Webseite kann nicht angezeigt werden

frglaner · 18.09.2012, 20:28

Habe ein Problem, dasss hier augenscheinlich schon diskutiert wurde, Beim Besuch einer schönen Internetseite musste ich einen plötzlichen Abbruch verzeichnen. Beim Neustart taucht nur (zu kurz) der Desktop auf, Task-Manager kommt auch nur kurz. Rechner ist im abgesicherten Modus (mit Netzwerk?) hoch gefahren. Virenscanner (Avast) findet aber nichts...

Was ist zu tun?

OTL schmeißt nur ein Textfile aus:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.9.2012 22:22:20 - Run 4
OTL by OldTimer - Version 3.2.63.0     Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy
 
2,94 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 79,80% Memory free
4,79 Gb Paging File | 4,36 Gb Available in Paging File | 91,12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 89,43 Gb Total Space | 74,60 Gb Free Space | 83,42% Space Free | Partition Type: NTFS
 
Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.18 21:48:21 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.08.05 19:58:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.04.23 21:06:09 | 000,114,240 | ---- | M] (TODO: <Company name>) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe
PRC - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) -- C:\Programme\Netwatch\NetWatch.exe
PRC - [2010.08.25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2009.01.16 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009.01.16 17:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe
PRC - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe
PRC - [2009.01.16 17:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\McTray.exe
PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.13 22:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.18 10:09:22 | 001,810,944 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091801\algo.dll
MOD - [2012.08.21 09:21:38 | 001,802,240 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12082100\algo.dll
MOD - [2012.08.05 19:58:18 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2010.07.30 19:05:28 | 002,860,384 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2010.02.17 12:20:36 | 000,065,576 | R--- | M] () -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
MOD - [2009.04.29 21:07:00 | 000,148,816 | ---- | M] () -- C:\Programme\McAfee\VirusScan Enterprise\vsevntui.dll
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2009.01.16 17:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
MOD - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.05 19:58:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.29 13:14:11 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.23 21:06:09 | 000,114,240 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2011.05.23 12:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe -- (WMCoreService)
SRV - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) [Auto | Running] -- C:\Programme\Netwatch\NetWatch.exe -- (NetWatch)
SRV - [2010.08.25 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2010.08.25 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\User\LOKALE~1\Temp\fflciuob.sys -- (fflciuob)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1e5132.sys -- (e1express)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.05.27 11:06:16 | 001,970,726 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2011.05.13 21:51:18 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2011.03.08 11:25:58 | 000,144,984 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2011.02.28 15:24:02 | 000,087,592 | R--- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\h36wgps.sys -- (h36wgps)
DRV - [2011.02.11 14:46:36 | 000,149,960 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys -- (Mbm4NUn)
DRV - [2011.02.11 14:46:36 | 000,138,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys -- (Mbm4mdm)
DRV - [2011.02.11 14:46:36 | 000,132,808 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys -- (Mbm4mgmt)
DRV - [2011.02.11 14:46:36 | 000,024,904 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys -- (Mbm4NNd5)
DRV - [2011.02.11 14:46:34 | 000,122,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4bus.sys -- (Mbm4bus)
DRV - [2011.02.11 14:46:34 | 000,014,920 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys -- (Mbm4mdfl)
DRV - [2011.02.09 14:26:44 | 000,023,640 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci)
DRV - [2011.01.06 14:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.01.06 14:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.12.21 01:27:06 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)
DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)
DRV - [2010.10.15 01:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010.09.02 09:41:18 | 002,699,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010.08.25 21:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010.08.25 21:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010.08.25 21:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010.08.25 21:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010.08.25 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010.08.25 21:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010.07.22 23:52:36 | 000,932,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010.07.22 23:52:30 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010.01.26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008.07.23 11:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ewe.de/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ewe.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{5D55F36D-DE86-4F4A-AD35-65AC5342BF52}: "URL" = hxxp://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.2.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.18 20:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.05 19:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2012.04.16 21:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions
[2012.08.05 11:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions
[2012.08.04 22:30:10 | 000,021,674 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\addon@defaulttab.com.xpi
[2012.08.05 11:09:31 | 000,314,397 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2012.04.23 21:12:27 | 000,002,036 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\search-here.xml
[2012.04.16 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.05 19:58:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
 
O1 HOSTS File: ([2001.08.23 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Dokumente und Einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [uslzggirrwpdthg] C:\WINDOWS\uslzggir.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 1
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: ewe.de ([gate] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9D581F-CC17-4ACE-B151-662E2C1ED90D}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C4ECB1-DF1F-47F5-AEE4-0BE78D45AF19}: DhcpNameServer = 10.160.34.1 10.160.34.2
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.03 05:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.18 20:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google
[2012.09.18 20:47:28 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.09.18 20:47:28 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.09.18 20:47:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
[2012.09.18 20:47:27 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.09.18 20:47:27 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.09.18 20:47:27 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.09.18 20:47:27 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.09.18 20:47:27 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.09.18 20:47:27 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.09.18 20:47:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.09.18 20:47:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.09.18 20:16:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv
[2012.09.18 18:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\2012_09 Hamburg Arena Polo
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.18 21:57:01 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.18 21:57:00 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.18 21:49:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.18 21:45:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2012.09.18 21:42:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.18 21:09:02 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job
[2012.09.18 20:55:12 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.09.18 20:55:11 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.09.18 20:52:44 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.09.18 20:47:28 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.09.18 20:31:21 | 000,531,650 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.18 20:31:21 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.18 20:31:21 | 000,107,066 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.18 20:31:21 | 000,089,478 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.18 20:26:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.18 20:22:02 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2012.09.18 19:51:18 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf
[2012.09.18 19:51:08 | 000,080,896 | ---- | M] () -- C:\WINDOWS\uslzggir.exe
[2012.09.18 19:51:08 | 000,080,896 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\uslzggir.exe
[2012.09.18 19:51:08 | 000,080,896 | ---- | M] () -- C:\Dokumente und Einstellungen\User\ms.exe
[2012.09.18 18:52:46 | 000,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.08.21 11:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.18 21:45:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2012.09.18 20:52:44 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.09.18 20:47:30 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.18 20:47:30 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.18 20:47:28 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.09.18 20:47:27 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.09.18 20:22:02 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2012.09.18 19:51:17 | 000,080,896 | ---- | C] () -- C:\WINDOWS\uslzggir.exe
[2012.09.18 19:51:17 | 000,080,896 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\uslzggir.exe
[2012.09.18 19:51:08 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf
[2012.09.18 19:51:06 | 000,080,896 | ---- | C] () -- C:\Dokumente und Einstellungen\User\ms.exe
[2012.04.22 21:37:08 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.13 17:46:48 | 000,120,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.09.20 16:20:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.02.27 09:21:40 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
[2011.02.27 09:21:40 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
[2011.02.27 09:21:38 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
[2011.02.27 09:00:22 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011.02.27 08:58:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
 
========== ZeroAccess Check ==========
 
[2012.03.12 17:39:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2012.09.18 20:47:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.09.18 19:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv
[2012.04.23 21:06:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\DefaultTab
[2012.04.25 08:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\FinalMediaPlayer
[2012.03.12 17:27:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Synaptics
[2012.09.18 20:55:12 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012.09.18 21:09:02 | 000,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\Final Media Player Update Checker.job
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-09-18 22:38:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.MH00
Running: dru1shox.exe; Driver: C:\DOKUME~1\User\LOKALE~1\Temp\fflciuob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwAllocateVirtualMemory [0xA60297C8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwClose [0xA60353B4]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwCreateKey [0xA60354AC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwCreateSection [0xA6029BBA]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwDeleteKey [0xA6035240]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwDeleteValueKey [0xA6035148]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwDuplicateObject [0xA6034808]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwFreeVirtualMemory [0xA60298AC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwOpenKey [0xA6034CE0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwOpenProcess [0xA603470C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwOpenThread [0xA603478A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwProtectVirtualMemory [0xA6029A2C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwQueryValueKey [0xA6034D7E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwRenameKey [0xA603530E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwRestoreKey [0xA60355E6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwSetValueKey [0xA6034F7C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwTerminateProcess [0xA6029AF6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwWriteVirtualMemory [0xA6029962]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwCreateProcessEx [0xA6041966]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwLoadDriver [0xA60418C4]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE            ntoskrnl.exe!ObInsertObject                                                                                            8056DA64 5 Bytes  JMP A6040320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ZwCreateProcessEx                                                                                         8059056D 7 Bytes  JMP A604196A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ZwLoadDriver                                                                                              805AEDE2 7 Bytes  JMP A60418C8 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ObMakeTemporaryObject                                                                                     805E74E6 5 Bytes  JMP A603E806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\AVAST Software\Avast\AvastUI.exe[3328] ntdll.dll!RtlDosSearchPath_U + 1D1                                 7C9271CA 1 Byte  [62]
.text           C:\Programme\AVAST Software\Avast\AvastUI.exe[3328] kernel32.dll!GetBinaryTypeW + 80                                   7C868D8C 1 Byte  [62]
.text           C:\Programme\AVAST Software\Avast\AvastSvc.exe[3596] ntdll.dll!RtlDosSearchPath_U + 1D1                                7C9271CA 1 Byte  [62]
.text           C:\Programme\AVAST Software\Avast\AvastSvc.exe[3596] kernel32.dll!SetUnhandledExceptionFilter                          7C84495D 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Programme\AVAST Software\Avast\AvastSvc.exe[3596] kernel32.dll!GetBinaryTypeW + 80                                  7C868D8C 1 Byte  [62]
.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ntdll.dll!LdrLoadDll                   7C9263C3 5 Bytes  JMP 001501F8 
.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ntdll.dll!RtlDosSearchPath_U + 1D1     7C9271CA 1 Byte  [62]
.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ntdll.dll!LdrUnloadDll                 7C92738B 5 Bytes  JMP 001503FC 
.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] kernel32.dll!GetBinaryTypeW + 80       7C868D8C 1 Byte  [62]
.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!SetServiceObjectSecurity  77E06D81 5 Bytes  JMP 003E1014 
.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!ChangeServiceConfigA      77E06E69 5 Bytes  JMP 003E0804 
.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!ChangeServiceConfigW      77E07001 5 Bytes  JMP 003E0A08 
.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!ChangeServiceConfig2A     77E07101 5 Bytes  JMP 003E0C0C 
.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!ChangeServiceConfig2W     77E07189 5 Bytes  JMP 003E0E10 
.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!CreateServiceA            77E07211 5 Bytes  JMP 003E01F8 
.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!CreateServiceW            77E073A9 5 Bytes  JMP 003E03FC 
.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!DeleteService             77E074B1 5 Bytes  JMP 003E0600 
.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] USER32.dll!SetWindowsHookExW           7E37820F 5 Bytes  JMP 003F0804 
.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] USER32.dll!UnhookWindowsHookEx         7E37D5F3 5 Bytes  JMP 003F0A08 
.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] USER32.dll!SetWindowsHookExA           7E381211 5 Bytes  JMP 003F0600 
.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] USER32.dll!SetWinEventHook             7E3817F7 5 Bytes  JMP 003F01F8 
.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] USER32.dll!UnhookWinEvent              7E3818AC 5 Bytes  JMP 003F03FC 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\services.exe[1172] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]          00770002
IAT             C:\WINDOWS\system32\services.exe[1172] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]                00770000
IAT             C:\Programme\AVAST Software\Avast\AvastUI.exe[3328] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]     [64C8F6D0] C:\Programme\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT             C:\Programme\AVAST Software\Avast\AvastSvc.exe[3596] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]    [64C8F6D0] C:\Programme\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                 aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                                wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                              AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

--- --- ---

schrauber · 19.09.2012, 10:32

Hi,

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die End Nutzer Lizenz.
Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls was schief geht.
Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.

Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

frglaner · 19.09.2012, 16:52

Vielen Dank schon einmal für die schnelle Antwort: Log-Datei anbeiCombofix Logfile:

Code:

ATTFilter

ComboFix 12-09-18.07 - User 19.09.2012  17:47:38.2.4 - x86 DSREPAIR
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3014.2565 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\uslzggir.exe
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\addon.ico
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\amazon_ie.ico
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\bing.ico
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DT.ico
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\facebook_ie.ico
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\google.ico
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\search_here_ie.ico
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\searchhere.ico
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\twitter_ie.ico
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\uninstalldt.exe
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\update.exe
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\yahoo.ico
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\yahoo_ie.ico
c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\youtube_ie.ico
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temporary Internet Files\PMH1D.tmp
c:\dokumente und einstellungen\User\ms.exe
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DefaultTabUpdate
-------\Legacy_DefaultTabUpdate
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-19 bis 2012-09-19  ))))))))))))))))))))))))))))))
.
.
2012-09-19 15:43 . 2012-09-19 15:43	--------	d-----w-	C:\avast! sandbox
2012-09-18 17:51 . 2012-09-18 17:51	--------	d-----w-	C:\QUARANTINE
2012-09-18 17:51 . 2012-09-18 17:51	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv
2012-09-18 17:51 . 2012-09-18 17:51	80896	----a-w-	c:\windows\uslzggir.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 17:58 . 2012-04-16 19:54	136672	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-06-02 . 81D2A1B309552DBBB88D1A041CB4A620 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12	121528	----a-w-	c:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uslzggirrwpdthg"="c:\windows\uslzggir.exe" [2012-09-18 80896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2011-04-18 2209064]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-21 737280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 141656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 181592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 165720]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"McAfeeUpdaterUI"="c:\programme\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
"ShStatEXE"="c:\programme\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-25 124224]
"QLBController"="c:\programme\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-13 318520]
"HPConnectionManager"="c:\programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 636256]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Programme\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.9.2012 20:47 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.9.2012 20:47 21256]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe [21.5.2011 17:52 103992]
R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [13.5.2011 22:00 317496]
R2 McAfeeEngineService;McAfee Engine Service;c:\programme\McAfee\VirusScan Enterprise\engineserver.exe [25.8.2010 21:07 22816]
R2 NetWatch;NetWatch;c:\programme\Netwatch\NetWatch.exe [12.3.2012 19:58 45056]
R2 WMCoreService;Mobile Broadband Service;c:\programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode --> c:\programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode [?]
R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [21.4.2009 22:13 113664]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c5132.sys [21.12.2010 01:27 174248]
R3 h36wgps;HP  Mobile Broadband Module NMEA;c:\windows\system32\drivers\h36wgps.sys [12.3.2012 19:32 87592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.7.2008 11:31 44800]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\drivers\IntcDAud.sys [15.10.2010 01:29 260864]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [8.3.2011 11:25 144984]
R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [9.2.2011 14:26 23640]
R3 Mbm4bus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [12.3.2012 19:32 122824]
R3 Mbm4mdfl;HP  Mobile Broadband Module Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [12.3.2012 19:32 14920]
R3 Mbm4mdm;HP  Mobile Broadband Module Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [12.3.2012 19:32 138952]
R3 Mbm4mgmt;HP  Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [12.3.2012 19:32 132808]
R3 Mbm4NNd5;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter;c:\windows\system32\drivers\Mbm4NNd5.sys [12.3.2012 19:32 24904]
R3 Mbm4NUn;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [12.3.2012 19:32 149960]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [19.10.2010 16:33 41088]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18.9.2012 20:47 729752]
S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [18.9.2012 20:47 136176]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12.3.2012 18:33 69192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29.4.2012 13:14 253088]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [18.9.2012 20:47 136176]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [23.5.2011 12:45 1098296]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12.3.2012 18:33 66536]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [30.4.2012 22:50 113120]
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 11:14]
.
2012-09-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\programme\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-18 09:12]
.
2012-09-19 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\programme\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-04-23 12:24]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-09-18 18:47]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-09-18 18:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ewe.de/
mStart Page = hxxp://www.ewe.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: ewe.de\gate
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabBHO.dll
AddRemove-DefaultTab - c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-09-19 17:49
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-19  17:50:15
ComboFix-quarantined-files.txt  2012-09-19 15:50
.
Vor Suchlauf: 12 Verzeichnis(se), 80.407.101.440 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 80.354.152.448 Bytes frei
.
- - End Of File - - 819C873A4ACFD1E7541CF78CE2F2EE47

--- --- ---

Hochfahren ist übrigens nur mit Verzeichniswiederherstellung im abgesicherten Modus möglich.

schrauber · 19.09.2012, 19:05

Hi,

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:

BleepingComputer.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

Folder::
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv

File::
c:\windows\uslzggir.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uslzggirrwpdthg"=-

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Vista-User mit Rechtsklick und als Administrator starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:filefind
sfcfiles.dll
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Downloade dir bitte Farbar's Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

frglaner · 19.09.2012, 19:46

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-09-18.07 - User 19.09.2012  20:39:47.3.4 - x86 DSREPAIR
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3014.2601 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\User\Eigene Dateien\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\User\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
FILE ::
"c:\windows\uslzggir.exe"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\btn-green.png
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\corners-btn.png
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\corners1.png
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\corners2.png
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\corners3.png
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\corners4.png
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\de-flag.png
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\de-image.png
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\ie6-7.css
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\jquery.main.js
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\McAfee.png
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\pays-de.png
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\steps-de.png
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\steps-en.png
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\style.css
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\tabs.png
c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\wait.html
c:\windows\uslzggir.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-19 bis 2012-09-19  ))))))))))))))))))))))))))))))
.
.
2012-09-19 15:43 . 2012-09-19 15:43	--------	d-----w-	C:\avast! sandbox
2012-09-18 17:51 . 2012-09-18 17:51	--------	d-----w-	C:\QUARANTINE
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 17:58 . 2012-04-16 19:54	136672	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-06-02 . 81D2A1B309552DBBB88D1A041CB4A620 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12	121528	----a-w-	c:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2011-04-18 2209064]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-21 737280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 141656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 181592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 165720]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"McAfeeUpdaterUI"="c:\programme\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
"ShStatEXE"="c:\programme\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-25 124224]
"QLBController"="c:\programme\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-13 318520]
"HPConnectionManager"="c:\programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 636256]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Programme\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.9.2012 20:47 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.9.2012 20:47 21256]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe [21.5.2011 17:52 103992]
R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [13.5.2011 22:00 317496]
R2 McAfeeEngineService;McAfee Engine Service;c:\programme\McAfee\VirusScan Enterprise\engineserver.exe [25.8.2010 21:07 22816]
R2 NetWatch;NetWatch;c:\programme\Netwatch\NetWatch.exe [12.3.2012 19:58 45056]
R2 WMCoreService;Mobile Broadband Service;c:\programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode --> c:\programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode [?]
R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [21.4.2009 22:13 113664]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c5132.sys [21.12.2010 01:27 174248]
R3 h36wgps;HP  Mobile Broadband Module NMEA;c:\windows\system32\drivers\h36wgps.sys [12.3.2012 19:32 87592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.7.2008 11:31 44800]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\drivers\IntcDAud.sys [15.10.2010 01:29 260864]
R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [9.2.2011 14:26 23640]
R3 Mbm4bus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [12.3.2012 19:32 122824]
R3 Mbm4mdfl;HP  Mobile Broadband Module Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [12.3.2012 19:32 14920]
R3 Mbm4mdm;HP  Mobile Broadband Module Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [12.3.2012 19:32 138952]
R3 Mbm4mgmt;HP  Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [12.3.2012 19:32 132808]
R3 Mbm4NNd5;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter;c:\windows\system32\drivers\Mbm4NNd5.sys [12.3.2012 19:32 24904]
R3 Mbm4NUn;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [12.3.2012 19:32 149960]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [19.10.2010 16:33 41088]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18.9.2012 20:47 729752]
S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [18.9.2012 20:47 136176]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12.3.2012 18:33 69192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29.4.2012 13:14 253088]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [18.9.2012 20:47 136176]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [23.5.2011 12:45 1098296]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [8.3.2011 11:25 144984]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12.3.2012 18:33 66536]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [30.4.2012 22:50 113120]
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 11:14]
.
2012-09-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\programme\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-18 09:12]
.
2012-09-19 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\programme\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-04-23 12:24]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-09-18 18:47]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-09-18 18:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ewe.de/
mStart Page = hxxp://www.ewe.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: ewe.de\gate
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-19 20:41
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1152)
c:\windows\system32\igfxdev.dll
.
Zeit der Fertigstellung: 2012-09-19  20:41:42
ComboFix-quarantined-files.txt  2012-09-19 18:41
ComboFix2.txt  2012-09-19 15:50
.
Vor Suchlauf: 12 Verzeichnis(se), 80.458.518.528 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 80.437.997.568 Bytes frei
.
- - End Of File - - CB4EBA64445E358DDE5B53DD1413760E

--- --- ---

SystemLook 30.07.11 by jpshortstuff
Log created at 20:48 on 19/09/2012 by User
Administrator - Elevation successful

========== filefind ==========

Searching for "sfcfiles.dll"
C:\WINDOWS\system32\sfcfiles.dll --a---- 1571840 bytes [04:07 03/06/2009] [04:29 02/06/2009] 81D2A1B309552DBBB88D1A041CB4A620

-= EOF =-

Farbar Service Scanner Version: 19-09-2012
Ran by User (administrator) on 19-09-2012 at 20:50:56
Running from "C:\Dokumente und Einstellungen\User\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2009-06-03 06:05] - [2008-04-13 22:52] - 0127488 ____A (Microsoft Corporation) C29A1C9B75BA38FA37F8C44405DEC360

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2009-06-03 06:05] - [2008-04-13 22:52] - 0045568 ____A (Microsoft Corporation) 8C9ED3B2834AAE63081AB2DA831C6FE9

C:\WINDOWS\system32\ipnathlp.dll
[2009-06-03 06:06] - [2008-04-13 22:52] - 0334336 ____A (Microsoft Corporation) CAD058D5F8B889A87CA3EB3CF624DCEF

C:\WINDOWS\system32\netman.dll
[2009-06-03 06:06] - [2008-04-13 22:52] - 0198144 ____A (Microsoft Corporation) E6D88F1F6745BF00B57E7855A2AB696C

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-06-03 05:16] - [2008-04-13 22:52] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729

C:\WINDOWS\system32\srsvc.dll
[2009-06-03 05:17] - [2008-04-13 22:52] - 0171520 ____A (Microsoft Corporation) FE77A85495065F3AD59C5C65B6C54182

C:\WINDOWS\system32\Drivers\sr.sys
[2009-06-03 05:17] - [2008-04-13 22:32] - 0073472 ____A (Microsoft Corporation) 50FA898F8C032796D3B1B9951BB5A90F

C:\WINDOWS\system32\wscsvc.dll
[2009-06-03 06:07] - [2008-04-13 22:52] - 0080896 ____A (Microsoft Corporation) 300B3E84FAF1A5C1F791C159BA28035D

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-06-03 05:16] - [2008-04-13 22:52] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729

C:\WINDOWS\system32\wuauserv.dll
[2009-06-03 05:18] - [2008-04-13 22:52] - 0006656 ____A (Microsoft Corporation) 7B4FE05202AA6BF9F4DFD0E6A0D8A085

C:\WINDOWS\system32\qmgr.dll
[2009-06-03 05:18] - [2008-04-13 22:52] - 0409088 ____A (Microsoft Corporation) D6F603772A789BB3228F310D650B8BD1

C:\WINDOWS\system32\es.dll
[2009-06-03 06:05] - [2008-07-07 22:26] - 0253952 ____A (Microsoft Corporation) AF4F6B5739D18CA7972AB53E091CBC74

C:\WINDOWS\system32\cryptsvc.dll
[2009-06-03 06:05] - [2008-04-13 22:52] - 0062464 ____A (Microsoft Corporation) 611F824E5C703A5A899F84C5F1699E4D

C:\WINDOWS\system32\svchost.exe
[2009-06-03 06:07] - [2008-04-13 22:53] - 0014336 ____A (Microsoft Corporation) 4FBC75B74479C7A6F829E0CA19DF3366

C:\WINDOWS\system32\rpcss.dll
[2009-06-03 06:07] - [2009-02-09 12:51] - 0401408 ____A (Microsoft Corporation) 3127AFBF2C1ED0AB14A1BBB7AAECB85B

C:\WINDOWS\system32\services.exe
[2009-06-03 06:07] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) A3EDBE9053889FB24AB22492472B39DC

Extra List:
=======
aswTdi(10) Gpc(6) IPSec(4) mfetdik(9) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000900000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

Ich hoffe ich hab´s...

schrauber · 19.09.2012, 19:54

Lass bitte Systemlook nochmal laufen, diesmal:

:filefind
sfcfiles.*

frglaner · 19.09.2012, 20:33

SystemLook 30.07.11 by jpshortstuff
Log created at 21:32 on 19/09/2012 by User
Administrator - Elevation successful

========== filefind ==========

Searching for "sfcfiles.*"
C:\WINDOWS\system32\sfcfiles.dll --a---- 1571840 bytes [04:07 03/06/2009] [04:29 02/06/2009] 81D2A1B309552DBBB88D1A041CB4A620

-= EOF =-

Gruß
frglaner

schrauber · 19.09.2012, 20:55

geh mal bitte auf virustotal.com und lass folgende datei prüfen:

C:\WINDOWS\system32\sfcfiles.dll

und poste mir den link zum ergebnis.

frglaner · 19.09.2012, 21:11

Findest Du hier

https://www.virustotal.com/file/b17d72bb6d69cd74edced49ad9ae3fa621f2343547426f2a47f736fffdd855f6/analysis/1348085286/

gruß
frglaner

schrauber · 19.09.2012, 21:18

Sieht gut aus

Malwarebytes' Anti-Malware

Lies dir die Entfernungsanleitung durch und lass alles entfernen was gefunden wurde:

Download von Malwarebytes' Anti-Malware

(nach dem scannen auf den Button klicken und Funde löschen lassen!)

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Und ein frisches OTL logfile bitte. Noch Probleme?

frglaner · 19.09.2012, 21:46

Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.19.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: CNU2023M8L [Administrator]

Schutz: Aktiviert

19.9.2012 22:41:23
mbam-log-2012-09-19 (22-41-23).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214469
Laufzeit: 2 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Dokumente und Einstellungen\User\Desktop\VLCMediaPlayerSetup.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\FinalMediaPlayer2011Setup.exe (PUP.BundleOffers.IIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\3C57D487-BAB0-7891-823C-006C65AD63A5\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\All Users\Anwendungsdaten\uslzggir.exe.vir Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\User\ms.exe.vir Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\uslzggir.exe.vir Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{6A133E43-ADF4-4D4E-ABD3-BA4249936868}\RP135\A0011538.exe Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{6A133E43-ADF4-4D4E-ABD3-BA4249936868}\RP135\A0011558.exe Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{6A133E43-ADF4-4D4E-ABD3-BA4249936868}\RP135\A0012750.exe Win32/Weelsof.B trojan cleaned by deleting - quarantined

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 19.9.2012 23:11:49 - Run 6
OTL by OldTimer - Version 3.2.63.0     Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy
 
2,94 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 76,73% Memory free
4,79 Gb Paging File | 4,21 Gb Available in Paging File | 87,91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 89,43 Gb Total Space | 74,68 Gb Free Space | 83,51% Space Free | Partition Type: NTFS
 
Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012.09.18 22:12:27 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\OTL(1).exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.08.05 19:58:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe
PRC - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) -- C:\Programme\Netwatch\NetWatch.exe
PRC - [2010.08.25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2009.01.16 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe
PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.13 22:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.19 22:27:36 | 002,098,200 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2012.09.19 11:33:07 | 001,811,456 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091900\algo.dll
MOD - [2012.09.06 07:25:54 | 000,467,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-14.0.1.dll
MOD - [2012.08.05 19:58:18 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2010.02.17 12:20:36 | 000,065,576 | R--- | M] () -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
MOD - [2009.01.16 17:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
MOD - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.05 19:58:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.29 13:14:11 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2011.05.23 12:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe -- (WMCoreService)
SRV - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) [Auto | Running] -- C:\Programme\Netwatch\NetWatch.exe -- (NetWatch)
SRV - [2010.08.25 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2010.08.25 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1e5132.sys -- (e1express)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.05.27 11:06:16 | 001,970,726 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2011.05.13 21:51:18 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2011.03.08 11:25:58 | 000,144,984 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2011.02.28 15:24:02 | 000,087,592 | R--- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\h36wgps.sys -- (h36wgps)
DRV - [2011.02.11 14:46:36 | 000,149,960 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys -- (Mbm4NUn)
DRV - [2011.02.11 14:46:36 | 000,138,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys -- (Mbm4mdm)
DRV - [2011.02.11 14:46:36 | 000,132,808 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys -- (Mbm4mgmt)
DRV - [2011.02.11 14:46:36 | 000,024,904 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys -- (Mbm4NNd5)
DRV - [2011.02.11 14:46:34 | 000,122,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4bus.sys -- (Mbm4bus)
DRV - [2011.02.11 14:46:34 | 000,014,920 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys -- (Mbm4mdfl)
DRV - [2011.02.09 14:26:44 | 000,023,640 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci)
DRV - [2011.01.06 14:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.01.06 14:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.12.21 01:27:06 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)
DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)
DRV - [2010.10.15 01:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010.09.02 09:41:18 | 002,699,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010.08.25 21:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010.08.25 21:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010.08.25 21:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010.08.25 21:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010.08.25 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010.08.25 21:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010.07.22 23:52:36 | 000,932,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010.07.22 23:52:30 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010.01.26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008.07.23 11:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = EWE AG - Strom, Erdgas und Telekommunikation aus einer Hand
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114435&tt=120912_ccp_3812_8&babsrc=SP_ss&mntrId=28821cc0000000000000028037ec0200
IE - HKCU\..\SearchScopes\{5D55F36D-DE86-4F4A-AD35-65AC5342BF52}: "URL" = hxxp://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=114435&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=28821cc0000000000000028037ec0200"
FF - prefs.js..extensions.enabledAddons: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.2.2
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.2.643.41
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.18 20:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.05 19:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.09.19 22:27:37 | 000,000,000 | ---D | M]
 
[2012.04.16 21:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions
[2012.09.19 22:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions
[2012.09.19 22:36:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\ffxtlbr@babylon.com
[2012.08.04 22:30:10 | 000,021,674 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\addon@defaulttab.com.xpi
[2012.08.05 11:09:31 | 000,314,397 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2012.09.19 22:27:37 | 000,002,223 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\BabylonMngr.xml
[2012.04.23 21:12:27 | 000,002,036 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\search-here.xml
[2012.04.16 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.19 22:27:37 | 000,000,000 | ---D | M] (Browser Manager) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\BROWSER MANAGER\2.2.643.41\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
[2012.08.05 19:58:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.19 22:26:27 | 000,002,360 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Babylon Search
CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
 
O1 HOSTS File: ([2012.09.19 20:41:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [SDP] C:\Programme\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-48S0V.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: ewe.de ([gate] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9D581F-CC17-4ACE-B151-662E2C1ED90D}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C4ECB1-DF1F-47F5-AEE4-0BE78D45AF19}: DhcpNameServer = 10.160.34.1 10.160.34.2
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.03 05:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.19 22:53:12 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.09.19 22:31:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes
[2012.09.19 22:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.09.19 22:30:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Programme\FilesFrog Update Checker
[2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\FilesFrog Update Checker
[2012.09.19 22:27:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Start Menu
[2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager
[2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BabylonToolbar
[2012.09.19 22:26:44 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar
[2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Babylon
[2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.09.19 20:49:47 | 000,693,265 | ---- | C] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe
[2012.09.19 17:43:11 | 000,000,000 | ---D | C] -- C:\avast! sandbox
[2012.09.19 17:38:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.09.19 17:38:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.09.19 17:38:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.09.19 17:38:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.09.19 17:35:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.19 17:35:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Verwaltung
[2012.09.19 17:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.09.18 20:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google
[2012.09.18 20:47:28 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.09.18 20:47:28 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.09.18 20:47:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
[2012.09.18 20:47:27 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.09.18 20:47:27 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.09.18 20:47:27 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.09.18 20:47:27 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.09.18 20:47:27 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.09.18 20:47:27 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.09.18 20:47:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.09.18 20:47:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.09.18 20:16:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2012.09.18 18:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\2012_09 Hamburg Arena Polo
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.19 23:14:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job
[2012.09.19 23:03:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.19 23:03:00 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.19 22:54:19 | 000,531,650 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.19 22:54:19 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.19 22:54:19 | 000,107,066 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.19 22:54:19 | 000,089,478 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.19 22:50:15 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.09.19 22:49:56 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job
[2012.09.19 22:49:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.19 22:42:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.19 22:33:07 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-48S0V.exe
[2012.09.19 22:33:07 | 000,012,842 | ---- | M] () -- C:\WINDOWS\is-48S0V.msg
[2012.09.19 22:33:07 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.19 22:33:07 | 000,000,414 | ---- | M] () -- C:\WINDOWS\is-48S0V.lst
[2012.09.19 22:27:41 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk
[2012.09.19 22:26:45 | 000,000,315 | ---- | M] () -- C:\user.js
[2012.09.19 20:49:50 | 000,693,265 | ---- | M] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe
[2012.09.19 20:46:52 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe
[2012.09.19 20:41:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.09.19 20:34:49 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk
[2012.09.18 21:49:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.18 21:45:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2012.09.18 20:55:11 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.09.18 20:52:44 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.09.18 20:47:28 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.09.18 20:22:02 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2012.09.18 19:51:18 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf
[2012.09.18 18:52:46 | 000,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.08.21 11:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.19 22:33:07 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-48S0V.exe
[2012.09.19 22:33:07 | 000,012,842 | ---- | C] () -- C:\WINDOWS\is-48S0V.msg
[2012.09.19 22:33:07 | 000,000,414 | ---- | C] () -- C:\WINDOWS\is-48S0V.lst
[2012.09.19 22:30:58 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.19 22:27:41 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk
[2012.09.19 22:27:38 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Browser Manager.job
[2012.09.19 22:26:45 | 000,000,315 | ---- | C] () -- C:\user.js
[2012.09.19 20:46:52 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe
[2012.09.19 20:34:49 | 000,000,941 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk
[2012.09.19 17:38:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.09.19 17:38:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.09.19 17:38:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.09.19 17:38:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.09.19 17:38:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.09.18 21:45:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2012.09.18 20:52:44 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.09.18 20:47:30 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.18 20:47:30 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.18 20:47:28 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.09.18 20:47:27 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.09.18 20:22:02 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2012.09.18 19:51:08 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf
[2012.04.22 21:37:08 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.13 17:46:48 | 000,120,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.09.20 16:20:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.02.27 09:21:40 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
[2011.02.27 09:21:40 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
[2011.02.27 09:21:38 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
[2011.02.27 09:00:22 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011.02.27 08:58:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
 
========== ZeroAccess Check ==========
 
[2012.03.12 17:39:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

< End of report >

--- --- ---
Problemlage kann ich so nicht beurteilen. Hab auch ein bisschen den Überblick verloren.

Gruß

frglaner

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 19.9.2012 23:11:49 - Run 6
OTL by OldTimer - Version 3.2.63.0     Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy
 
2,94 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 76,73% Memory free
4,79 Gb Paging File | 4,21 Gb Available in Paging File | 87,91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 89,43 Gb Total Space | 74,68 Gb Free Space | 83,51% Space Free | Partition Type: NTFS
 
Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012.09.18 22:12:27 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\OTL(1).exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.08.05 19:58:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe
PRC - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) -- C:\Programme\Netwatch\NetWatch.exe
PRC - [2010.08.25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2009.01.16 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe
PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.13 22:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.19 22:27:36 | 002,098,200 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2012.09.19 11:33:07 | 001,811,456 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091900\algo.dll
MOD - [2012.09.06 07:25:54 | 000,467,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-14.0.1.dll
MOD - [2012.08.05 19:58:18 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2010.02.17 12:20:36 | 000,065,576 | R--- | M] () -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
MOD - [2009.01.16 17:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
MOD - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.05 19:58:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.29 13:14:11 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2011.05.23 12:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe -- (WMCoreService)
SRV - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) [Auto | Running] -- C:\Programme\Netwatch\NetWatch.exe -- (NetWatch)
SRV - [2010.08.25 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2010.08.25 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1e5132.sys -- (e1express)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.05.27 11:06:16 | 001,970,726 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2011.05.13 21:51:18 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2011.03.08 11:25:58 | 000,144,984 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2011.02.28 15:24:02 | 000,087,592 | R--- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\h36wgps.sys -- (h36wgps)
DRV - [2011.02.11 14:46:36 | 000,149,960 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys -- (Mbm4NUn)
DRV - [2011.02.11 14:46:36 | 000,138,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys -- (Mbm4mdm)
DRV - [2011.02.11 14:46:36 | 000,132,808 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys -- (Mbm4mgmt)
DRV - [2011.02.11 14:46:36 | 000,024,904 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys -- (Mbm4NNd5)
DRV - [2011.02.11 14:46:34 | 000,122,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4bus.sys -- (Mbm4bus)
DRV - [2011.02.11 14:46:34 | 000,014,920 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys -- (Mbm4mdfl)
DRV - [2011.02.09 14:26:44 | 000,023,640 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci)
DRV - [2011.01.06 14:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.01.06 14:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.12.21 01:27:06 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)
DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)
DRV - [2010.10.15 01:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010.09.02 09:41:18 | 002,699,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010.08.25 21:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010.08.25 21:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010.08.25 21:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010.08.25 21:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010.08.25 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010.08.25 21:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010.07.22 23:52:36 | 000,932,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010.07.22 23:52:30 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010.01.26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008.07.23 11:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = EWE AG - Strom, Erdgas und Telekommunikation aus einer Hand
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114435&tt=120912_ccp_3812_8&babsrc=SP_ss&mntrId=28821cc0000000000000028037ec0200
IE - HKCU\..\SearchScopes\{5D55F36D-DE86-4F4A-AD35-65AC5342BF52}: "URL" = hxxp://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=114435&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=28821cc0000000000000028037ec0200"
FF - prefs.js..extensions.enabledAddons: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.2.2
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.2.643.41
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.18 20:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.05 19:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.09.19 22:27:37 | 000,000,000 | ---D | M]
 
[2012.04.16 21:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions
[2012.09.19 22:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions
[2012.09.19 22:36:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\ffxtlbr@babylon.com
[2012.08.04 22:30:10 | 000,021,674 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\addon@defaulttab.com.xpi
[2012.08.05 11:09:31 | 000,314,397 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2012.09.19 22:27:37 | 000,002,223 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\BabylonMngr.xml
[2012.04.23 21:12:27 | 000,002,036 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\search-here.xml
[2012.04.16 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.19 22:27:37 | 000,000,000 | ---D | M] (Browser Manager) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\BROWSER MANAGER\2.2.643.41\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
[2012.08.05 19:58:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.19 22:26:27 | 000,002,360 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Babylon Search
CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
 
O1 HOSTS File: ([2012.09.19 20:41:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [SDP] C:\Programme\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-48S0V.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: ewe.de ([gate] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9D581F-CC17-4ACE-B151-662E2C1ED90D}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C4ECB1-DF1F-47F5-AEE4-0BE78D45AF19}: DhcpNameServer = 10.160.34.1 10.160.34.2
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.03 05:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.19 22:53:12 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.09.19 22:31:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes
[2012.09.19 22:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.09.19 22:30:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Programme\FilesFrog Update Checker
[2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\FilesFrog Update Checker
[2012.09.19 22:27:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Start Menu
[2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager
[2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BabylonToolbar
[2012.09.19 22:26:44 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar
[2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Babylon
[2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.09.19 20:49:47 | 000,693,265 | ---- | C] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe
[2012.09.19 17:43:11 | 000,000,000 | ---D | C] -- C:\avast! sandbox
[2012.09.19 17:38:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.09.19 17:38:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.09.19 17:38:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.09.19 17:38:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.09.19 17:35:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.19 17:35:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Verwaltung
[2012.09.19 17:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.09.18 20:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google
[2012.09.18 20:47:28 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.09.18 20:47:28 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.09.18 20:47:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
[2012.09.18 20:47:27 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.09.18 20:47:27 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.09.18 20:47:27 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.09.18 20:47:27 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.09.18 20:47:27 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.09.18 20:47:27 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.09.18 20:47:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.09.18 20:47:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.09.18 20:16:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2012.09.18 18:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\2012_09 Hamburg Arena Polo
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.19 23:14:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job
[2012.09.19 23:03:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.19 23:03:00 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.19 22:54:19 | 000,531,650 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.19 22:54:19 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.19 22:54:19 | 000,107,066 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.19 22:54:19 | 000,089,478 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.19 22:50:15 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.09.19 22:49:56 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job
[2012.09.19 22:49:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.19 22:42:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.19 22:33:07 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-48S0V.exe
[2012.09.19 22:33:07 | 000,012,842 | ---- | M] () -- C:\WINDOWS\is-48S0V.msg
[2012.09.19 22:33:07 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.19 22:33:07 | 000,000,414 | ---- | M] () -- C:\WINDOWS\is-48S0V.lst
[2012.09.19 22:27:41 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk
[2012.09.19 22:26:45 | 000,000,315 | ---- | M] () -- C:\user.js
[2012.09.19 20:49:50 | 000,693,265 | ---- | M] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe
[2012.09.19 20:46:52 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe
[2012.09.19 20:41:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.09.19 20:34:49 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk
[2012.09.18 21:49:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.18 21:45:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2012.09.18 20:55:11 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.09.18 20:52:44 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.09.18 20:47:28 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.09.18 20:22:02 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2012.09.18 19:51:18 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf
[2012.09.18 18:52:46 | 000,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.08.21 11:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.19 22:33:07 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-48S0V.exe
[2012.09.19 22:33:07 | 000,012,842 | ---- | C] () -- C:\WINDOWS\is-48S0V.msg
[2012.09.19 22:33:07 | 000,000,414 | ---- | C] () -- C:\WINDOWS\is-48S0V.lst
[2012.09.19 22:30:58 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.19 22:27:41 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk
[2012.09.19 22:27:38 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Browser Manager.job
[2012.09.19 22:26:45 | 000,000,315 | ---- | C] () -- C:\user.js
[2012.09.19 20:46:52 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe
[2012.09.19 20:34:49 | 000,000,941 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk
[2012.09.19 17:38:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.09.19 17:38:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.09.19 17:38:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.09.19 17:38:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.09.19 17:38:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.09.18 21:45:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2012.09.18 20:52:44 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.09.18 20:47:30 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.18 20:47:30 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.18 20:47:28 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.09.18 20:47:27 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.09.18 20:22:02 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2012.09.18 19:51:08 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf
[2012.04.22 21:37:08 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.13 17:46:48 | 000,120,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.09.20 16:20:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.02.27 09:21:40 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
[2011.02.27 09:21:40 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
[2011.02.27 09:21:38 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
[2011.02.27 09:00:22 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011.02.27 08:58:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
 
========== ZeroAccess Check ==========
 
[2012.03.12 17:39:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

< End of report >

--- --- ---

Problemlage kann ich so nicht beurteilen. Hab auch ein bisschen den Überblick verloren.

Gruß

frglaner

Hallo Schrauber,

Display bleibt jetzt blau nach dem Hochfahren (weißer Bildschirm mit ursprünglichem Eintrag "Webseite kann nicht..." erscheint nicht mehr). Task-Manager kann angesteuert werden. Sonst geht nix...

Gruß
frglaner

schrauber · 20.09.2012, 06:56

Bitte starte mal OTl, setze bei Extra Registrierung den Button auf Benutze Safe List und klick Scan, poste beide Logfiles.

Start > ausführen:

sfc /scannow

frglaner · 20.09.2012, 15:13

Also hier die Logs:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.9.2012 16:04:12 - Run 7
OTL by OldTimer - Version 3.2.63.0     Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy
 
2,94 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 77,88% Memory free
4,79 Gb Paging File | 4,26 Gb Available in Paging File | 89,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 89,43 Gb Total Space | 74,39 Gb Free Space | 83,19% Space Free | Partition Type: NTFS
 
Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012.09.18 21:48:21 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.08.05 19:58:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe
PRC - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) -- C:\Programme\Netwatch\NetWatch.exe
PRC - [2010.08.25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2009.01.16 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe
PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.13 22:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.20 08:28:32 | 001,811,968 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12092000\algo.dll
MOD - [2012.09.19 22:28:30 | 001,811,456 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091901\algo.dll
MOD - [2012.09.19 22:27:36 | 002,098,200 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2012.09.06 07:25:54 | 000,467,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-14.0.1.dll
MOD - [2012.08.05 19:58:18 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2010.02.17 12:20:36 | 000,065,576 | R--- | M] () -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2009.01.16 17:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
MOD - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.05 19:58:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.29 13:14:11 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2011.05.23 12:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe -- (WMCoreService)
SRV - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) [Auto | Running] -- C:\Programme\Netwatch\NetWatch.exe -- (NetWatch)
SRV - [2010.08.25 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2010.08.25 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1e5132.sys -- (e1express)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.05.27 11:06:16 | 001,970,726 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2011.05.13 21:51:18 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2011.03.08 11:25:58 | 000,144,984 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2011.02.28 15:24:02 | 000,087,592 | R--- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\h36wgps.sys -- (h36wgps)
DRV - [2011.02.11 14:46:36 | 000,149,960 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys -- (Mbm4NUn)
DRV - [2011.02.11 14:46:36 | 000,138,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys -- (Mbm4mdm)
DRV - [2011.02.11 14:46:36 | 000,132,808 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys -- (Mbm4mgmt)
DRV - [2011.02.11 14:46:36 | 000,024,904 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys -- (Mbm4NNd5)
DRV - [2011.02.11 14:46:34 | 000,122,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4bus.sys -- (Mbm4bus)
DRV - [2011.02.11 14:46:34 | 000,014,920 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys -- (Mbm4mdfl)
DRV - [2011.02.09 14:26:44 | 000,023,640 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci)
DRV - [2011.01.06 14:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.01.06 14:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.12.21 01:27:06 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)
DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)
DRV - [2010.10.15 01:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010.09.02 09:41:18 | 002,699,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010.08.25 21:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010.08.25 21:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010.08.25 21:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010.08.25 21:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010.08.25 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010.08.25 21:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010.07.22 23:52:36 | 000,932,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010.07.22 23:52:30 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010.01.26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008.07.23 11:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = EWE AG - Strom, Erdgas und Telekommunikation aus einer Hand
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114435&tt=120912_ccp_3812_8&babsrc=SP_ss&mntrId=28821cc0000000000000028037ec0200
IE - HKCU\..\SearchScopes\{5D55F36D-DE86-4F4A-AD35-65AC5342BF52}: "URL" = hxxp://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=114435&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=28821cc0000000000000028037ec0200"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.18 20:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.05 19:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.09.19 22:27:37 | 000,000,000 | ---D | M]
 
[2012.04.16 21:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions
[2012.09.19 22:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions
[2012.09.19 22:36:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\ffxtlbr@babylon.com
[2012.08.04 22:30:10 | 000,021,674 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\addon@defaulttab.com.xpi
[2012.08.05 11:09:31 | 000,314,397 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2012.09.19 22:27:37 | 000,002,223 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\BabylonMngr.xml
[2012.04.23 21:12:27 | 000,002,036 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\search-here.xml
[2012.04.16 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.19 22:27:37 | 000,000,000 | ---D | M] (Browser Manager) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\BROWSER MANAGER\2.2.643.41\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
[2012.08.05 19:58:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.19 22:26:27 | 000,002,360 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Babylon Search
CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
 
O1 HOSTS File: ([2012.09.19 20:41:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [SDP] C:\Programme\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-48S0V.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: ewe.de ([gate] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.6.108.140 212.6.108.141
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9D581F-CC17-4ACE-B151-662E2C1ED90D}: DhcpNameServer = 212.6.108.140 212.6.108.141
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C4ECB1-DF1F-47F5-AEE4-0BE78D45AF19}: DhcpNameServer = 10.160.34.1 10.160.34.2
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.03 05:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.19 23:40:33 | 000,000,000 | ---D | C] -- C:\avast! sandbox
[2012.09.19 22:53:12 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.09.19 22:31:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes
[2012.09.19 22:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.09.19 22:30:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Programme\FilesFrog Update Checker
[2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\FilesFrog Update Checker
[2012.09.19 22:27:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Start Menu
[2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager
[2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BabylonToolbar
[2012.09.19 22:26:44 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar
[2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Babylon
[2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.09.19 20:49:47 | 000,693,265 | ---- | C] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe
[2012.09.19 17:38:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.09.19 17:38:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.09.19 17:38:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.09.19 17:38:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.09.19 17:35:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.19 17:35:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Verwaltung
[2012.09.19 17:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.09.18 20:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google
[2012.09.18 20:47:28 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.09.18 20:47:28 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.09.18 20:47:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
[2012.09.18 20:47:27 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.09.18 20:47:27 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.09.18 20:47:27 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.09.18 20:47:27 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.09.18 20:47:27 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.09.18 20:47:27 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.09.18 20:47:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.09.18 20:47:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.09.18 20:16:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2012.09.18 18:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\2012_09 Hamburg Arena Polo
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.20 16:09:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job
[2012.09.20 16:03:05 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.20 15:53:01 | 000,531,650 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.20 15:53:01 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.20 15:53:01 | 000,107,066 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.20 15:53:01 | 000,089,478 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.20 15:49:00 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.09.20 15:48:34 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.20 15:48:34 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job
[2012.09.20 15:48:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.20 07:15:49 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.19 22:33:07 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-48S0V.exe
[2012.09.19 22:33:07 | 000,012,842 | ---- | M] () -- C:\WINDOWS\is-48S0V.msg
[2012.09.19 22:33:07 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.19 22:33:07 | 000,000,414 | ---- | M] () -- C:\WINDOWS\is-48S0V.lst
[2012.09.19 22:27:41 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk
[2012.09.19 22:26:45 | 000,000,315 | ---- | M] () -- C:\user.js
[2012.09.19 20:49:50 | 000,693,265 | ---- | M] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe
[2012.09.19 20:46:52 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe
[2012.09.19 20:41:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.09.19 20:34:49 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk
[2012.09.18 21:49:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.18 21:45:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2012.09.18 20:55:11 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.09.18 20:52:44 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.09.18 20:47:28 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.09.18 20:22:02 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2012.09.18 19:51:18 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf
[2012.09.18 18:52:46 | 000,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.20 15:48:48 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Browser Manager.job
[2012.09.19 22:33:07 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-48S0V.exe
[2012.09.19 22:33:07 | 000,012,842 | ---- | C] () -- C:\WINDOWS\is-48S0V.msg
[2012.09.19 22:33:07 | 000,000,414 | ---- | C] () -- C:\WINDOWS\is-48S0V.lst
[2012.09.19 22:30:58 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.19 22:27:41 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk
[2012.09.19 22:26:45 | 000,000,315 | ---- | C] () -- C:\user.js
[2012.09.19 20:46:52 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe
[2012.09.19 20:34:49 | 000,000,941 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk
[2012.09.19 17:38:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.09.19 17:38:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.09.19 17:38:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.09.19 17:38:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.09.19 17:38:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.09.18 21:45:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2012.09.18 20:52:44 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.09.18 20:47:30 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.18 20:47:30 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.18 20:47:28 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.09.18 20:47:27 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.09.18 20:22:02 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2012.09.18 19:51:08 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf
[2012.04.22 21:37:08 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.13 17:46:48 | 000,120,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.09.20 16:20:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.02.27 09:21:40 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
[2011.02.27 09:21:40 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
[2011.02.27 09:21:38 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
[2011.02.27 09:00:22 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011.02.27 08:58:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
 
========== ZeroAccess Check ==========
 
[2012.03.12 17:39:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 20.9.2012 16:04:12 - Run 7
OTL by OldTimer - Version 3.2.63.0     Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy
 
2,94 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 77,88% Memory free
4,79 Gb Paging File | 4,26 Gb Available in Paging File | 89,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 89,43 Gb Total Space | 74,39 Gb Free Space | 83,19% Space Free | Partition Type: NTFS
 
Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\McAfee\Common Framework\FrameworkService.exe" = C:\Programme\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe" = C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker -- (Bitberry Software)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{646E8C34-C88B-42F9-9F41-985A801219E1}" = HP Mobile Broadband Drivers
"{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}" = McAfee Agent
"{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E0824C9B-F196-4667-8CE8-3A0B685B0820}" = HP HotKey Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F48BE301-EC78-4686-B580-EE4934558798}" = Broadcom 2070 Bluetooth 3.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32
"ESET Online Scanner" = ESET Online Scanner v3
"FilesFrog Update Checker" = FilesFrog Update Checker
"FinalMediaPlayer_is1" = Final Media Player 2011
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROPLUS" = Microsoft Office Professional Plus 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trusted Software Assistant_is1" = File Type Assistant
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown 
 
Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ Application Events ]
Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown 
 
Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ Application Events ]
Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown 
 
Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 20.9.2012 01:16:18 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   aswSnx  aswTdi  mfehidk
 
Error - 20.9.2012 01:21:36 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_161D103C&REV_30\4&3277fbd5&0&00E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 20.9.2012 01:21:36 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_161D103C&REV_30\4&3277fbd5&0&01E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 20.9.2012 01:21:37 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_161D103C&REV_30\4&3277fbd5&0&02E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Validation Trust Protection Service" ist vom Dienst
 "McAfee Inc. mfehidk" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%31
 
Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee McShield" ist vom Dienst "McAfee Validation Trust
 Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
   %%1068
 
Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   aswSnx  aswTdi  mfehidk
 
Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_161D103C&REV_30\4&3277fbd5&0&00E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_161D103C&REV_30\4&3277fbd5&0&01E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_161D103C&REV_30\4&3277fbd5&0&02E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
 
< End of report >

--- --- ---

frglaner · 20.09.2012, 15:14

Also hier die Logs:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.9.2012 16:04:12 - Run 7
OTL by OldTimer - Version 3.2.63.0     Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy
 
2,94 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 77,88% Memory free
4,79 Gb Paging File | 4,26 Gb Available in Paging File | 89,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 89,43 Gb Total Space | 74,39 Gb Free Space | 83,19% Space Free | Partition Type: NTFS
 
Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012.09.18 21:48:21 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.08.05 19:58:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe
PRC - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) -- C:\Programme\Netwatch\NetWatch.exe
PRC - [2010.08.25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2009.01.16 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe
PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.13 22:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.20 08:28:32 | 001,811,968 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12092000\algo.dll
MOD - [2012.09.19 22:28:30 | 001,811,456 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091901\algo.dll
MOD - [2012.09.19 22:27:36 | 002,098,200 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2012.09.06 07:25:54 | 000,467,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-14.0.1.dll
MOD - [2012.08.05 19:58:18 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2010.02.17 12:20:36 | 000,065,576 | R--- | M] () -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2009.01.16 17:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
MOD - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.05 19:58:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.29 13:14:11 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2011.05.23 12:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe -- (WMCoreService)
SRV - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) [Auto | Running] -- C:\Programme\Netwatch\NetWatch.exe -- (NetWatch)
SRV - [2010.08.25 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2010.08.25 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1e5132.sys -- (e1express)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.05.27 11:06:16 | 001,970,726 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2011.05.13 21:51:18 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2011.03.08 11:25:58 | 000,144,984 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2011.02.28 15:24:02 | 000,087,592 | R--- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\h36wgps.sys -- (h36wgps)
DRV - [2011.02.11 14:46:36 | 000,149,960 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys -- (Mbm4NUn)
DRV - [2011.02.11 14:46:36 | 000,138,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys -- (Mbm4mdm)
DRV - [2011.02.11 14:46:36 | 000,132,808 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys -- (Mbm4mgmt)
DRV - [2011.02.11 14:46:36 | 000,024,904 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys -- (Mbm4NNd5)
DRV - [2011.02.11 14:46:34 | 000,122,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4bus.sys -- (Mbm4bus)
DRV - [2011.02.11 14:46:34 | 000,014,920 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys -- (Mbm4mdfl)
DRV - [2011.02.09 14:26:44 | 000,023,640 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci)
DRV - [2011.01.06 14:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.01.06 14:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.12.21 01:27:06 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)
DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)
DRV - [2010.10.15 01:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010.09.02 09:41:18 | 002,699,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010.08.25 21:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010.08.25 21:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010.08.25 21:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010.08.25 21:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010.08.25 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010.08.25 21:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010.07.22 23:52:36 | 000,932,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010.07.22 23:52:30 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010.01.26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008.07.23 11:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = EWE AG - Strom, Erdgas und Telekommunikation aus einer Hand
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114435&tt=120912_ccp_3812_8&babsrc=SP_ss&mntrId=28821cc0000000000000028037ec0200
IE - HKCU\..\SearchScopes\{5D55F36D-DE86-4F4A-AD35-65AC5342BF52}: "URL" = hxxp://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=114435&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=28821cc0000000000000028037ec0200"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.18 20:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.05 19:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.09.19 22:27:37 | 000,000,000 | ---D | M]
 
[2012.04.16 21:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions
[2012.09.19 22:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions
[2012.09.19 22:36:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\ffxtlbr@babylon.com
[2012.08.04 22:30:10 | 000,021,674 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\addon@defaulttab.com.xpi
[2012.08.05 11:09:31 | 000,314,397 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2012.09.19 22:27:37 | 000,002,223 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\BabylonMngr.xml
[2012.04.23 21:12:27 | 000,002,036 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\search-here.xml
[2012.04.16 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.19 22:27:37 | 000,000,000 | ---D | M] (Browser Manager) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\BROWSER MANAGER\2.2.643.41\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
[2012.08.05 19:58:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.19 22:26:27 | 000,002,360 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Babylon Search
CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
 
O1 HOSTS File: ([2012.09.19 20:41:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [SDP] C:\Programme\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-48S0V.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: ewe.de ([gate] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.6.108.140 212.6.108.141
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9D581F-CC17-4ACE-B151-662E2C1ED90D}: DhcpNameServer = 212.6.108.140 212.6.108.141
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C4ECB1-DF1F-47F5-AEE4-0BE78D45AF19}: DhcpNameServer = 10.160.34.1 10.160.34.2
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.03 05:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.19 23:40:33 | 000,000,000 | ---D | C] -- C:\avast! sandbox
[2012.09.19 22:53:12 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.09.19 22:31:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes
[2012.09.19 22:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.09.19 22:30:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Programme\FilesFrog Update Checker
[2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\FilesFrog Update Checker
[2012.09.19 22:27:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Start Menu
[2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager
[2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BabylonToolbar
[2012.09.19 22:26:44 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar
[2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Babylon
[2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.09.19 20:49:47 | 000,693,265 | ---- | C] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe
[2012.09.19 17:38:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.09.19 17:38:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.09.19 17:38:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.09.19 17:38:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.09.19 17:35:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.19 17:35:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Verwaltung
[2012.09.19 17:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.09.18 20:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google
[2012.09.18 20:47:28 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.09.18 20:47:28 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.09.18 20:47:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
[2012.09.18 20:47:27 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.09.18 20:47:27 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.09.18 20:47:27 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.09.18 20:47:27 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.09.18 20:47:27 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.09.18 20:47:27 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.09.18 20:47:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.09.18 20:47:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.09.18 20:16:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2012.09.18 18:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\2012_09 Hamburg Arena Polo
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.20 16:09:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job
[2012.09.20 16:03:05 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.20 15:53:01 | 000,531,650 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.20 15:53:01 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.20 15:53:01 | 000,107,066 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.20 15:53:01 | 000,089,478 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.20 15:49:00 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.09.20 15:48:34 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.20 15:48:34 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job
[2012.09.20 15:48:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.20 07:15:49 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.19 22:33:07 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-48S0V.exe
[2012.09.19 22:33:07 | 000,012,842 | ---- | M] () -- C:\WINDOWS\is-48S0V.msg
[2012.09.19 22:33:07 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.19 22:33:07 | 000,000,414 | ---- | M] () -- C:\WINDOWS\is-48S0V.lst
[2012.09.19 22:27:41 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk
[2012.09.19 22:26:45 | 000,000,315 | ---- | M] () -- C:\user.js
[2012.09.19 20:49:50 | 000,693,265 | ---- | M] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe
[2012.09.19 20:46:52 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe
[2012.09.19 20:41:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.09.19 20:34:49 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk
[2012.09.18 21:49:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.18 21:45:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2012.09.18 20:55:11 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.09.18 20:52:44 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.09.18 20:47:28 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.09.18 20:22:02 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2012.09.18 19:51:18 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf
[2012.09.18 18:52:46 | 000,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.20 15:48:48 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Browser Manager.job
[2012.09.19 22:33:07 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-48S0V.exe
[2012.09.19 22:33:07 | 000,012,842 | ---- | C] () -- C:\WINDOWS\is-48S0V.msg
[2012.09.19 22:33:07 | 000,000,414 | ---- | C] () -- C:\WINDOWS\is-48S0V.lst
[2012.09.19 22:30:58 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.19 22:27:41 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk
[2012.09.19 22:26:45 | 000,000,315 | ---- | C] () -- C:\user.js
[2012.09.19 20:46:52 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe
[2012.09.19 20:34:49 | 000,000,941 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk
[2012.09.19 17:38:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.09.19 17:38:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.09.19 17:38:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.09.19 17:38:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.09.19 17:38:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.09.18 21:45:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2012.09.18 20:52:44 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.09.18 20:47:30 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.18 20:47:30 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.18 20:47:28 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.09.18 20:47:27 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.09.18 20:22:02 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2012.09.18 19:51:08 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf
[2012.04.22 21:37:08 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.13 17:46:48 | 000,120,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.09.20 16:20:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.02.27 09:21:40 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
[2011.02.27 09:21:40 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
[2011.02.27 09:21:38 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
[2011.02.27 09:00:22 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011.02.27 08:58:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
 
========== ZeroAccess Check ==========
 
[2012.03.12 17:39:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 20.9.2012 16:04:12 - Run 7
OTL by OldTimer - Version 3.2.63.0     Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy
 
2,94 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 77,88% Memory free
4,79 Gb Paging File | 4,26 Gb Available in Paging File | 89,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 89,43 Gb Total Space | 74,39 Gb Free Space | 83,19% Space Free | Partition Type: NTFS
 
Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\McAfee\Common Framework\FrameworkService.exe" = C:\Programme\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe" = C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker -- (Bitberry Software)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{646E8C34-C88B-42F9-9F41-985A801219E1}" = HP Mobile Broadband Drivers
"{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}" = McAfee Agent
"{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E0824C9B-F196-4667-8CE8-3A0B685B0820}" = HP HotKey Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F48BE301-EC78-4686-B580-EE4934558798}" = Broadcom 2070 Bluetooth 3.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32
"ESET Online Scanner" = ESET Online Scanner v3
"FilesFrog Update Checker" = FilesFrog Update Checker
"FinalMediaPlayer_is1" = Final Media Player 2011
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROPLUS" = Microsoft Office Professional Plus 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trusted Software Assistant_is1" = File Type Assistant
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown 
 
Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ Application Events ]
Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown 
 
Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ Application Events ]
Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown 
 
Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 20.9.2012 01:16:18 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   aswSnx  aswTdi  mfehidk
 
Error - 20.9.2012 01:21:36 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_161D103C&REV_30\4&3277fbd5&0&00E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 20.9.2012 01:21:36 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_161D103C&REV_30\4&3277fbd5&0&01E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 20.9.2012 01:21:37 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_161D103C&REV_30\4&3277fbd5&0&02E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Validation Trust Protection Service" ist vom Dienst
 "McAfee Inc. mfehidk" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%31
 
Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee McShield" ist vom Dienst "McAfee Validation Trust
 Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
   %%1068
 
Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   aswSnx  aswTdi  mfehidk
 
Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_161D103C&REV_30\4&3277fbd5&0&00E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_161D103C&REV_30\4&3277fbd5&0&01E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_161D103C&REV_30\4&3277fbd5&0&02E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
 
< End of report >

--- --- ---
Warum das immer zwei Mal kommt ist mir schleierhaft...

sfc /scannow ausgeführt mit nicht nachvollziehbarem Ergebnis. ?

Gruß

frglaner

schrauber · 20.09.2012, 15:52

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

19.09.2012, 19:54	#6
schrauber /// the machine /// TB-Ausbilder	Webseite kann nicht angezeigt werden Lass bitte Systemlook nochmal laufen, diesmal: :filefind sfcfiles.* __________________ --> Webseite kann nicht angezeigt werden

19.09.2012, 20:55	#8
schrauber /// the machine /// TB-Ausbilder	Webseite kann nicht angezeigt werden geh mal bitte auf virustotal.com und lass folgende datei prüfen: C:\WINDOWS\system32\sfcfiles.dll und poste mir den link zum ergebnis. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

20.09.2012, 06:56	#12
schrauber /// the machine /// TB-Ausbilder	Webseite kann nicht angezeigt werden Bitte starte mal OTl, setze bei Extra Registrierung den Button auf Benutze Safe List und klick Scan, poste beide Logfiles. Start > ausführen: sfc /scannow __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Webseite kann nicht angezeigt werden

Plagegeister aller Art und deren Bekämpfung: Webseite kann nicht angezeigt werden