:28 | 000,545,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Mozilla\Firefox\Profiles\3eutccku.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
[2012.05.29 18:17:52 | 000,958,392 | ---- | M] (Samsung) -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2012.05.29 18:17:54 | 000,278,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2012.05.29 18:17:54 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2012.05.29 18:18:02 | 000,067,512 | ---- | M] (Samsung) -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2012.05.29 18:18:04 | 000,183,736 | ---- | M] () -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.05.29 18:18:06 | 000,021,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2012.05.29 18:18:08 | 003,570,352 | ---- | M] (Freeware) -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2012.05.29 18:18:10 | 000,371,128 | ---- | M] (ml) -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.06.08 13:02:14 | 000,371,128 | ---- | M] (ml) -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.03.03 01:02:35 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.03.03 01:02:35 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.03.03 01:02:35 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.03.03 01:02:35 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\erdnt\cache\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2010.03.02 20:42:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.03.02 20:42:13 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.03.02 20:42:13 | 000,462,848 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          Schliesse bitte nun alle Programme. (Wichtig)  >

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 15.07.2012 19:54:59 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\Rainer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,90 Gb Available Physical Memory | 82,93% Memory free
5,34 Gb Paging File | 4,60 Gb Available in Paging File | 86,26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 377,52 Gb Free Space | 81,06% Space Free | Partition Type: NTFS
 
Computer Name: CHILLI | User Name: Rainer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-57989841-2025429265-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4444:TCP" = 4444:TCP:*:Enabled:FileZilla
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Winamp\winamp.exe" = C:\Programme\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = C:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Anno4Web -- ()
"C:\Programme\FileZilla FTP Client\filezilla.exe" = C:\Programme\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0422.2
"{3ECA0079-088F-4E69-B66A-65D5E687B092}" = KOBIL Chipkartenterminal Treiber V1.9.4s  Build: 20050209.1 
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{46548E80-0407-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B1A270C-6126-4617-9F2C-CA07889AB4AF}" = QSS-Installationsprogramm
"{7C9C4474-74D6-42F4-A6D3-C9BD5C8871D3}" = Anno 1404
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AFC39E22-39C8-4C3E-895D-B9D2B3144E74}" = TP-LINK Wireless Client Utility
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C780F62F-7921-480D-8AD6-3B4F6DEE0610}_is1" = Stereographic Suite 2.0
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAB611A6-6460-4134-92E0-61435FD50018}" = QSS-Installationsprogramm
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe GoLive CS2 Deutsch" = Adobe GoLive CS2 Deutsch
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"Alf-BanCo3_is1" = ALF-BanCo 3
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"AVS Audio Editor_is1" = AVS Audio Editor version 7.0
"Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 5.3.0.0
"CloneCD" = CloneCD
"Enable S3 for USB Device" = Enable S3 for USB Device
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FileZilla Client" = FileZilla Client 3.5.3
"hp deskjet 970c series" = hp deskjet 970c series (nur entfernen)
"hp deskjet 970c series_Driver" = hp deskjet 970c series
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.50
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Switch" = Switch Sound File Converter
"uTorrent" = µTorrent
"WavePad" = WavePad Sound Editor
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-57989841-2025429265-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.07.2012 12:58:41 | Computer Name = CHILLI | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 12.07.2012 13:10:19 | Computer Name = CHILLI | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 12.07.2012 17:03:54 | Computer Name = CHILLI | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 13.07.2012 03:25:03 | Computer Name = CHILLI | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 13.07.2012 12:12:42 | Computer Name = CHILLI | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 14.07.2012 06:44:59 | Computer Name = CHILLI | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 14.07.2012 09:15:51 | Computer Name = CHILLI | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 14.07.2012 18:42:07 | Computer Name = CHILLI | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 15.07.2012 07:12:36 | Computer Name = CHILLI | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 15.07.2012 13:43:50 | Computer Name = CHILLI | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
[ System Events ]
Error - 10.07.2012 14:41:47 | Computer Name = CHILLI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "WMI-Leistungsadapter" wurde mit folgendem Fehler beendet:
   %%2147500037
 
Error - 12.07.2012 13:08:32 | Computer Name = CHILLI | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 12.07.2012 13:08:32 | Computer Name = CHILLI | Source = Service Control Manager | ID = 7034
Description = Dienst "##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" wurde
 unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error - 12.07.2012 13:08:32 | Computer Name = CHILLI | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 12.07.2012 13:08:32 | Computer Name = CHILLI | Source = Service Control Manager | ID = 7034
Description = Dienst "WD SmartWare Background Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 12.07.2012 13:08:32 | Computer Name = CHILLI | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 12.07.2012 13:08:32 | Computer Name = CHILLI | Source = Service Control Manager | ID = 7034
Description = Dienst "WD SmartWare Drive Manager" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 14.07.2012 06:45:04 | Computer Name = CHILLI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "WMI-Leistungsadapter" wurde mit folgendem Fehler beendet:
   %%2147500037
 
Error - 14.07.2012 10:31:50 | Computer Name = CHILLI | Source = PlugPlayManager | ID = 11
Description = Das Gerät "Root\LEGACY_SASKUTIL\0000" wurde ohne vorbereitende Maßnahmen
 vom System entfernt.
 
Error - 14.07.2012 10:32:22 | Computer Name = CHILLI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SASDIFSV" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%183
 
 
< End of report >

Alt 15.07.2012, 20:17   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner auf Win XP - Standard

GVU Trojaner auf Win XP


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
FF - user.js - File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-2025429265-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-2025429265-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-57989841-2025429265-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-57989841-2025429265-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
[2011.12.02 19:30:31 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5052
:Files
C:\WINDOWS\SYSTEM32\5052
C:\WINDOWS\System32\System32
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 3 1 2 3

Themen zu GVU Trojaner auf Win XP
compu, computer, datei, erstell, erstellt, extras.txt, falsch, gvu trojaner, gvu trojaner entfernen windows xp, java/exploit.cve-2012-0507.ch, java/exploit.cve-2012-0507.cp, otl.txt, otlpe, pup.bundleinstaller.bi, pup.toolbardownloader, scan, scanne, scannen, spyware.zbot.dg, troja, trojan.agent/gen-killfiles, trojan.ransom.gen, trojaner, win, win xp


« GVU TROJANER mit Webcam | BKA Trojaner System vollständig blockiert »


Zum Thema GVU Trojaner auf Win XP - Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis : Bitte den Virenscanner abstellen bevor du den - GVU Trojaner auf Win XP...
Archiv
Du betrachtest: GVU Trojaner auf Win XP auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131