Bundespolizei-Trojaner mit Windows-Systemwiederherstellung bearbeitet ?

Krifi · 12.09.2012, 18:22

Inhalt der OTL.txt:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 12.09.2012 18:39:55 - Run 2
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Dokumente und Einstellungen\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,48 Mb Total Physical Memory | 427,95 Mb Available Physical Memory | 41,81% Memory free
2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,63% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 196,30 Gb Total Space | 173,71 Gb Free Space | 88,49% Space Free | Partition Type: NTFS
Drive D: | 269,46 Gb Total Space | 136,52 Gb Free Space | 50,66% Space Free | Partition Type: NTFS
Drive E: | 149,04 Gb Total Space | 145,07 Gb Free Space | 97,34% Space Free | Partition Type: NTFS
Drive I: | 931,51 Gb Total Space | 779,33 Gb Free Space | 83,66% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTOPH | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.12 18:34:41 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.11.04 15:40:06 | 000,687,400 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.09.22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011.09.22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010.01.22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- D:\Programme\- Tools\Sicherheit\Virenschutz\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009.10.24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- D:\Programme\- Medien\Bilder\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009.10.24 04:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- D:\Programme\- Medien\Bilder\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.13 22:16:24 | 000,156,160 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\Programme\USBDLM\USBDLM.exe
PRC - [2004.07.20 19:18:54 | 000,090,112 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.27 22:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2009.11.10 11:26:26 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
MOD - [2008.04.14 08:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005.01.06 19:33:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.09 08:12:16 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.11.04 15:40:06 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.09.22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010.01.22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- D:\Programme\- Tools\Sicherheit\Virenschutz\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010.01.18 15:14:24 | 001,141,712 | ---- | M] (PC Tools) [Disabled | Stopped] -- D:\Programme\- Tools\Sicherheit\Virenschutz\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.12.09 16:23:34 | 000,365,280 | ---- | M] (PC Tools) [Disabled | Stopped] -- D:\Programme\- Tools\Sicherheit\Virenschutz\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009.10.24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- D:\Programme\- Medien\Bilder\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008.11.06 13:37:22 | 000,093,848 | ---- | M] (SiSoftware) [Disabled | Stopped] -- D:\Programme\- Tools\PC-Diagnose\SiSoft\Sandra Lite (Testversion) 2012\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.04.13 22:16:24 | 000,156,160 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) [Auto | Running] -- C:\Programme\USBDLM\USBDLM.exe -- (USBDLM)
SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.02.21 19:10:00 | 000,061,440 | ---- | M] (Cyberlink) [Disabled | Stopped] -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005.02.21 19:09:28 | 000,110,669 | ---- | M] () [Disabled | Stopped] -- D:\Programme\- Medien\Video\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igxpmp32.sys -- (ialm)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HECI.sys -- (HECI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1e5132.sys -- (e1express)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btpmw32.sys -- (BCMTPM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\ArcSec.sys -- (ArcSec)
DRV - [2012.09.12 16:02:01 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.22 08:45:26 | 000,021,624 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- D:\Programme\- Tools\PC-Diagnose\Hardware Info 32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2011.08.09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011.08.04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011.08.04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- D:\Programme\- Tools\Delete\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.09.23 17:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009.09.11 07:47:24 | 000,507,408 | R--- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SkyNET.sys -- (SKYNET)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- D:\Programme\- Tools\PC-Diagnose\SiSoft\Sandra Lite (Testversion) 2012\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.06.19 00:00:00 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.12.18 11:46:34 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007.04.16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007.02.09 16:25:16 | 000,132,736 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007.02.09 16:24:46 | 000,033,632 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2007.02.09 16:24:42 | 000,037,864 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007.01.28 18:13:02 | 000,030,784 | ---- | M] (Avanquest Publishing USA, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AutoSave.sys -- (AutoSave)
DRV - [2006.10.20 21:18:52 | 000,243,200 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netr70.sys -- (rt70x86)
DRV - [2006.09.12 21:21:46 | 000,292,864 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2006.08.21 23:38:46 | 000,007,168 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2006.02.21 20:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.05.12 14:39:56 | 001,287,296 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2004.01.16 14:02:58 | 000,017,408 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2001.08.17 13:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd.                                               ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-4174451169-4212436407-2930069656-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4174451169-4212436407-2930069656-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4174451169-4212436407-2930069656-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4174451169-4212436407-2930069656-1003\..\SearchScopes\{63E632EA-D548-4C38-892B-2BAC75105F3B}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKU\S-1-5-21-4174451169-4212436407-2930069656-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4174451169-4212436407-2930069656-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\- Medien\Musik\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\Programme\- Medien\Video\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Programme\- Verbindungen\Mozilla\Firefox\components [2012.09.09 08:12:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Programme\- Verbindungen\Mozilla\Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: D:\Programme\- Verbindungen\Mozilla\Sunbird\components [2012.02.15 09:33:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: D:\Programme\- Verbindungen\Mozilla\Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: D:\Programme\- Verbindungen\Mozilla\Thunderbird\components [2012.08.05 11:57:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: D:\Programme\- Verbindungen\Mozilla\Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programme\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.05.12 16:21:07 | 000,000,000 | ---D | M]
 
[2012.02.15 09:33:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions
[2011.10.29 23:14:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.15 09:33:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012.05.03 10:56:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ds50yqgc.default\extensions
[2012.02.15 09:33:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Sunbird\Profiles\xkmt236k.default\extensions
 
O1 HOSTS File: ([2011.11.01 09:41:59 | 000,437,963 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15063 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\Programme\- Tools\Sicherheit\Virenschutz\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4174451169-4212436407-2930069656-1003\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Programme\- Tools\Sicherheit\Virenschutz\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [egui] C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [emMON] C:\WINDOWS\emMON.exe (eMPIA Technology, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PMBVolumeWatcher] D:\Programme\- Medien\Bilder\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Server4PC.lnk = D:\Programme\- Medien\TV\TechniSat DVB\bin\Server4PC.exe (TechniSat Digital, S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4174451169-4212436407-2930069656-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - D:\Programme\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343629014934 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D57BF19-713E-4FB9-887C-9E19AED13294}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D7D691F-B6F6-4588-B7D7-3AA60BCD98B1}: DhcpNameServer = 192.168.200.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3B8ED86-23B5-42E1-96EB-0B26CAA4D69E}: DhcpNameServer = 192.168.200.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFB23303-CFEF-4FE7-B27B-3BC37216F94F}: DhcpNameServer = 192.168.200.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.20 12:31:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.09.04 13:08:14 | 000,000,183 | ---- | M] () - I:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "ATI Smart"
MsConfig - Services: "Ati HotKey Poller"
MsConfig - Services: "sdCoreService"
MsConfig - Services: "sdAuxService"
MsConfig - Services: "Sophos AutoUpdate Service"
MsConfig - Services: "SAVService"
MsConfig - Services: "SAVAdminService"
MsConfig - Services: "SandraAgentSrv"
MsConfig - Services: "iPod Service"
MsConfig - Services: "CyberLink Media Library Service"
MsConfig - Services: "CLSched"
MsConfig - Services: "CLCapSvc"
MsConfig - Services: "BthServ"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoUpdate Monitor.lnk -  - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^phase-6 Reminder.lnk - D:\Programme\- Luca\Lernen\Phase6\phase-6\reminder\reminder.exe - (phase-6)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^User^Startmenü^Programme^Autostart^Microsoft-Indexerstellung.lnk - D:\Programme\Microsoft Office 97\Office\FINDFAST.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^User^Startmenü^Programme^Autostart^Office-Start.lnk - D:\Programme\Microsoft Office 97\Office\OSA.EXE - ()
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AutoSave - hkey= - key= - C:\Programme\Avanquest\AutoSave\AutoSave.exe (Avanquest Publishing USA, Inc.)
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= -  File not found
MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= -  File not found
MsConfig - StartUpReg: IFXSPMGT - hkey= - key= -  File not found
MsConfig - StartUpReg: ISTray - hkey= - key= - D:\Programme\- Tools\Sicherheit\Virenschutz\Spyware Doctor\pctsTray.exe (PC Tools)
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: PCMService - hkey= - key= - D:\Programme\- Medien\Video\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig - StartUpReg: RemoteControl - hkey= - key= - D:\Programme\- Medien\Video\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: RSD_HDDThermo - hkey= - key= - D:\Programme\- Tools\Festplatten\HDD Thermometer\HDD Thermometer.exe ()
MsConfig - StartUpReg: SkyTel - hkey= - key= -  File not found
MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - D:\Programme\- Tools\Delete\Unlocker\UnlockerAssistant.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.12 18:35:01 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe
[2012.09.03 17:13:07 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.09.03 12:51:43 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\User\Recent
[2012.08.31 10:38:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.08.31 10:38:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.08.31 10:36:01 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.31 10:29:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Revo Uninstaller
[2012.08.30 15:11:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes
[2012.08.30 15:11:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.08.29 12:23:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Sun
[2012.08.29 10:48:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java(2)
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.12 18:50:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FF2BE2C1-382A-498D-BB9B-A00CC06525AD}.job
[2012.09.12 18:34:41 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe
[2012.09.12 16:03:09 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.12 16:02:01 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2012.09.12 16:01:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.12 14:26:31 | 000,008,511 | ---- | M] () -- C:\WINDOWS\User8.xlb
[2012.09.10 09:55:55 | 000,512,399 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\adwcleaner.exe
[2012.09.07 10:15:08 | 000,029,184 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.05 17:39:16 | 000,000,147 | ---- | M] () -- C:\WINDOWS\KTEL.INI
[2012.09.05 17:07:35 | 000,000,155 | ---- | M] () -- C:\Dokumente und Einstellungen\User\default.pls
[2012.09.05 17:07:31 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.09.03 17:11:20 | 000,492,640 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.03 17:11:20 | 000,473,010 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.03 17:11:20 | 000,091,154 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.03 17:11:20 | 000,076,104 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.01 12:29:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.08.31 10:38:49 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.31 10:36:02 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.31 10:29:05 | 000,000,853 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Revo Uninstaller.lnk
[2012.08.30 21:36:16 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Defogger.exe
[2012.08.29 13:22:25 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.08.15 14:49:52 | 000,203,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.10 09:56:29 | 000,512,399 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\adwcleaner.exe
[2012.08.31 10:38:49 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.30 21:36:39 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Defogger.exe
[2012.06.06 11:42:04 | 000,008,969 | ---- | C] () -- C:\Dokumente und Einstellungen\User\.recently-used.xbel
[2012.05.27 08:24:41 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2012.03.20 21:43:27 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2012.02.29 11:27:13 | 000,000,001 | R--- | C] () -- C:\Dokumente und Einstellungen\User\serverport
[2012.02.15 14:20:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.17 09:28:48 | 000,000,155 | ---- | C] () -- C:\Dokumente und Einstellungen\User\default.pls
[2012.01.16 22:44:42 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.12.14 12:10:30 | 000,029,184 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.23 17:42:52 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2011.11.23 17:42:48 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2011.11.23 10:19:43 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011.11.22 13:02:35 | 000,000,278 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2011.11.22 13:02:33 | 000,024,992 | ---- | C] () -- C:\WINDOWS\CTRES.DLL
[2011.11.22 12:24:03 | 011,272,192 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sandra.mdb
[2011.11.22 10:24:28 | 001,456,640 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\Falk Navi-Manager.msi
[2011.11.22 10:16:49 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\$_hpcst$.hpc
[2011.11.15 00:03:34 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2011.11.15 00:03:05 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2011.11.13 14:24:40 | 000,013,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2011.11.13 14:24:39 | 004,244,992 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2011.11.13 14:24:39 | 000,247,808 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2011.11.13 14:24:39 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2011.11.02 02:12:02 | 004,161,042 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-4174451169-4212436407-2930069656-1003-0.dat
[2011.11.02 01:19:25 | 000,000,147 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2011.10.31 22:23:38 | 000,000,665 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\enigmarc.lua2
[2011.10.29 21:46:51 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2011.10.29 21:46:50 | 000,000,634 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.10.28 16:45:02 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011.10.28 16:35:33 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011.10.28 15:47:41 | 000,000,269 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2011.10.28 15:40:42 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2011.10.22 18:38:46 | 000,219,114 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.07.07 23:37:28 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011.01.31 19:02:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.11.13 15:07:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2011.11.21 12:51:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CMUV
[2012.05.12 16:20:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET
[2012.02.10 09:46:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2012.09.12 16:10:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HDD Thermometer
[2011.03.23 16:29:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Infineon
[2011.11.23 16:54:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Phase6
[2011.11.22 13:47:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
[2011.11.21 12:35:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Technisat
[2012.09.12 16:02:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.11.30 16:56:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.11.15 00:52:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander
[2011.11.21 22:38:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Luca\Anwendungsdaten\ProtectDisc
[2011.11.15 00:06:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\X10 Commander
[2011.11.23 17:43:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ACD Systems
[2012.05.16 11:14:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Amazon
[2011.12.05 11:08:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\bhv-Edu
[2011.11.22 12:12:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\celeco
[2011.11.30 15:25:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\DVDVideoSoft
[2011.10.31 22:23:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Enigma
[2011.11.30 16:15:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\FreeAudioPack
[2011.10.29 07:18:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\GHISLER
[2012.05.18 15:39:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\gtk-2.0
[2011.11.21 10:51:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\HDD Thermometer
[2011.03.23 16:29:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Infineon
[2011.11.02 01:19:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\klickTel
[2011.11.23 16:52:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Phase6
[2011.11.21 22:40:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ProtectDisc
[2012.01.18 22:10:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Smart PDF Converter Pro
[2011.10.29 23:14:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Thunderbird
[2011.12.05 10:58:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\VST0708
[2012.09.12 18:50:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF2BE2C1-382A-498D-BB9B-A00CC06525AD}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.23 17:43:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ACD Systems
[2011.01.31 13:46:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Adobe
[2012.04.18 16:00:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Ahead
[2012.05.16 11:14:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Amazon
[2012.01.14 22:49:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Apple Computer
[2011.12.05 11:08:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\bhv-Edu
[2011.11.22 12:12:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\celeco
[2011.11.15 00:23:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\CyberLink
[2011.11.30 15:25:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\DVDVideoSoft
[2011.10.31 22:23:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Enigma
[2011.11.30 16:15:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\FreeAudioPack
[2011.10.29 07:18:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\GHISLER
[2011.10.31 22:32:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Google
[2012.05.18 15:39:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\gtk-2.0
[2011.11.21 10:51:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\HDD Thermometer
[2011.10.29 21:21:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Help
[2010.03.20 12:37:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Identities
[2011.03.23 16:29:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Infineon
[2011.10.22 11:26:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\InstallShield
[2011.11.02 01:19:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\klickTel
[2011.01.31 13:27:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Macromedia
[2012.08.30 15:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes
[2012.01.18 22:02:08 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft
[2012.02.15 09:33:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla
[2012.04.18 15:53:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nero
[2011.11.23 10:16:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\PC Tools
[2011.11.23 16:52:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Phase6
[2011.11.21 22:40:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ProtectDisc
[2011.11.23 16:47:11 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\SecuROM
[2012.01.18 22:10:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Smart PDF Converter Pro
[2011.11.29 17:26:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sony Corporation
[2010.03.20 16:02:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun
[2011.10.29 23:14:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Thunderbird
[2011.12.01 10:47:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\vlc
[2011.12.05 10:58:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\VST0708
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0024\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0042\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0043\DriverFiles\i386\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2010.03.20 20:20:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.03.20 20:20:12 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.03.20 20:20:12 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34
@Alternate Data Stream - 158 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8

< End of report >

--- --- ---
[/code]

cosinus · 12.09.2012, 20:50

Ist das ein Büro-PC/Firmenrechner?

Krifi · 12.09.2012, 23:13

Bis vor 4 Jahren wurde der Rechner privat und gewerblich genutzt, seitdem nur noch privat. Aber die Daten sind schon noch drauf.

cosinus · 13.09.2012, 15:44

Firmenrechner werden hier eigentlich nicht bereinigt - ob du den nur rein privat nutzt lässt sich nicht verifizieren

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:

3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

Krifi · 13.09.2012, 20:54

Sorry - das war mir so nicht bekannt.
Erst mal richtig lesen wäre sicher besser !!!

Aber trotz allem:
Für Kleinunternehmen (zeitweise bis zu 2 Mitarbeiter, aber weit und breit keine IT-Abteilung !) würdet Ihr ja offenbar evtl. Ausnahmen machen, abgesehen davon, dass das Gewerbe seit 4 Jahren nicht mehr besteht.
Darüber hinaus habe ich keine Bankgeschäfte über den Rechner abgewickelt und außerdem darauf geachtet, das keinerlei persönliche Angaben in den Log-Files stehen.
Allerdings muß ich zugeben, das ich ehrlich gesagt auch nicht nachvollziehen kann, wie Ihr angesichts der gesendeten Log-Files überhaupt auf die Möglichkeit eines Betriebs-Rechners gekommen seid.

Wie dem auch sei:
Heißt das jetzt, das die Hilfe an dieser Stelle eingestellt wird und ich das ganze System neu aufsetzen soll ???

Gruß
Christoph

cosinus · 14.09.2012, 14:05

Zitat:

wie Ihr angesichts der gesendeten Log-Files überhaupt auf die Möglichkeit eines Betriebs-Rechners gekommen seid.

Wir kennen uns mit den Logs schon aus und wissen wie etwas zu interpretieren ist

Ich mach aber natürlich eine Ausnahme

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
O3 - HKLM\..\Toolbar: (no name) - !{472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4174451169-4212436407-2930069656-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.20 12:31:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.09.04 13:08:14 | 000,000,183 | ---- | M] () - I:\autorun.inf -- [ NTFS ]
@Alternate Data Stream - 95 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34
@Alternate Data Stream - 158 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
:Files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{*
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\LHkYIvVc*
D:\RECYCLER\S-1-5-21-4174451169-4212436407-2930069656-1003
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Krifi · 14.09.2012, 23:39

Hallo cosinus
- - - DANKE - - - für´s weitermachen
hatte schon schlimmste Befürchtungen ...

Hier das OTL-Log:

Code:

ATTFilter

 All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4174451169-4212436407-2930069656-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
I:\autorun.inf moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 deleted successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache folder moved successfully.
File\Folder C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\LHkYIvVc* not found.
D:\RECYCLER\S-1-5-21-4174451169-4212436407-2930069656-1003\Dd40 folder moved successfully.
D:\RECYCLER\S-1-5-21-4174451169-4212436407-2930069656-1003\Dd251 folder moved successfully.
D:\RECYCLER\S-1-5-21-4174451169-4212436407-2930069656-1003\Dd250 folder moved successfully.
D:\RECYCLER\S-1-5-21-4174451169-4212436407-2930069656-1003\Dd249 folder moved successfully.
D:\RECYCLER\S-1-5-21-4174451169-4212436407-2930069656-1003\Dd169 folder moved successfully.
D:\RECYCLER\S-1-5-21-4174451169-4212436407-2930069656-1003\Dd133 folder moved successfully.
D:\RECYCLER\S-1-5-21-4174451169-4212436407-2930069656-1003 folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\User\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temporary Internet Files folder emptied: 32768 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Internet
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 187432 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 71201343 bytes
->Flash cache emptied: 506 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33664 bytes
 
User: Luca
->Temp folder emptied: 32714 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6710871 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65687069 bytes
 
User: User
->Temp folder emptied: 1053563082 bytes
->Temporary Internet Files folder emptied: 7035236 bytes
->Java cache emptied: 56940 bytes
->FireFox cache emptied: 65877316 bytes
->Flash cache emptied: 7607 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2241700 bytes
%systemroot%\System32 .tmp files removed: 2673703 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2109756463 bytes
RecycleBin emptied: 10703309 bytes
 
Total Files Cleaned = 3.239,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.3 log created on 09152012_002956

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\WCESLog.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 15.09.2012, 13:28

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Krifi · 16.09.2012, 10:55

TDSS-Killer Log/Report:

Code:

ATTFilter

 11:34:58.0125 0444  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
11:34:58.0234 0444  ============================================================
11:34:58.0234 0444  Current date / time: 2012/09/16 11:34:58.0234
11:34:58.0234 0444  SystemInfo:
11:34:58.0234 0444  
11:34:58.0234 0444  OS Version: 5.1.2600 ServicePack: 3.0
11:34:58.0234 0444  Product type: Workstation
11:34:58.0234 0444  ComputerName: CHRISTOPH
11:34:58.0234 0444  UserName: User
11:34:58.0234 0444  Windows directory: C:\WINDOWS
11:34:58.0234 0444  System windows directory: C:\WINDOWS
11:34:58.0234 0444  Processor architecture: Intel x86
11:34:58.0234 0444  Number of processors: 2
11:34:58.0234 0444  Page size: 0x1000
11:34:58.0234 0444  Boot type: Normal boot
11:34:58.0234 0444  ============================================================
11:34:59.0500 0444  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:34:59.0500 0444  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:34:59.0515 0444  Drive \Device\Harddisk2\DR5 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:35:06.0359 0444  ============================================================
11:35:06.0359 0444  \Device\Harddisk0\DR0:
11:35:06.0359 0444  MBR partitions:
11:35:06.0359 0444  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1889849A
11:35:06.0375 0444  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18898518, BlocksNum 0x21AEC729
11:35:06.0375 0444  \Device\Harddisk1\DR1:
11:35:06.0375 0444  MBR partitions:
11:35:06.0375 0444  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
11:35:06.0375 0444  \Device\Harddisk2\DR5:
11:35:06.0375 0444  MBR partitions:
11:35:06.0375 0444  \Device\Harddisk2\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
11:35:06.0375 0444  ============================================================
11:35:06.0421 0444  C: <-> \Device\Harddisk0\DR0\Partition1
11:35:06.0437 0444  D: <-> \Device\Harddisk0\DR0\Partition2
11:35:06.0453 0444  E: <-> \Device\Harddisk1\DR1\Partition1
11:35:06.0484 0444  I: <-> \Device\Harddisk2\DR5\Partition1
11:35:06.0484 0444  ============================================================
11:35:06.0484 0444  Initialize success
11:35:06.0484 0444  ============================================================
11:47:58.0890 1292  ============================================================
11:47:58.0890 1292  Scan started
11:47:58.0890 1292  Mode: Manual; SigCheck; TDLFS; 
11:47:58.0890 1292  ============================================================
11:48:05.0921 1292  ================ Scan system memory ========================
11:48:05.0937 1292  System memory - ok
11:48:05.0937 1292  ================ Scan services =============================
11:48:06.0015 1292  Abiosdsk - ok
11:48:06.0031 1292  abp480n5 - ok
11:48:06.0062 1292  [ A6FE70357A68AD1E279CD1012419CCE6 ] acedrv11        C:\WINDOWS\system32\drivers\acedrv11.sys
11:48:06.0296 1292  acedrv11 - ok
11:48:06.0359 1292  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:48:07.0093 1292  ACPI - ok
11:48:07.0125 1292  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
11:48:07.0265 1292  ACPIEC - ok
11:48:07.0281 1292  adpu160m - ok
11:48:07.0296 1292  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:48:07.0437 1292  aec - ok
11:48:07.0468 1292  [ 023867B6606FBABCDD52E089C4A507DA ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:48:07.0484 1292  AegisP ( UnsignedFile.Multi.Generic ) - warning
11:48:07.0484 1292  AegisP - detected UnsignedFile.Multi.Generic (1)
11:48:07.0515 1292  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:48:07.0562 1292  AFD - ok
11:48:07.0562 1292  Aha154x - ok
11:48:07.0562 1292  aic78u2 - ok
11:48:07.0578 1292  aic78xx - ok
11:48:07.0609 1292  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:48:07.0734 1292  Alerter - ok
11:48:07.0765 1292  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
11:48:07.0875 1292  ALG - ok
11:48:07.0890 1292  AliIde - ok
11:48:07.0906 1292  [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM          C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
11:48:07.0984 1292  AmdPPM - ok
11:48:08.0000 1292  amsint - ok
11:48:08.0062 1292  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:48:08.0078 1292  Apple Mobile Device - ok
11:48:08.0125 1292  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
11:48:08.0296 1292  AppMgmt - ok
11:48:08.0296 1292  ArcSec - ok
11:48:08.0343 1292  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:48:08.0484 1292  Arp1394 - ok
11:48:08.0500 1292  asc - ok
11:48:08.0500 1292  asc3350p - ok
11:48:08.0500 1292  asc3550 - ok
11:48:08.0578 1292  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:48:08.0593 1292  aspnet_state - ok
11:48:08.0625 1292  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:48:08.0750 1292  AsyncMac - ok
11:48:08.0781 1292  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:48:08.0906 1292  atapi - ok
11:48:08.0921 1292  Atdisk - ok
11:48:08.0968 1292  [ BBA22521D24625C7A7B8D57FB20A812E ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:48:09.0093 1292  Ati HotKey Poller - ok
11:48:09.0140 1292  [ 07AC9A98EA70B5A6655A5797174BD282 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:48:09.0250 1292  ati2mtag - ok
11:48:09.0250 1292  AtiHDAudioService - ok
11:48:09.0281 1292  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:48:09.0406 1292  Atmarpc - ok
11:48:09.0437 1292  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:48:09.0562 1292  AudioSrv - ok
11:48:09.0593 1292  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:48:09.0718 1292  audstub - ok
11:48:09.0750 1292  [ C5243DF05D97A32FD65EA6CD8420C7DB ] AutoSave        C:\WINDOWS\system32\drivers\AutoSave.sys
11:48:09.0765 1292  AutoSave - ok
11:48:09.0796 1292  [ 58911390115465BF6D8048F21F48655A ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:48:09.0859 1292  b57w2k - ok
11:48:09.0875 1292  BCMTPM - ok
11:48:09.0890 1292  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:48:10.0031 1292  Beep - ok
11:48:10.0062 1292  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:48:10.0203 1292  BITS - ok
11:48:10.0203 1292  BlueletAudio - ok
11:48:10.0250 1292  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
11:48:10.0281 1292  Bonjour Service - ok
11:48:10.0312 1292  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
11:48:10.0359 1292  Browser - ok
11:48:10.0515 1292  [ 21FA3E51618FF8E2F4B29964ABC5884F ] Browser Defender Update Service D:\Programme\- Tools\Sicherheit\Virenschutz\Spyware Doctor\BDT\BDTUpdateService.exe
11:48:10.0531 1292  Browser Defender Update Service - ok
11:48:10.0531 1292  BT - ok
11:48:10.0546 1292  Btcsrusb - ok
11:48:10.0578 1292  [ B279426E3C0C344893ED78A613A73BDE ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
11:48:10.0703 1292  BthEnum - ok
11:48:10.0703 1292  BTHidEnum - ok
11:48:10.0718 1292  BTHidMgr - ok
11:48:10.0750 1292  [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
11:48:10.0875 1292  BthPan - ok
11:48:10.0906 1292  [ 592E1CEDBE314D0EF184DC6F46141E76 ] BTHPORT         C:\WINDOWS\system32\Drivers\BTHport.sys
11:48:10.0984 1292  BTHPORT - ok
11:48:11.0000 1292  [ 26C601EF7525E31379744ABFC6F35A1B ] BthServ         C:\WINDOWS\System32\bthserv.dll
11:48:11.0140 1292  BthServ - ok
11:48:11.0156 1292  [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB          C:\WINDOWS\system32\Drivers\BTHUSB.sys
11:48:11.0296 1292  BTHUSB - ok
11:48:11.0312 1292  [ 66B71DD7794D3B8A88CCB645896D3E53 ] CardReaderFilter C:\WINDOWS\system32\Drivers\USBCRFT.SYS
11:48:11.0328 1292  CardReaderFilter ( UnsignedFile.Multi.Generic ) - warning
11:48:11.0328 1292  CardReaderFilter - detected UnsignedFile.Multi.Generic (1)
11:48:11.0328 1292  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:48:11.0468 1292  cbidf2k - ok
11:48:11.0500 1292  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:48:11.0609 1292  CCDECODE - ok
11:48:11.0625 1292  cd20xrnt - ok
11:48:11.0640 1292  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:48:11.0765 1292  Cdaudio - ok
11:48:11.0812 1292  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:48:11.0937 1292  Cdfs - ok
11:48:11.0984 1292  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:48:12.0015 1292  Cdrom - ok
11:48:12.0015 1292  Changer - ok
11:48:12.0046 1292  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:48:12.0187 1292  CiSvc - ok
11:48:12.0203 1292  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:48:12.0359 1292  ClipSrv - ok
11:48:12.0375 1292  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:48:12.0421 1292  clr_optimization_v2.0.50727_32 - ok
11:48:12.0453 1292  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:48:12.0468 1292  clr_optimization_v4.0.30319_32 - ok
11:48:12.0640 1292  [ 928114CE92E00948985A1FA36A90CD59 ] CLSched         D:\Programme\- Medien\Video\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
11:48:12.0687 1292  CLSched ( UnsignedFile.Multi.Generic ) - warning
11:48:12.0687 1292  CLSched - detected UnsignedFile.Multi.Generic (1)
11:48:12.0687 1292  CmdIde - ok
11:48:12.0765 1292  [ D7FCADA6833A0E243CA89C03BD559BD9 ] cmudax          C:\WINDOWS\system32\drivers\cmudax.sys
11:48:12.0890 1292  cmudax - ok
11:48:12.0906 1292  COMSysApp - ok
11:48:12.0906 1292  Cpqarray - ok
11:48:12.0937 1292  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:48:13.0078 1292  CryptSvc - ok
11:48:13.0156 1292  [ F2C1040D9AD1850D12D87923F028BD0F ] CyberLink Media Library Service C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
11:48:13.0171 1292  CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning
11:48:13.0171 1292  CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1)
11:48:13.0187 1292  dac2w2k - ok
11:48:13.0187 1292  dac960nt - ok
11:48:13.0218 1292  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:48:13.0328 1292  DcomLaunch - ok
11:48:13.0359 1292  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:48:13.0484 1292  Dhcp - ok
11:48:13.0531 1292  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:48:13.0656 1292  Disk - ok
11:48:13.0671 1292  dmadmin - ok
11:48:13.0718 1292  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:48:13.0859 1292  dmboot - ok
11:48:13.0859 1292  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:48:14.0000 1292  dmio - ok
11:48:14.0015 1292  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:48:14.0140 1292  dmload - ok
11:48:14.0171 1292  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:48:14.0296 1292  dmserver - ok
11:48:14.0328 1292  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:48:14.0468 1292  DMusic - ok
11:48:14.0484 1292  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:48:14.0578 1292  Dnscache - ok
11:48:14.0609 1292  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:48:14.0734 1292  Dot3svc - ok
11:48:14.0750 1292  dpti2o - ok
11:48:14.0765 1292  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:48:14.0890 1292  drmkaud - ok
11:48:14.0906 1292  e1express - ok
11:48:14.0937 1292  [ 9309C5C9831203436E64CF2AE605C5D7 ] eamon           C:\WINDOWS\system32\DRIVERS\eamon.sys
11:48:14.0953 1292  eamon - ok
11:48:14.0984 1292  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:48:15.0109 1292  EapHost - ok
11:48:15.0140 1292  [ DEFF87F04AB5F6DD5EDF2B80853BBE10 ] ehdrv           C:\WINDOWS\system32\DRIVERS\ehdrv.sys
11:48:15.0171 1292  ehdrv - ok
11:48:15.0250 1292  [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn            C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
11:48:15.0296 1292  ekrn - ok
11:48:15.0312 1292  [ 06C65AC0A703CF8EEA4F284D901A1550 ] epfwtdir        C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
11:48:15.0328 1292  epfwtdir - ok
11:48:15.0343 1292  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:48:15.0484 1292  ERSvc - ok
11:48:15.0515 1292  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
11:48:15.0546 1292  Eventlog - ok
11:48:15.0593 1292  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
11:48:15.0640 1292  EventSystem - ok
11:48:15.0687 1292  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:48:15.0812 1292  Fastfat - ok
11:48:15.0859 1292  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:48:15.0890 1292  FastUserSwitchingCompatibility - ok
11:48:15.0921 1292  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
11:48:16.0046 1292  Fdc - ok
11:48:16.0078 1292  [ 491318D9061E80949988164EF973B315 ] FET5X86V        C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
11:48:16.0093 1292  FET5X86V ( UnsignedFile.Multi.Generic ) - warning
11:48:16.0093 1292  FET5X86V - detected UnsignedFile.Multi.Generic (1)
11:48:16.0093 1292  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:48:16.0234 1292  Fips - ok
11:48:16.0265 1292  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:48:16.0406 1292  Flpydisk - ok
11:48:16.0437 1292  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:48:16.0562 1292  FltMgr - ok
11:48:16.0609 1292  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:48:16.0625 1292  FontCache3.0.0.0 - ok
11:48:16.0640 1292  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:48:16.0765 1292  Fs_Rec - ok
11:48:16.0765 1292  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:48:16.0906 1292  Ftdisk - ok
11:48:16.0921 1292  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:48:16.0953 1292  GEARAspiWDM - ok
11:48:16.0968 1292  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:48:17.0093 1292  Gpc - ok
11:48:17.0125 1292  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:48:17.0250 1292  HDAudBus - ok
11:48:17.0265 1292  HECI - ok
11:48:17.0343 1292  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:48:17.0468 1292  helpsvc - ok
11:48:17.0484 1292  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
11:48:17.0609 1292  HidServ - ok
11:48:17.0625 1292  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:48:17.0750 1292  HidUsb - ok
11:48:17.0796 1292  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:48:17.0921 1292  hkmsvc - ok
11:48:17.0953 1292  [ ABC75E510A225FF84FB4D91E117AB8CC ] hotcore3        C:\WINDOWS\system32\drivers\hotcore3.sys
11:48:17.0968 1292  hotcore3 - ok
11:48:17.0984 1292  hpn - ok
11:48:18.0015 1292  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:48:18.0078 1292  HTTP - ok
11:48:18.0093 1292  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:48:18.0234 1292  HTTPFilter - ok
11:48:18.0312 1292  [ 79B69CD1DFBDC48CCAD4B8B6D4048786 ] HWiNFO32        D:\Programme\- Tools\PC-Diagnose\Hardware Info 32\HWiNFO32.SYS
11:48:18.0328 1292  HWiNFO32 - ok
11:48:18.0343 1292  i2omgmt - ok
11:48:18.0343 1292  i2omp - ok
11:48:18.0359 1292  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:48:18.0500 1292  i8042prt - ok
11:48:18.0515 1292  ialm - ok
11:48:18.0546 1292  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:48:18.0578 1292  IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:48:18.0578 1292  IDriverT - detected UnsignedFile.Multi.Generic (1)
11:48:18.0625 1292  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:48:18.0687 1292  idsvc - ok
11:48:18.0703 1292  [ 91C5E9F49F32110CED27E2F902FAD607 ] IFXTPM          C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
11:48:18.0750 1292  IFXTPM - ok
11:48:18.0781 1292  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:48:18.0890 1292  Imapi - ok
11:48:18.0937 1292  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:48:19.0078 1292  ImapiService - ok
11:48:19.0078 1292  ini910u - ok
11:48:19.0093 1292  IntcAzAudAddService - ok
11:48:19.0125 1292  [ D63C33F65F6EBC732116403D88883B2D ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
11:48:19.0281 1292  IntelIde - ok
11:48:19.0296 1292  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:48:19.0437 1292  intelppm - ok
11:48:19.0453 1292  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
11:48:19.0593 1292  Ip6Fw - ok
11:48:19.0625 1292  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:48:19.0750 1292  IpFilterDriver - ok
11:48:19.0765 1292  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:48:19.0906 1292  IpInIp - ok
11:48:19.0937 1292  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:48:20.0062 1292  IpNat - ok
11:48:20.0093 1292  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
11:48:20.0156 1292  iPod Service - ok
11:48:20.0187 1292  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:48:20.0312 1292  IPSec - ok
11:48:20.0328 1292  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:48:20.0468 1292  IRENUM - ok
11:48:20.0500 1292  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:48:20.0625 1292  isapnp - ok
11:48:20.0718 1292  [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
11:48:20.0734 1292  JavaQuickStarterService - ok
11:48:20.0781 1292  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:48:20.0890 1292  Kbdclass - ok
11:48:20.0906 1292  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:48:21.0046 1292  kbdhid - ok
11:48:21.0062 1292  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:48:21.0187 1292  kmixer - ok
11:48:21.0203 1292  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:48:21.0265 1292  KSecDD - ok
11:48:21.0296 1292  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
11:48:21.0343 1292  lanmanserver - ok
11:48:21.0406 1292  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:48:21.0437 1292  lanmanworkstation - ok
11:48:21.0453 1292  lbrtfdc - ok
11:48:21.0484 1292  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:48:21.0625 1292  LmHosts - ok
11:48:21.0640 1292  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:48:21.0781 1292  Messenger - ok
11:48:21.0812 1292  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:48:21.0937 1292  mnmdd - ok
11:48:21.0968 1292  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
11:48:22.0093 1292  mnmsrvc - ok
11:48:22.0109 1292  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:48:22.0250 1292  Modem - ok
11:48:22.0265 1292  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:48:22.0390 1292  Mouclass - ok
11:48:22.0421 1292  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:48:22.0546 1292  mouhid - ok
11:48:22.0562 1292  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:48:22.0703 1292  MountMgr - ok
11:48:22.0734 1292  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
11:48:22.0765 1292  MozillaMaintenance - ok
11:48:22.0781 1292  [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE             C:\WINDOWS\system32\DRIVERS\MPE.sys
11:48:22.0906 1292  MPE - ok
11:48:22.0906 1292  mraid35x - ok
11:48:22.0921 1292  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:48:23.0046 1292  MRxDAV - ok
11:48:23.0093 1292  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:48:23.0218 1292  MRxSmb - ok
11:48:23.0250 1292  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
11:48:23.0421 1292  MSDTC - ok
11:48:23.0437 1292  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:48:23.0578 1292  Msfs - ok
11:48:23.0578 1292  MSIServer - ok
11:48:23.0593 1292  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:48:23.0718 1292  MSKSSRV - ok
11:48:23.0734 1292  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:48:23.0843 1292  MSPCLOCK - ok
11:48:23.0859 1292  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:48:23.0984 1292  MSPQM - ok
11:48:24.0015 1292  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:48:24.0140 1292  mssmbios - ok
11:48:24.0156 1292  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
11:48:24.0296 1292  MSTEE - ok
11:48:24.0328 1292  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:48:24.0390 1292  Mup - ok
11:48:24.0421 1292  [ E1CDF20697D992CF83FF86DD04DF1285 ] mxnic           C:\WINDOWS\system32\DRIVERS\mxnic.sys
11:48:24.0562 1292  mxnic - ok
11:48:24.0578 1292  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:48:24.0718 1292  NABTSFEC - ok
11:48:24.0765 1292  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:48:24.0890 1292  napagent - ok
11:48:24.0968 1292  [ DFE14D63F0F649EE94A9E3442B7C8F2C ] NAUpdate        C:\Programme\Nero\Update\NASvc.exe
11:48:25.0000 1292  NAUpdate - ok
11:48:25.0062 1292  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:48:25.0187 1292  NDIS - ok
11:48:25.0203 1292  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:48:25.0343 1292  NdisIP - ok
11:48:25.0375 1292  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:48:25.0406 1292  NdisTapi - ok
11:48:25.0421 1292  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:48:25.0546 1292  Ndisuio - ok
11:48:25.0546 1292  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:48:25.0671 1292  NdisWan - ok
11:48:25.0703 1292  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:48:25.0750 1292  NDProxy - ok
11:48:25.0765 1292  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:48:25.0890 1292  NetBIOS - ok
11:48:25.0906 1292  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:48:26.0031 1292  NetBT - ok
11:48:26.0062 1292  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:48:26.0203 1292  NetDDE - ok
11:48:26.0203 1292  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:48:26.0328 1292  NetDDEdsdm - ok
11:48:26.0343 1292  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:48:26.0484 1292  Netlogon - ok
11:48:26.0515 1292  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
11:48:26.0640 1292  Netman - ok
11:48:26.0671 1292  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:48:26.0703 1292  NetTcpPortSharing - ok
11:48:26.0734 1292  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:48:26.0843 1292  NIC1394 - ok
11:48:26.0906 1292  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:48:26.0937 1292  Nla - ok
11:48:26.0968 1292  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:48:27.0093 1292  Npfs - ok
11:48:27.0171 1292  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:48:27.0328 1292  Ntfs - ok
11:48:27.0343 1292  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:48:27.0468 1292  NtLmSsp - ok
11:48:27.0515 1292  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:48:27.0656 1292  NtmsSvc - ok
11:48:27.0671 1292  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:48:27.0796 1292  Null - ok
11:48:27.0875 1292  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:48:28.0062 1292  nv - ok
11:48:28.0093 1292  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:48:28.0250 1292  NwlnkFlt - ok
11:48:28.0250 1292  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:48:28.0375 1292  NwlnkFwd - ok
11:48:28.0406 1292  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:48:28.0515 1292  ohci1394 - ok
11:48:28.0562 1292  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
11:48:28.0578 1292  ose - ok
11:48:28.0750 1292  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:48:28.0921 1292  osppsvc - ok
11:48:28.0953 1292  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:48:29.0078 1292  Parport - ok
11:48:29.0109 1292  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:48:29.0250 1292  PartMgr - ok
11:48:29.0296 1292  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:48:29.0421 1292  ParVdm - ok
11:48:29.0437 1292  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:48:29.0578 1292  PCI - ok
11:48:29.0578 1292  PCIDump - ok
11:48:29.0593 1292  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
11:48:29.0718 1292  PCIIde - ok
11:48:29.0750 1292  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
11:48:29.0859 1292  Pcmcia - ok
11:48:29.0875 1292  [ 167B2FEA66DDE6925766D1A81A1AFFC0 ] PCTCore         C:\WINDOWS\system32\drivers\PCTCore.sys
11:48:29.0906 1292  PCTCore - ok
11:48:29.0906 1292  PDCOMP - ok
11:48:29.0906 1292  PDFRAME - ok
11:48:29.0921 1292  PDRELI - ok
11:48:29.0921 1292  PDRFRAME - ok
11:48:29.0921 1292  perc2 - ok
11:48:29.0937 1292  perc2hib - ok
11:48:29.0968 1292  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
11:48:30.0000 1292  PlugPlay - ok
11:48:30.0093 1292  [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider D:\Programme\- Medien\Bilder\Sony\PMB\PMBDeviceInfoProvider.exe
11:48:30.0265 1292  PMBDeviceInfoProvider - ok
11:48:30.0281 1292  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:48:30.0390 1292  PolicyAgent - ok
11:48:30.0421 1292  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:48:30.0546 1292  PptpMiniport - ok
11:48:30.0562 1292  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
11:48:30.0687 1292  Processor - ok
11:48:30.0703 1292  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:48:30.0812 1292  ProtectedStorage - ok
11:48:30.0843 1292  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:48:30.0968 1292  PSched - ok
11:48:30.0968 1292  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:48:31.0109 1292  Ptilink - ok
11:48:31.0109 1292  ql1080 - ok
11:48:31.0125 1292  Ql10wnt - ok
11:48:31.0125 1292  ql12160 - ok
11:48:31.0125 1292  ql1240 - ok
11:48:31.0140 1292  ql1280 - ok
11:48:31.0156 1292  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:48:31.0328 1292  RasAcd - ok
11:48:31.0343 1292  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:48:31.0468 1292  RasAuto - ok
11:48:31.0500 1292  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:48:31.0625 1292  Rasl2tp - ok
11:48:31.0656 1292  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:48:31.0781 1292  RasMan - ok
11:48:31.0796 1292  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:48:31.0921 1292  RasPppoe - ok
11:48:31.0921 1292  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:48:32.0046 1292  Raspti - ok
11:48:32.0093 1292  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:48:32.0218 1292  Rdbss - ok
11:48:32.0234 1292  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:48:32.0375 1292  RDPCDD - ok
11:48:32.0390 1292  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:48:32.0515 1292  rdpdr - ok
11:48:32.0562 1292  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:48:32.0609 1292  RDPWD - ok
11:48:32.0656 1292  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:48:32.0781 1292  RDSessMgr - ok
11:48:32.0781 1292  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:48:32.0906 1292  redbook - ok
11:48:32.0937 1292  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:48:33.0078 1292  RemoteAccess - ok
11:48:33.0109 1292  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:48:33.0281 1292  RemoteRegistry - ok
11:48:33.0312 1292  [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM          C:\WINDOWS\system32\DRIVERS\rfcomm.sys
11:48:33.0437 1292  RFCOMM - ok
11:48:33.0468 1292  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
11:48:33.0593 1292  ROOTMODEM - ok
11:48:33.0609 1292  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:48:33.0750 1292  RpcLocator - ok
11:48:33.0765 1292  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
11:48:33.0796 1292  RpcSs - ok
11:48:33.0828 1292  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
11:48:33.0968 1292  RSVP - ok
11:48:34.0015 1292  [ A279E7EB6175DD7AC54768C359C885E4 ] rt70x86         C:\WINDOWS\system32\DRIVERS\netr70.sys
11:48:34.0031 1292  rt70x86 ( UnsignedFile.Multi.Generic ) - warning
11:48:34.0031 1292  rt70x86 - detected UnsignedFile.Multi.Generic (1)
11:48:34.0046 1292  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:48:34.0156 1292  SamSs - ok
11:48:34.0234 1292  [ 230FD3749904CA045EA5EC0AA14006E9 ] SANDRA          D:\Programme\- Tools\PC-Diagnose\SiSoft\Sandra Lite (Testversion) 2012\WNt500x86\Sandra.sys
11:48:34.0250 1292  SANDRA - ok
11:48:34.0265 1292  [ 15CB4BF35B93B2D26FCE6A58DE8A8A37 ] SandraAgentSrv  D:\Programme\- Tools\PC-Diagnose\SiSoft\Sandra Lite (Testversion) 2012\RpcAgentSrv.exe
11:48:34.0281 1292  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
11:48:34.0281 1292  SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
11:48:34.0296 1292  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:48:34.0437 1292  SCardSvr - ok
11:48:34.0484 1292  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:48:34.0609 1292  Schedule - ok
11:48:34.0671 1292  [ EE088B31F5EB673A62E7E0D09B0007B0 ] sdAuxService    D:\Programme\- Tools\Sicherheit\Virenschutz\Spyware Doctor\pctsAuxs.exe
11:48:34.0718 1292  sdAuxService - ok
11:48:34.0781 1292  [ 747FFE0A5A34C349A363BE97C632B7C4 ] sdCoreService   D:\Programme\- Tools\Sicherheit\Virenschutz\Spyware Doctor\pctsSvc.exe
11:48:34.0859 1292  sdCoreService - ok
11:48:34.0875 1292  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:48:34.0984 1292  Secdrv - ok
11:48:35.0015 1292  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:48:35.0125 1292  seclogon - ok
11:48:35.0140 1292  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
11:48:35.0265 1292  SENS - ok
11:48:35.0296 1292  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:48:35.0421 1292  serenum - ok
11:48:35.0453 1292  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:48:35.0578 1292  Serial - ok
11:48:35.0625 1292  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:48:35.0750 1292  Sfloppy - ok
11:48:35.0796 1292  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:48:35.0984 1292  SharedAccess - ok
11:48:35.0984 1292  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:48:36.0015 1292  ShellHWDetection - ok
11:48:36.0031 1292  Simbad - ok
11:48:36.0093 1292  [ DDDE67010BF3A40C3331D18ED75A60B2 ] SKYNET          C:\WINDOWS\system32\DRIVERS\SkyNET.SYS
11:48:36.0125 1292  SKYNET - ok
11:48:36.0140 1292  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:48:36.0265 1292  SLIP - ok
11:48:36.0343 1292  [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
11:48:36.0359 1292  Sony Ericsson PCCompanion - ok
11:48:36.0359 1292  Sparrow - ok
11:48:36.0406 1292  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:48:36.0515 1292  splitter - ok
11:48:36.0546 1292  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:48:36.0578 1292  Spooler - ok
11:48:36.0625 1292  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:48:36.0750 1292  sr - ok
11:48:36.0781 1292  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:48:36.0921 1292  srservice - ok
11:48:36.0968 1292  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:48:37.0078 1292  Srv - ok
11:48:37.0109 1292  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:48:37.0234 1292  SSDPSRV - ok
11:48:37.0265 1292  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:48:37.0421 1292  stisvc - ok
11:48:37.0437 1292  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:48:37.0562 1292  streamip - ok
11:48:37.0593 1292  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:48:37.0718 1292  swenum - ok
11:48:37.0734 1292  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:48:37.0859 1292  swmidi - ok
11:48:37.0859 1292  SwPrv - ok
11:48:37.0875 1292  symc810 - ok
11:48:37.0875 1292  symc8xx - ok
11:48:37.0890 1292  sym_hi - ok
11:48:37.0890 1292  sym_u3 - ok
11:48:37.0906 1292  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:48:38.0031 1292  sysaudio - ok
11:48:38.0046 1292  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:48:38.0187 1292  SysmonLog - ok
11:48:38.0218 1292  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:48:38.0343 1292  TapiSrv - ok
11:48:38.0390 1292  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:48:38.0421 1292  Tcpip - ok
11:48:38.0453 1292  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:48:38.0578 1292  TDPIPE - ok
11:48:38.0593 1292  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:48:38.0734 1292  TDTCP - ok
11:48:38.0750 1292  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:48:38.0875 1292  TermDD - ok
11:48:38.0890 1292  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
11:48:39.0031 1292  TermService - ok
11:48:39.0046 1292  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:48:39.0093 1292  Themes - ok
11:48:39.0109 1292  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
11:48:39.0250 1292  TlntSvr - ok
11:48:39.0250 1292  TosIde - ok
11:48:39.0281 1292  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:48:39.0406 1292  TrkWks - ok
11:48:39.0437 1292  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:48:39.0578 1292  Udfs - ok
11:48:39.0609 1292  [ E5928FA58A91CDA0D003E0A5FE9DEADE ] UimBus          C:\WINDOWS\system32\DRIVERS\UimBus.sys
11:48:39.0625 1292  UimBus - ok
11:48:39.0640 1292  [ B95B7D5ABA6E6BC8AFFE947EFBBFD8D8 ] Uim_IM          C:\WINDOWS\system32\Drivers\Uim_IM.sys
11:48:39.0656 1292  Uim_IM - ok
11:48:39.0671 1292  ultra - ok
11:48:39.0718 1292  [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 D:\Programme\- Tools\Delete\Unlocker\UnlockerDriver5.sys
11:48:39.0734 1292  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
11:48:39.0734 1292  UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
11:48:39.0765 1292  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:48:39.0937 1292  Update - ok
11:48:39.0984 1292  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:48:40.0109 1292  upnphost - ok
11:48:40.0187 1292  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
11:48:40.0312 1292  UPS - ok
11:48:40.0359 1292  [ 68A00F7BD18BC3AF2D98A75142E1C74E ] USB28xxBGA      C:\WINDOWS\system32\DRIVERS\emBDA.sys
11:48:40.0406 1292  USB28xxBGA - ok
11:48:40.0421 1292  [ D52F4FC7788D670A78B2C253717B5330 ] USB28xxOEM      C:\WINDOWS\system32\DRIVERS\emOEM.sys
11:48:40.0453 1292  USB28xxOEM - ok
11:48:40.0468 1292  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
11:48:40.0484 1292  USBAAPL ( UnsignedFile.Multi.Generic ) - warning
11:48:40.0484 1292  USBAAPL - detected UnsignedFile.Multi.Generic (1)
11:48:40.0500 1292  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:48:40.0625 1292  usbccgp - ok
11:48:40.0671 1292  [ 467FA7E811360C7C40E64BB9DDFF9474 ] USBDLM          C:\Programme\USBDLM\USBDLM.exe
11:48:40.0687 1292  USBDLM ( UnsignedFile.Multi.Generic ) - warning
11:48:40.0687 1292  USBDLM - detected UnsignedFile.Multi.Generic (1)
11:48:40.0718 1292  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:48:40.0843 1292  usbehci - ok
11:48:40.0875 1292  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:48:41.0000 1292  usbhub - ok
11:48:41.0031 1292  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:48:41.0171 1292  usbohci - ok
11:48:41.0187 1292  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:48:41.0328 1292  usbscan - ok
11:48:41.0359 1292  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:48:41.0484 1292  USBSTOR - ok
11:48:41.0515 1292  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:48:41.0625 1292  usbuhci - ok
11:48:41.0640 1292  VComm - ok
11:48:41.0640 1292  VcommMgr - ok
11:48:41.0671 1292  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:48:41.0796 1292  VgaSave - ok
11:48:41.0796 1292  ViaIde - ok
11:48:41.0812 1292  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:48:41.0937 1292  VolSnap - ok
11:48:41.0984 1292  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
11:48:42.0109 1292  VSS - ok
11:48:42.0140 1292  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
11:48:42.0281 1292  W32Time - ok
11:48:42.0281 1292  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:48:42.0421 1292  Wanarp - ok
11:48:42.0453 1292  [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
11:48:42.0500 1292  wceusbsh - ok
11:48:42.0500 1292  WDICA - ok
11:48:42.0531 1292  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:48:42.0656 1292  wdmaud - ok
11:48:42.0703 1292  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:48:42.0812 1292  WebClient - ok
11:48:42.0890 1292  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:48:43.0015 1292  winmgmt - ok
11:48:43.0078 1292  [ F10075C2EC96D2EB118012E78ECE2FC2 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
11:48:43.0171 1292  WinRM - ok
11:48:43.0203 1292  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
11:48:43.0265 1292  WmdmPmSN - ok
11:48:43.0312 1292  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
11:48:43.0406 1292  Wmi - ok
11:48:43.0453 1292  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:48:43.0593 1292  WmiApSrv - ok
11:48:43.0671 1292  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
11:48:43.0718 1292  WMPNetworkSvc - ok
11:48:43.0828 1292  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:48:43.0859 1292  WPFFontCache_v0400 - ok
11:48:43.0890 1292  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:48:44.0015 1292  WS2IFSL - ok
11:48:44.0046 1292  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:48:44.0187 1292  wscsvc - ok
11:48:44.0203 1292  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:48:44.0343 1292  WSTCODEC - ok
11:48:44.0375 1292  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:48:44.0484 1292  wuauserv - ok
11:48:44.0515 1292  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:48:44.0578 1292  WudfPf - ok
11:48:44.0578 1292  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:48:44.0609 1292  WudfRd - ok
11:48:44.0625 1292  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
11:48:44.0656 1292  WudfSvc - ok
11:48:44.0703 1292  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:48:44.0843 1292  WZCSVC - ok
11:48:44.0890 1292  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets         C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
11:48:44.0906 1292  x10nets ( UnsignedFile.Multi.Generic ) - warning
11:48:44.0906 1292  x10nets - detected UnsignedFile.Multi.Generic (1)
11:48:44.0921 1292  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:48:45.0062 1292  xmlprov - ok
11:48:45.0093 1292  [ 93692D6B2FCBB63F517642048F5295FB ] XUIF            C:\WINDOWS\system32\Drivers\x10ufx2.sys
11:48:45.0156 1292  XUIF - ok
11:48:45.0187 1292  ================ Scan global ===============================
11:48:45.0218 1292  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
11:48:45.0234 1292  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:48:45.0250 1292  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:48:45.0265 1292  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
11:48:45.0265 1292  [Global] - ok
11:48:45.0265 1292  ================ Scan MBR ==================================
11:48:45.0281 1292  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
11:48:46.0140 1292  \Device\Harddisk0\DR0 - ok
11:48:46.0156 1292  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
11:48:46.0203 1292  \Device\Harddisk1\DR1 - ok
11:48:46.0218 1292  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR5
11:48:46.0375 1292  \Device\Harddisk2\DR5 - ok
11:48:46.0375 1292  ================ Scan VBR ==================================
11:48:46.0375 1292  [ 5CFB7160DAF377A565B0AD9309D6D4D6 ] \Device\Harddisk0\DR0\Partition1
11:48:46.0375 1292  \Device\Harddisk0\DR0\Partition1 - ok
11:48:46.0390 1292  [ 1222E22C5A9A5194BEBD708811D217E8 ] \Device\Harddisk0\DR0\Partition2
11:48:46.0390 1292  \Device\Harddisk0\DR0\Partition2 - ok
11:48:46.0390 1292  [ 74D631A89B6E6478D9EB80A737D5F400 ] \Device\Harddisk1\DR1\Partition1
11:48:46.0390 1292  \Device\Harddisk1\DR1\Partition1 - ok
11:48:46.0406 1292  [ 90042306B79CBE48F21F70949F7C26CD ] \Device\Harddisk2\DR5\Partition1
11:48:46.0406 1292  \Device\Harddisk2\DR5\Partition1 - ok
11:48:46.0406 1292  ============================================================
11:48:46.0406 1292  Scan finished
11:48:46.0406 1292  ============================================================
11:48:46.0515 2692  Detected object count: 12
11:48:46.0515 2692  Actual detected object count: 12
11:49:25.0562 2692  AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:25.0562 2692  AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:49:25.0562 2692  CardReaderFilter ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:25.0562 2692  CardReaderFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:49:25.0562 2692  CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:25.0562 2692  CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:49:25.0562 2692  CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:25.0562 2692  CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:49:25.0562 2692  FET5X86V ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:25.0562 2692  FET5X86V ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:49:25.0562 2692  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:25.0562 2692  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:49:25.0562 2692  rt70x86 ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:25.0562 2692  rt70x86 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:49:25.0578 2692  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:25.0578 2692  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:49:25.0578 2692  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:25.0578 2692  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:49:25.0578 2692  USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:25.0578 2692  USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:49:25.0578 2692  USBDLM ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:25.0578 2692  USBDLM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:49:25.0578 2692  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:25.0578 2692  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 16.09.2012, 18:30

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Krifi · 17.09.2012, 08:50

So, ComboFix ist fertig.
Vieleicht spielt es keine Rolle, aber nach der Installation der Wiederherstellungskonsole und vor dem eigentlichen Scan kam noch folgende Meldung:

Code:

ATTFilter

TcpipParameters.reg kann nicht exportiert werden: Fehler beim Schreiben auf die Datei. Der Datenträger bzw. das Dateisystem ist möglicherweise beschädigt.

Und jetzt der Combofix Logfile:

Code:

ATTFilter

ComboFix 12-09-16.01 - User 17.09.2012   9:26.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1023.433 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\User\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\User\Anwendungsdaten\ACD Systems\ACDSee\ImageDB.ddf
c:\dokumente und einstellungen\User\WINDOWS
c:\windows\offitems.log
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-17 bis 2012-09-17  ))))))))))))))))))))))))))))))
.
.
2012-09-15 15:02 . 2012-09-15 15:02	--------	d-----w-	c:\programme\iPod
2012-09-15 15:02 . 2012-09-15 15:04	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-14 22:29 . 2012-09-14 22:29	--------	d-----w-	C:\_OTL
2012-09-03 15:13 . 2012-09-03 15:13	--------	d-----w-	c:\programme\Gemeinsame Dateien\Java
2012-09-03 15:12 . 2012-09-03 15:11	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-09-03 15:12 . 2012-09-03 15:11	477168	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-08-30 13:11 . 2012-08-30 13:11	--------	d-----w-	c:\dokumente und einstellungen\User\Anwendungsdaten\Malwarebytes
2012-08-30 13:11 . 2012-08-30 13:11	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-08-30 09:15 . 2012-08-30 09:15	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-08-30 08:17 . 2012-08-30 08:55	--------	d-s---w-	c:\dokumente und einstellungen\Administrator
2012-08-30 06:45 . 2012-08-30 06:45	--------	d-----w-	c:\dokumente und einstellungen\Internet\Anwendungsdaten\Sony Corporation
2012-08-29 10:23 . 2012-08-29 10:23	--------	d-----w-	c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Sun
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-17 05:55 . 2011-10-28 13:47	17408	----a-w-	c:\windows\system32\drivers\USBCRFT.SYS
2012-09-03 15:11 . 2011-01-31 11:25	473072	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-21 11:01 . 2011-11-01 22:16	26840	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2011-11-01 22:16	106928	----a-w-	c:\windows\system32\GEARAspi.dll
2012-07-31 05:28 . 2012-07-31 05:28	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-31 05:28 . 2011-10-22 09:40	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:59 . 2004-08-04 12:00	78336	----a-w-	c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-03-20 10:27	139784	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:25 . 2004-08-04 12:00	1866240	----a-w-	c:\windows\system32\win32k.sys
2012-07-02 17:39 . 2004-08-04 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2004-08-04 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2004-08-04 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 12:00	385024	----a-w-	c:\windows\system32\html.iec
2011-07-14 09:31 . 2011-11-22 08:24	1456640	----a-w-	c:\programme\Gemeinsame Dateien\Falk Navi-Manager.msi
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Dit"="Dit.exe" [2004-07-20 90112]
"PMBVolumeWatcher"="d:\programme\- Medien\Bilder\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"egui"="c:\programme\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"emMON"="emMON.exe" [2006-05-30 61440]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="d:\programme\- Medien\Musik\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Server4PC.lnk - d:\programme\- Medien\TV\TechniSat DVB\bin\Server4PC.exe [2011-11-21 338448]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoUpdate Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AutoUpdate Monitor.lnk
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^phase-6 Reminder.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\phase-6 Reminder.lnk
backup=c:\windows\pss\phase-6 Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^User^Startmenü^Programme^Autostart^Microsoft-Indexerstellung.lnk]
path=c:\dokumente und einstellungen\User\Startmenü\Programme\Autostart\Microsoft-Indexerstellung.lnk
backup=c:\windows\pss\Microsoft-Indexerstellung.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^User^Startmenü^Programme^Autostart^Office-Start.lnk]
path=c:\dokumente und einstellungen\User\Startmenü\Programme\Autostart\Office-Start.lnk
backup=c:\windows\pss\Office-Start.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51	35768	----a-w-	c:\programme\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoSave]
2007-01-27 15:55	587272	----a-w-	c:\programme\Avanquest\AutoSave\AutoSave.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 05:53	110592	----a-w-	c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-01-18 13:14	1286608	----a-w-	d:\programme\- Tools\Sicherheit\Virenschutz\Spyware Doctor\pctsTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-02-21 17:08	118926	------w-	d:\programme\- Medien\Video\Home Cinema\PowerCinema\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24	32768	----a-w-	d:\programme\- Medien\Video\Home Cinema\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RSD_HDDThermo]
2005-04-01 17:02	215040	----a-w-	d:\programme\- Tools\Festplatten\HDD Thermometer\HDD Thermometer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51	17408	----a-w-	d:\programme\- Tools\Delete\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Sophos AutoUpdate Service"=2 (0x2)
"SAVService"=2 (0x2)
"SAVAdminService"=2 (0x2)
"SandraAgentSrv"=3 (0x3)
"iPod Service"=3 (0x3)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"BthServ"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Programme\\- Tools\\PC-Diagnose\\SiSoft\\Sandra Lite (Testversion) 2012\\RpcAgentSrv.exe"=
"d:\\Programme\\- Tools\\PC-Diagnose\\SiSoft\\Sandra Lite (Testversion) 2012\\WNt500x86\\RpcSandraSrv.exe"=
"d:\\Programme\\Microsoft Office 2010\\Office14\\ONENOTE.EXE"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Dokumente und Einstellungen\\User\\Lokale Einstellungen\\Temp\\jivexviewer\\jre\\bin\\JiveX[dv] light"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Programme\\- Medien\\Musik\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung 
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [13.11.2011 14:24 37864]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [23.11.2011 10:16 207280]
R1 AutoSave;AutoSave;c:\windows\system32\drivers\AutoSave.sys [13.11.2011 14:24 30784]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 10:03 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16.11.2009 10:06 103112]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;d:\programme\- Tools\PC-Diagnose\Hardware Info 32\HWiNFO32.SYS [22.11.2011 12:29 21624]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19.01.2009 20:31 277544]
R2 ekrn;ESET Service;c:\programme\ESET\ESET NOD32 Antivirus\ekrn.exe [22.09.2011 12:03 974944]
R2 NAUpdate;Nero Update;c:\programme\Nero\Update\NASvc.exe [04.11.2011 15:40 687400]
R2 USBDLM;USBDLM;c:\programme\USBDLM\USBDLM.exe [20.03.2010 12:52 156160]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [12.05.2005 14:39 1287296]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [21.11.2011 12:32 507408]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys --> c:\windows\system32\drivers\ArcSec.sys [?]
S2 Browser Defender Update Service;Browser Defender Update Service;d:\programme\- Tools\Sicherheit\Virenschutz\Spyware Doctor\BDT\BDTUpdateService.exe [23.11.2011 10:19 112592]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;d:\programme\- Medien\Bilder\Sony\PMB\PMBDeviceInfoProvider.exe [24.10.2009 04:18 360224]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys --> c:\windows\system32\drivers\AtihdXP3.sys [?]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [28.10.2011 15:47 17408]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.03.2011 16:12 44800]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [07.05.2012 09:02 114144]
S3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 22:37 4640000]
S3 rt70x86;RT2500 USB Wireless LAN Driver;c:\windows\system32\drivers\netr70.sys [20.10.2006 21:18 243200]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [02.12.2011 15:59 155344]
S4 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\programme\- Tools\PC-Diagnose\SiSoft\Sandra Lite (Testversion) 2012\RpcAgentSrv.exe [22.11.2011 12:23 93848]
S4 sdAuxService;PC Tools Auxiliary Service;d:\programme\- Tools\Sicherheit\Virenschutz\Spyware Doctor\pctsAuxs.exe [23.11.2011 10:16 365280]
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2012-09-17 c:\windows\Tasks\User_Feed_Synchronization-{FF2BE2C1-382A-498D-BB9B-A00CC06525AD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - d:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - d:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
LSP: c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ds50yqgc.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-FreePDF Assistant - c:\programme\FreePDF_XP\fpassist.exe
MSConfigStartUp-IFXSPMGT - c:\programme\Infineon\Security Platform Software\ifxspmgt.exe
MSConfigStartUp-NvMediaCenter - c:\windows\system32\NvMcTray.dll
MSConfigStartUp-QuickTime Task - c:\programme\QuickTime\QTTask.exe
MSConfigStartUp-SkyTel - SkyTel.EXE
AddRemove-Sound Blaster AudioPCI 128 - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-17 09:33
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4174451169-4212436407-2930069656-1003\Software\SecuROM\License information*]
"datasecu"=hex:f6,4b,4c,8c,03,cc,9c,99,61,2e,11,a6,fe,57,f8,21,df,b3,db,0f,10,
   aa,4d,c8,eb,2a,e8,45,4d,7a,49,6c,9d,f1,96,68,dd,e5,3a,f6,40,3e,43,84,44,64,\
"rkeysecu"=hex:59,fa,8d,a3,61,d9,4d,88,7d,5d,6f,58,b4,09,bb,c4
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\DNSAPI.dll
.
- - - - - - - > 'lsass.exe'(1132)
c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
.
Zeit der Fertigstellung: 2012-09-17  09:36:11
ComboFix-quarantined-files.txt  2012-09-17 07:36
.
Vor Suchlauf: 10 Verzeichnis(se), 189.486.186.496 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 189.665.136.640 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 689CAC8E75723AE85E392A07FD7F1388

--- --- ---

cosinus · 17.09.2012, 12:09

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Krifi · 18.09.2012, 09:13

Au Mann - da mach´ ich Euch ja richtig Arbeit ...

Der Reihe nach:

1.) GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-17 18:03:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 HDS725050KLA360 rev.K2AOA60A
Running: l8kb7k5c.exe; Driver: C:\DOKUME~1\User\LOKALE~1\Temp\kwryrpod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwAssignProcessToJobObject [0xED5034B0]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                  ZwCreateKey [0xF72BCE22]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                  ZwCreateProcess [0xF729DCDC]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                  ZwCreateProcessEx [0xF729DECE]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwCreateThread [0xED5037F0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwDebugActiveProcess [0xED503AB0]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                  ZwDeleteKey [0xF72BD610]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                  ZwDeleteValueKey [0xF72BD8C4]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwDuplicateObject [0xED5035D0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwLoadDriver [0xED5038B0]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                  ZwOpenKey [0xF72BBB14]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwOpenProcess [0xED503350]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwOpenThread [0xED503410]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwProtectVirtualMemory [0xED503570]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwQueueApcThread [0xED503630]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                  ZwRenameKey [0xF72BDD30]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwSetContextThread [0xED503530]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwSetInformationThread [0xED5034F0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwSetSecurityObject [0xED503670]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwSetSystemInformation [0xED503870]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                  ZwSetValueKey [0xF72BD0E2]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwSuspendProcess [0xED5033B0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwSuspendThread [0xED503430]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwSystemDebugControl [0xED503830]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                  ZwTerminateProcess [0xF729D982]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwTerminateThread [0xED503470]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                 ZwWriteVirtualMemory [0xED5035F0]

Code            \??\C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys                                                   pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2FD0                                                             80504888 12 Bytes  [B0, 33, 50, ED, 30, 34, 50, ...] {MOV AL, 0x33; PUSH EAX; IN EAX, DX; XOR [EAX+EDX*2], DH; IN EAX, DX; XOR [EAX], BH; PUSH EAX; IN EAX, DX}
.reloc          C:\WINDOWS\system32\drivers\acedrv11.sys                                                         section is executable [0xEDED7300, 0x25D4C, 0xE0000060]
?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                       Das System kann die angegebene Datei nicht finden. !
?               C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys                                                       Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[964] kernel32.dll!SetUnhandledExceptionFilter    7C84495D 4 Bytes  [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                           eamon.sys (Amon monitor/ESET)
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                           AutoSave.SYS (AutoSave file system filter driver for Windows NT/Avanquest Publishing USA, Inc.)

Device          \Driver\BTHUSB \Device\0000008e                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                        epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                           hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                           hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                           hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume4                                                           hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device          \FileSystem\Mup \Device\AutoSave                                                                 AutoSave.SYS (AutoSave file system filter driver for Windows NT/Avanquest Publishing USA, Inc.)
Device          \Driver\BTHUSB \Device\0000008c                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001109e494c0                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@\0\0\0\xefa\0\x800A                      0x00 0x00 0x00 0x00 
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001109e494c0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@\0\0\0\xefa\0\x800A                          0x00 0x00 0x00 0x00 

---- EOF - GMER 1.0.15 ----

--- --- ---

2.) OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 09:33:36 on 18.09.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"CplMCDec.cpl" - "MainConcept AG" - C:\WINDOWS\system32\CplMCDec.cpl
"FINDFAST.CPL" - "Microsoft Corporation" - C:\WINDOWS\system32\FINDFAST.CPL
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"MLCFG32.CPL" - "Microsoft Corporation" - C:\WINDOWS\system32\MLCFG32.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CplMCDec" - "MainConcept AG" - C:\WINDOWS\System32\CplMCDec.cpl
"CplMCDec_x86" - ? - C:\WINDOWS\SysWOW64\CplMCDec.cpl  (File not found)
"Nero BurnRights 10" - ? - C:\Programme\Nero\Nero 10\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl  (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv11.sys
"AEGIS Protocol (IEEE 802.1x) v3.7.5.0" (AegisP) - "Cisco Systems, Inc." - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\WINDOWS\System32\Drivers\usbaapl.sys
"ArcSec" (ArcSec) - ? - C:\WINDOWS\System32\drivers\ArcSec.sys  (File not found)
"ATI Function Driver for HD Audio Service" (AtiHDAudioService) - ? - C:\WINDOWS\System32\drivers\AtihdXP3.sys  (File not found)
"AutoSave" (AutoSave) - "Avanquest Publishing USA, Inc." - C:\WINDOWS\system32\drivers\AutoSave.sys
"BCMTPM" (BCMTPM) - ? - C:\WINDOWS\System32\DRIVERS\btpmw32.sys  (File not found)
"Bluetooth Audio Service" (BlueletAudio) - ? - C:\WINDOWS\System32\DRIVERS\blueletaudio.sys  (File not found)
"Bluetooth HID Enumerator" (BTHidEnum) - ? - C:\WINDOWS\System32\DRIVERS\vbtenum.sys  (File not found)
"Bluetooth HID Manager Service" (BTHidMgr) - ? - C:\WINDOWS\System32\Drivers\BTHidMgr.sys  (File not found)
"Bluetooth PAN Network Adapter" (BT) - ? - C:\WINDOWS\System32\DRIVERS\btnetdrv.sys  (File not found)
"Bluetooth USB For Bluetooth Service" (Btcsrusb) - ? - C:\WINDOWS\System32\Drivers\btcusb.sys  (File not found)
"Bluetooth VComm Manager Service" (VcommMgr) - ? - C:\WINDOWS\System32\Drivers\VcommMgr.sys  (File not found)
"Card Reader Filter" (CardReaderFilter) - "ICSI Technology Ltd." - C:\WINDOWS\system32\Drivers\USBCRFT.SYS
"catchme" (catchme) - ? - C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"ehdrv" (ehdrv) - "ESET" - C:\WINDOWS\System32\DRIVERS\ehdrv.sys
"hotcore3" (hotcore3) - "Paragon Software Group" - C:\WINDOWS\System32\drivers\hotcore3.sys
"HWiNFO32/64 Kernel Driver" (HWiNFO32) - "REALiX(tm)" - D:\Programme\- Tools\PC-Diagnose\Hardware Info 32\HWiNFO32.SYS
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"ialm" (ialm) - ? - C:\WINDOWS\System32\DRIVERS\igxpmp32.sys  (File not found)
"Intel(R) Management Engine Interface" (HECI) - ? - C:\WINDOWS\System32\DRIVERS\HECI.sys  (File not found)
"Intel(R) PRO/1000 PCI Express Network Connection Driver" (e1express) - ? - C:\WINDOWS\System32\DRIVERS\e1e5132.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PCTools KDS" (PCTCore) - "PC Tools" - C:\WINDOWS\System32\drivers\PCTCore.sys
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"RT2500 USB Wireless LAN Driver" (rt70x86) - "Ralink Technology Inc." - C:\WINDOWS\System32\DRIVERS\netr70.sys
"SANDRA" (SANDRA) - "SiSoftware" - D:\Programme\- Tools\PC-Diagnose\SiSoft\Sandra Lite (Testversion) 2012\WNt500x86\Sandra.sys
"Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - ? - C:\WINDOWS\System32\drivers\RtkHDAud.sys  (File not found)
"TechniSat DVB-PC TV Star PCI" (SKYNET) - "TechniSat Digital, S.A." - C:\WINDOWS\System32\DRIVERS\SkyNET.SYS
"UIM Drive Backup Image Plugin" (Uim_IM) - "Paragon" - C:\WINDOWS\System32\Drivers\Uim_IM.sys
"Universal Image Mounter Controller" (UimBus) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\UimBus.sys
"VIA Rhine-Family Fast-Ethernet Adapter Driver Service" (FET5X86V) - "VIA Technologies, Inc.              " - C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys
"Virtual Serial port driver" (VComm) - ? - C:\WINDOWS\System32\DRIVERS\VComm.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - D:\Programme\Microsoft Office 2010\Office14\VISSHE.DLL
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{B089FE88-FB52-11D3-BDF1-0050DA34150D} "ESET Smart Security - Context Menu Shell Extension" - "ESET" - C:\Programme\ESET\ESET NOD32 Antivirus\shellExt.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - D:\Programme\Microsoft Office 2010\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\Programme\- Medien\Musik\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" - "Microsoft Corporation" - D:\programme\microsoft office 97\Office\soa800.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Programme\Microsoft Office 2010\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{59850401-6664-101B-B21C-00AA004BA90B} "Microsoft Office Sammelmappen-Teiler" - "Microsoft Corporation" - D:\programme\microsoft office 97\Office\UNBIND.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - D:\Programme\Microsoft Office 2010\Office14\ONFILTER.DLL
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Wcesview.dll
{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\NeroShellExt\NeroShellExt.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "NvCpl DesktopContext Class" - ? -   (File not found | COM-object registry key not found)
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "Play on my TV helper" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - D:\Programme\- Tools\Delete\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "PC Tools Browser Guard" - "Threat Expert Ltd." - D:\Programme\- Tools\Sicherheit\Virenschutz\Spyware Doctor\BDT\PCTBrowserDefender.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343629014934
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - D:\Programme\Microsoft Office 2010\Office14\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\INetRepl.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - D:\Programme\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} "PC Tools Browser Guard BHO" - "Threat Expert Ltd." - D:\Programme\- Tools\Sicherheit\Virenschutz\Spyware Doctor\BDT\PCTBrowserDefender.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Server4PC.lnk" - "TechniSat Digital, S.A." - D:\Programme\- Medien\TV\TechniSat DVB\bin\Server4PC.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"Dit" - "ICSI Technology Ltd." - Dit.exe
"egui" - "ESET" - "C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"iTunesHelper" - "Apple Inc." - "D:\Programme\- Medien\Musik\iTunes\iTunesHelper.exe"
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"PMBVolumeWatcher" - "Sony Corporation" - D:\Programme\- Medien\Bilder\Sony\PMB\PMBVolumeWatcher.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Browser Defender Update Service" (Browser Defender Update Service) - "Threat Expert Ltd." - D:\Programme\- Tools\Sicherheit\Virenschutz\Spyware Doctor\BDT\BDTUpdateService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"ESET Service" (ekrn) - "ESET" - C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"Nero Update" (NAUpdate) - "Nero AG" - C:\Programme\Nero\Update\NASvc.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PMBDeviceInfoProvider" (PMBDeviceInfoProvider) - "Sony Corporation" - D:\Programme\- Medien\Bilder\Sony\PMB\PMBDeviceInfoProvider.exe
"Sony Ericsson PCCompanion" (Sony Ericsson PCCompanion) - "Avanquest Software" - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
"USBDLM" (USBDLM) - "Uwe Sieber - www.uwe-sieber.de" - C:\Programme\USBDLM\USBDLM.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"igfxcui" - ? - igfxdev.dll  (File not found)
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"PCTOOLS CONTENT FILTER PROVIDER" - "PC Tools Research Pty Ltd." - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll

===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

[/CODE]
--- --- ---

3.) aswMBR Logfile:

Code:

ATTFilter

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-18 09:38:58
-----------------------------
09:38:58.250    OS Version: Windows 5.1.2600 Service Pack 3
09:38:58.250    Number of processors: 2 586 0x403
09:38:58.250    ComputerName: CHRISTOPH  UserName: User
09:38:59.234    Initialize success
09:40:10.968    AVAST engine defs: 12091400
09:40:31.843    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
09:40:31.843    Disk 0 Vendor: HDS725050KLA360 K2AOA60A Size: 476940MB BusType: 3
09:40:31.843    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-22
09:40:31.843    Disk 1 Vendor: WDC_WD1600JD-00HBB0 08.02D08 Size: 152627MB BusType: 3
09:40:31.875    Disk 0 MBR read successfully
09:40:31.875    Disk 0 MBR scan
09:40:31.890    Disk 0 Windows XP default MBR code
09:40:31.890    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       201008 MB offset 63
09:40:31.906    Disk 0 Partition - 00     0F Extended LBA            275928 MB offset 411665625
09:40:31.921    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       275928 MB offset 411665688
09:40:31.921    Disk 0 scanning sectors +976768065
09:40:31.984    Disk 0 scanning C:\WINDOWS\system32\drivers
09:40:43.062    Service scanning
09:41:00.156    Modules scanning
09:41:06.000    Disk 0 trace - called modules:
09:41:06.015    ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
09:41:06.015    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f86ab8]
09:41:06.015    3 CLASSPNP.SYS[f74dbfd7] -> nt!IofCallDriver -> [0x86f54920]
09:41:06.015    5 PCTCore.sys[f72a088f] -> nt!IofCallDriver -> \Device\00000072[0x86f0f1d0]
09:41:06.015    7 ACPI.sys[f7351620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86f89d98]
09:41:06.984    AVAST engine scan C:\WINDOWS
09:41:13.062    AVAST engine scan C:\WINDOWS\system32
09:44:01.375    AVAST engine scan C:\WINDOWS\system32\drivers
09:44:27.078    AVAST engine scan C:\Dokumente und Einstellungen\User
09:46:36.875    AVAST engine scan C:\Dokumente und Einstellungen\All Users
09:48:14.109    Scan finished successfully
09:50:37.187    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\User\Desktop\MBR.dat"
09:50:37.203    The log file has been saved successfully to "C:\Dokumente und Einstellungen\User\Desktop\aswMBR.txt"

cosinus · 19.09.2012, 11:25

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Krifi · 22.09.2012, 08:15

So, hat etwas gedauert

1.) Malwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.20.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: CHRISTOPH [Administrator]

20.09.2012 16:12:37
mbam-log-2012-09-20 (20-35-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 567815
Laufzeit: 3 Stunde(n), 41 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Programme\DVBViewer TE2\update.exe (Spyware.Zbot) -> Keine Aktion durchgeführt.

(Ende)

und 2.) SASW (doch noch was gefunden ?)

Code:

ATTFilter

 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/21/2012 at 08:33 PM

Application Version : 5.5.1016

Core Rules Database Version : 9267
Trace Rules Database Version: 7079

Scan type       : Complete Scan
Total Scan Time : 02:31:20

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 521
Memory threats detected   : 0
Registry items scanned    : 36098
Registry threats detected : 0
File items scanned        : 124712
File threats detected     : 37

Trojan.Agent/Gen-Koobface[Bonkers]
	D:\SYSTEM VOLUME INFORMATION\_RESTORE{393A2C58-15E9-4F21-80EF-E73FBAD11273}\RP373\A0272257.EXE
	D:\SYSTEM VOLUME INFORMATION\_RESTORE{393A2C58-15E9-4F21-80EF-E73FBAD11273}\RP373\A0272258.EXE

Trojan.Agent/Gen-Keylogger
	D:\SYSTEM VOLUME INFORMATION\_RESTORE{393A2C58-15E9-4F21-80EF-E73FBAD11273}\RP373\A0272259.EXE
	D:\SYSTEM VOLUME INFORMATION\_RESTORE{393A2C58-15E9-4F21-80EF-E73FBAD11273}\RP373\A0272260.EXE
	D:\SYSTEM VOLUME INFORMATION\_RESTORE{393A2C58-15E9-4F21-80EF-E73FBAD11273}\RP373\A0272261.EXE
	D:\SYSTEM VOLUME INFORMATION\_RESTORE{393A2C58-15E9-4F21-80EF-E73FBAD11273}\RP373\A0272262.EXE
	D:\SYSTEM VOLUME INFORMATION\_RESTORE{393A2C58-15E9-4F21-80EF-E73FBAD11273}\RP373\A0272263.EXE
	D:\SYSTEM VOLUME INFORMATION\_RESTORE{393A2C58-15E9-4F21-80EF-E73FBAD11273}\RP373\A0272264.EXE
	D:\SYSTEM VOLUME INFORMATION\_RESTORE{393A2C58-15E9-4F21-80EF-E73FBAD11273}\RP373\A0272265.EXE

Adware.Tracking Cookie
	track.adform.net [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	server.adformdsp.net [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.adformdsp.net [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	tracking.mlsat02.de [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.tracker.vinsight.de [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DS50YQGC.DEFAULT\COOKIES.SQLITE ]

12.09.2012, 20:50	#17
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei-Trojaner mit Windows-Systemwiederherstellung bearbeitet ? Ist das ein Büro-PC/Firmenrechner? __________________ __________________

19.09.2012, 11:25	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei-Trojaner mit Windows-Systemwiederherstellung bearbeitet ? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Bundespolizei-Trojaner mit Windows-Systemwiederherstellung bearbeitet ?

Plagegeister aller Art und deren Bekämpfung: Bundespolizei-Trojaner mit Windows-Systemwiederherstellung bearbeitet ?