|
Plagegeister aller Art und deren Bekämpfung: Webseite kann nicht angezeigt werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.09.2012, 20:28 | #1 |
| Webseite kann nicht angezeigt werden Habe ein Problem, dasss hier augenscheinlich schon diskutiert wurde, Beim Besuch einer schönen Internetseite musste ich einen plötzlichen Abbruch verzeichnen. Beim Neustart taucht nur (zu kurz) der Desktop auf, Task-Manager kommt auch nur kurz. Rechner ist im abgesicherten Modus (mit Netzwerk?) hoch gefahren. Virenscanner (Avast) findet aber nichts... Was ist zu tun? OTL schmeißt nur ein Textfile aus:OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.9.2012 22:22:20 - Run 4 OTL by OldTimer - Version 3.2.63.0 Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy 2,94 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 79,80% Memory free 4,79 Gb Paging File | 4,36 Gb Available in Paging File | 91,12% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 89,43 Gb Total Space | 74,60 Gb Free Space | 83,42% Space Free | Partition Type: NTFS Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator. Cannot determine boot mode. | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.18 21:48:21 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\OTL.exe PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.08.05 19:58:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.04.23 21:06:09 | 000,114,240 | ---- | M] (TODO: <Company name>) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe PRC - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe PRC - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe PRC - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe PRC - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) -- C:\Programme\Netwatch\NetWatch.exe PRC - [2010.08.25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe PRC - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe PRC - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe PRC - [2009.01.16 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe PRC - [2009.01.16 17:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe PRC - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe PRC - [2009.01.16 17:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\McTray.exe PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.13 22:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.09.18 10:09:22 | 001,810,944 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091801\algo.dll MOD - [2012.08.21 09:21:38 | 001,802,240 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12082100\algo.dll MOD - [2012.08.05 19:58:18 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010.07.30 19:05:28 | 002,860,384 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll MOD - [2010.02.17 12:20:36 | 000,065,576 | R--- | M] () -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll MOD - [2009.04.29 21:07:00 | 000,148,816 | ---- | M] () -- C:\Programme\McAfee\VirusScan Enterprise\vsevntui.dll MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2009.01.16 17:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll MOD - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.08.05 19:58:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.29 13:14:11 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.23 21:06:09 | 000,114,240 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate) SRV - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2011.05.23 12:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe -- (WMCoreService) SRV - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) [Auto | Running] -- C:\Programme\Netwatch\NetWatch.exe -- (NetWatch) SRV - [2010.08.25 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield) SRV - [2010.08.25 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService) SRV - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\User\LOKALE~1\Temp\fflciuob.sys -- (fflciuob) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1e5132.sys -- (e1express) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.05.27 11:06:16 | 001,970,726 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2011.05.13 21:51:18 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2011.03.08 11:25:58 | 000,144,984 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR) DRV - [2011.02.28 15:24:02 | 000,087,592 | R--- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\h36wgps.sys -- (h36wgps) DRV - [2011.02.11 14:46:36 | 000,149,960 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys -- (Mbm4NUn) DRV - [2011.02.11 14:46:36 | 000,138,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys -- (Mbm4mdm) DRV - [2011.02.11 14:46:36 | 000,132,808 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys -- (Mbm4mgmt) DRV - [2011.02.11 14:46:36 | 000,024,904 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys -- (Mbm4NNd5) DRV - [2011.02.11 14:46:34 | 000,122,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4bus.sys -- (Mbm4bus) DRV - [2011.02.11 14:46:34 | 000,014,920 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys -- (Mbm4mdfl) DRV - [2011.02.09 14:26:44 | 000,023,640 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci) DRV - [2011.01.06 14:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011.01.06 14:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010.12.21 01:27:06 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress) DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI) DRV - [2010.10.15 01:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010.09.02 09:41:18 | 002,699,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2010.08.25 21:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010.08.25 21:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010.08.25 21:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010.08.25 21:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010.08.25 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2010.08.25 21:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2010.07.22 23:52:36 | 000,932,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2010.07.22 23:52:30 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2010.01.26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud) DRV - [2008.07.23 11:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ewe.de/ IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ewe.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{5D55F36D-DE86-4F4A-AD35-65AC5342BF52}: "URL" = hxxp://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.2.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.18 20:47:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.05 19:58:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.16 21:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions [2012.08.05 11:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions [2012.08.04 22:30:10 | 000,021,674 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\addon@defaulttab.com.xpi [2012.08.05 11:09:31 | 000,314,397 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2012.04.23 21:12:27 | 000,002,036 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\search-here.xml [2012.04.16 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.05 19:58:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ O1 HOSTS File: ([2001.08.23 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Dokumente und Einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKCU..\Run: [uslzggirrwpdthg] C:\WINDOWS\uslzggir.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 1 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O15 - HKLM\..Trusted Domains: ewe.de ([gate] https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9D581F-CC17-4ACE-B151-662E2C1ED90D}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C4ECB1-DF1F-47F5-AEE4-0BE78D45AF19}: DhcpNameServer = 10.160.34.1 10.160.34.2 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.03 05:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\laucher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.18 20:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome [2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Google [2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google [2012.09.18 20:47:28 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.09.18 20:47:28 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.09.18 20:47:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus [2012.09.18 20:47:27 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.09.18 20:47:27 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.09.18 20:47:27 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.09.18 20:47:27 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.09.18 20:47:27 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.09.18 20:47:27 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.09.18 20:47:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012.09.18 20:47:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.09.18 20:16:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\QUARANTINE [2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv [2012.09.18 18:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\2012_09 Hamburg Arena Polo [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.18 21:57:01 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.09.18 21:57:00 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.18 21:49:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.18 21:45:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2012.09.18 21:42:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.18 21:09:02 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job [2012.09.18 20:55:12 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.09.18 20:55:11 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.09.18 20:52:44 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.09.18 20:47:28 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.09.18 20:31:21 | 000,531,650 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.09.18 20:31:21 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.09.18 20:31:21 | 000,107,066 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.09.18 20:31:21 | 000,089,478 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.09.18 20:26:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.18 20:22:02 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata [2012.09.18 19:51:18 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf [2012.09.18 19:51:08 | 000,080,896 | ---- | M] () -- C:\WINDOWS\uslzggir.exe [2012.09.18 19:51:08 | 000,080,896 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\uslzggir.exe [2012.09.18 19:51:08 | 000,080,896 | ---- | M] () -- C:\Dokumente und Einstellungen\User\ms.exe [2012.09.18 18:52:46 | 000,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.08.21 11:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.18 21:45:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2012.09.18 20:52:44 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.09.18 20:47:30 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.09.18 20:47:30 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.18 20:47:28 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.09.18 20:47:27 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.09.18 20:22:02 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata [2012.09.18 19:51:17 | 000,080,896 | ---- | C] () -- C:\WINDOWS\uslzggir.exe [2012.09.18 19:51:17 | 000,080,896 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\uslzggir.exe [2012.09.18 19:51:08 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf [2012.09.18 19:51:06 | 000,080,896 | ---- | C] () -- C:\Dokumente und Einstellungen\User\ms.exe [2012.04.22 21:37:08 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.13 17:46:48 | 000,120,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.09.20 16:20:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2011.02.27 09:21:40 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin [2011.02.27 09:21:40 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin [2011.02.27 09:21:38 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin [2011.02.27 09:00:22 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll [2011.02.27 08:58:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config ========== ZeroAccess Check ========== [2012.03.12 17:39:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini ========== LOP Check ========== [2012.09.18 20:47:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.09.18 19:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv [2012.04.23 21:06:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\DefaultTab [2012.04.25 08:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\FinalMediaPlayer [2012.03.12 17:27:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Synaptics [2012.09.18 20:55:12 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job [2012.09.18 21:09:02 | 000,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\Final Media Player Update Checker.job ========== Purity Check ========== < End of report > GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover Rootkit scan 2012-09-18 22:38:57 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.MH00 Running: dru1shox.exe; Driver: C:\DOKUME~1\User\LOKALE~1\Temp\fflciuob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA60297C8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA60353B4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA60354AC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA6029BBA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA6035240] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA6035148] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA6034808] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA60298AC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA6034CE0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA603470C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA603478A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA6029A2C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA6034D7E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA603530E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA60355E6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA6034F7C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xA6029AF6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xA6029962] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA6041966] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA60418C4] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP A6040320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 8059056D 7 Bytes JMP A604196A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwLoadDriver 805AEDE2 7 Bytes JMP A60418C8 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E74E6 5 Bytes JMP A603E806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\AVAST Software\Avast\AvastUI.exe[3328] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271CA 1 Byte [62] .text C:\Programme\AVAST Software\Avast\AvastUI.exe[3328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Programme\AVAST Software\Avast\AvastSvc.exe[3596] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271CA 1 Byte [62] .text C:\Programme\AVAST Software\Avast\AvastSvc.exe[3596] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Programme\AVAST Software\Avast\AvastSvc.exe[3596] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 001501F8 .text C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271CA 1 Byte [62] .text C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 001503FC .text C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003E1014 .text C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003E0804 .text C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003E0A08 .text C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003E0C0C .text C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003E0E10 .text C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003E01F8 .text C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003E03FC .text C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003E0600 .text C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[1172] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00770002 IAT C:\WINDOWS\system32\services.exe[1172] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00770000 IAT C:\Programme\AVAST Software\Avast\AvastUI.exe[3328] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Programme\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Programme\AVAST Software\Avast\AvastSvc.exe[3596] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Programme\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software) ---- EOF - GMER 1.0.15 ---- Geändert von frglaner (18.09.2012 um 21:24 Uhr) |
19.09.2012, 10:32 | #2 |
/// the machine /// TB-Ausbilder | Webseite kann nicht angezeigt werden Hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________ |
19.09.2012, 16:52 | #3 |
| Webseite kann nicht angezeigt werden Vielen Dank schon einmal für die schnelle Antwort: Log-Datei anbeiCombofix Logfile:
__________________Code:
ATTFilter ComboFix 12-09-18.07 - User 19.09.2012 17:47:38.2.4 - x86 DSREPAIR Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3014.2565 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\User\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !! . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Vorheriger Suchlauf ------- . c:\dokumente und einstellungen\All Users\Anwendungsdaten\uslzggir.exe c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\addon.ico c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\amazon_ie.ico c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\bing.ico c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabBHO.dll c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabStart.exe c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabWrap.dll c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DT.ico c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\facebook_ie.ico c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\google.ico c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\search_here_ie.ico c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\searchhere.ico c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\twitter_ie.ico c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\uninstalldt.exe c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\update.exe c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\wikipedia_ie.ico c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\yahoo.ico c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\yahoo_ie.ico c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\youtube_ie.ico c:\dokumente und einstellungen\User\Lokale Einstellungen\Temporary Internet Files\PMH1D.tmp c:\dokumente und einstellungen\User\ms.exe c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_DefaultTabUpdate -------\Legacy_DefaultTabUpdate -------\Service_DefaultTabUpdate -------\Service_DefaultTabUpdate . . ((((((((((((((((((((((( Dateien erstellt von 2012-08-19 bis 2012-09-19 )))))))))))))))))))))))))))))) . . 2012-09-19 15:43 . 2012-09-19 15:43 -------- d-----w- C:\avast! sandbox 2012-09-18 17:51 . 2012-09-18 17:51 -------- d-----w- C:\QUARANTINE 2012-09-18 17:51 . 2012-09-18 17:51 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv 2012-09-18 17:51 . 2012-09-18 17:51 80896 ----a-w- c:\windows\uslzggir.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-05 17:58 . 2012-04-16 19:54 136672 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-06-02 . 81D2A1B309552DBBB88D1A041CB4A620 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:12 121528 ----a-w- c:\programme\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uslzggirrwpdthg"="c:\windows\uslzggir.exe" [2012-09-18 80896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2011-04-18 2209064] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-21 737280] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 141656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 181592] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 165720] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "McAfeeUpdaterUI"="c:\programme\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512] "ShStatEXE"="c:\programme\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-25 124224] "QLBController"="c:\programme\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-13 318520] "HPConnectionManager"="c:\programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992] "avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728] . c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 636256] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programme\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Programme\\FinalMediaPlayer\\FMPCheckForUpdates.exe"= . R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.9.2012 20:47 355632] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.9.2012 20:47 21256] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe [21.5.2011 17:52 103992] R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [13.5.2011 22:00 317496] R2 McAfeeEngineService;McAfee Engine Service;c:\programme\McAfee\VirusScan Enterprise\engineserver.exe [25.8.2010 21:07 22816] R2 NetWatch;NetWatch;c:\programme\Netwatch\NetWatch.exe [12.3.2012 19:58 45056] R2 WMCoreService;Mobile Broadband Service;c:\programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode --> c:\programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode [?] R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [21.4.2009 22:13 113664] R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c5132.sys [21.12.2010 01:27 174248] R3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\drivers\h36wgps.sys [12.3.2012 19:32 87592] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.7.2008 11:31 44800] R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\drivers\IntcDAud.sys [15.10.2010 01:29 260864] R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [8.3.2011 11:25 144984] R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [9.2.2011 14:26 23640] R3 Mbm4bus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [12.3.2012 19:32 122824] R3 Mbm4mdfl;HP Mobile Broadband Module Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [12.3.2012 19:32 14920] R3 Mbm4mdm;HP Mobile Broadband Module Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [12.3.2012 19:32 138952] R3 Mbm4mgmt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [12.3.2012 19:32 132808] R3 Mbm4NNd5;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter;c:\windows\system32\drivers\Mbm4NNd5.sys [12.3.2012 19:32 24904] R3 Mbm4NUn;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [12.3.2012 19:32 149960] R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [19.10.2010 16:33 41088] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18.9.2012 20:47 729752] S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [18.9.2012 20:47 136176] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12.3.2012 18:33 69192] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29.4.2012 13:14 253088] S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [18.9.2012 20:47 136176] S3 hpCMSrv;HP Connection Manager 4 Service;c:\programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [23.5.2011 12:45 1098296] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12.3.2012 18:33 66536] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [30.4.2012 22:50 113120] . Inhalt des "geplante Tasks" Ordners . 2012-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 11:14] . 2012-09-19 c:\windows\Tasks\avast! Emergency Update.job - c:\programme\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-18 09:12] . 2012-09-19 c:\windows\Tasks\Final Media Player Update Checker.job - c:\programme\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-04-23 12:24] . 2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2012-09-18 18:47] . 2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2012-09-18 18:47] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.ewe.de/ mStart Page = hxxp://www.ewe.de/ IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: ewe.de\gate TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabBHO.dll AddRemove-DefaultTab - c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\uninstalldt.exe AddRemove-LSI Soft Modem - c:\windows\agrsmdel . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-09-19 17:49 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . Zeit der Fertigstellung: 2012-09-19 17:50:15 ComboFix-quarantined-files.txt 2012-09-19 15:50 . Vor Suchlauf: 12 Verzeichnis(se), 80.407.101.440 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 80.354.152.448 Bytes frei . - - End Of File - - 819C873A4ACFD1E7541CF78CE2F2EE47 Hochfahren ist übrigens nur mit Verzeichniswiederherstellung im abgesicherten Modus möglich. Geändert von frglaner (19.09.2012 um 17:04 Uhr) |
19.09.2012, 19:05 | #4 |
/// the machine /// TB-Ausbilder | Webseite kann nicht angezeigt werden Hi, Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter: BleepingComputer.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter Folder:: c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv File:: c:\windows\uslzggir.exe Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uslzggirrwpdthg"=- Wichtig:
Scan mit SystemLook Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. Download Mirror #1 - Download Mirror #2
Downloade dir bitte Farbar's Service Scanner
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.09.2012, 19:46 | #5 |
| Webseite kann nicht angezeigt werden Combofix Logfile: Code:
ATTFilter ComboFix 12-09-18.07 - User 19.09.2012 20:39:47.3.4 - x86 DSREPAIR Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3014.2601 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\User\Eigene Dateien\Downloads\ComboFix.exe Benutzte Befehlsschalter :: c:\dokumente und einstellungen\User\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !! . FILE :: "c:\windows\uslzggir.exe" . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\btn-green.png c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\corners-btn.png c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\corners1.png c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\corners2.png c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\corners3.png c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\corners4.png c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\de-flag.png c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\de-image.png c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\ie6-7.css c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\jquery.main.js c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\McAfee.png c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\pays-de.png c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\steps-de.png c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\steps-en.png c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\style.css c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\tabs.png c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\wait.html c:\windows\uslzggir.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-08-19 bis 2012-09-19 )))))))))))))))))))))))))))))) . . 2012-09-19 15:43 . 2012-09-19 15:43 -------- d-----w- C:\avast! sandbox 2012-09-18 17:51 . 2012-09-18 17:51 -------- d-----w- C:\QUARANTINE . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-05 17:58 . 2012-04-16 19:54 136672 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-06-02 . 81D2A1B309552DBBB88D1A041CB4A620 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:12 121528 ----a-w- c:\programme\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2011-04-18 2209064] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-21 737280] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 141656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 181592] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 165720] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "McAfeeUpdaterUI"="c:\programme\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512] "ShStatEXE"="c:\programme\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-25 124224] "QLBController"="c:\programme\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-13 318520] "HPConnectionManager"="c:\programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992] "avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728] . c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 636256] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programme\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Programme\\FinalMediaPlayer\\FMPCheckForUpdates.exe"= . R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.9.2012 20:47 355632] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.9.2012 20:47 21256] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe [21.5.2011 17:52 103992] R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [13.5.2011 22:00 317496] R2 McAfeeEngineService;McAfee Engine Service;c:\programme\McAfee\VirusScan Enterprise\engineserver.exe [25.8.2010 21:07 22816] R2 NetWatch;NetWatch;c:\programme\Netwatch\NetWatch.exe [12.3.2012 19:58 45056] R2 WMCoreService;Mobile Broadband Service;c:\programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode --> c:\programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode [?] R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [21.4.2009 22:13 113664] R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c5132.sys [21.12.2010 01:27 174248] R3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\drivers\h36wgps.sys [12.3.2012 19:32 87592] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.7.2008 11:31 44800] R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\drivers\IntcDAud.sys [15.10.2010 01:29 260864] R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [9.2.2011 14:26 23640] R3 Mbm4bus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [12.3.2012 19:32 122824] R3 Mbm4mdfl;HP Mobile Broadband Module Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [12.3.2012 19:32 14920] R3 Mbm4mdm;HP Mobile Broadband Module Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [12.3.2012 19:32 138952] R3 Mbm4mgmt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [12.3.2012 19:32 132808] R3 Mbm4NNd5;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter;c:\windows\system32\drivers\Mbm4NNd5.sys [12.3.2012 19:32 24904] R3 Mbm4NUn;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [12.3.2012 19:32 149960] R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [19.10.2010 16:33 41088] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18.9.2012 20:47 729752] S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [18.9.2012 20:47 136176] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12.3.2012 18:33 69192] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29.4.2012 13:14 253088] S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [18.9.2012 20:47 136176] S3 hpCMSrv;HP Connection Manager 4 Service;c:\programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [23.5.2011 12:45 1098296] S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [8.3.2011 11:25 144984] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12.3.2012 18:33 66536] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [30.4.2012 22:50 113120] . Inhalt des "geplante Tasks" Ordners . 2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 11:14] . 2012-09-19 c:\windows\Tasks\avast! Emergency Update.job - c:\programme\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-18 09:12] . 2012-09-19 c:\windows\Tasks\Final Media Player Update Checker.job - c:\programme\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-04-23 12:24] . 2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2012-09-18 18:47] . 2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2012-09-18 18:47] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.ewe.de/ mStart Page = hxxp://www.ewe.de/ IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: ewe.de\gate TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-09-19 20:41 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(1152) c:\windows\system32\igfxdev.dll . Zeit der Fertigstellung: 2012-09-19 20:41:42 ComboFix-quarantined-files.txt 2012-09-19 18:41 ComboFix2.txt 2012-09-19 15:50 . Vor Suchlauf: 12 Verzeichnis(se), 80.458.518.528 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 80.437.997.568 Bytes frei . - - End Of File - - CB4EBA64445E358DDE5B53DD1413760E SystemLook 30.07.11 by jpshortstuff Log created at 20:48 on 19/09/2012 by User Administrator - Elevation successful ========== filefind ========== Searching for "sfcfiles.dll" C:\WINDOWS\system32\sfcfiles.dll --a---- 1571840 bytes [04:07 03/06/2009] [04:29 02/06/2009] 81D2A1B309552DBBB88D1A041CB4A620 -= EOF =- Farbar Service Scanner Version: 19-09-2012 Ran by User (administrator) on 19-09-2012 at 20:50:56 Running from "C:\Dokumente und Einstellungen\User\Desktop" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll [2009-06-03 06:05] - [2008-04-13 22:52] - 0127488 ____A (Microsoft Corporation) C29A1C9B75BA38FA37F8C44405DEC360 C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll [2009-06-03 06:05] - [2008-04-13 22:52] - 0045568 ____A (Microsoft Corporation) 8C9ED3B2834AAE63081AB2DA831C6FE9 C:\WINDOWS\system32\ipnathlp.dll [2009-06-03 06:06] - [2008-04-13 22:52] - 0334336 ____A (Microsoft Corporation) CAD058D5F8B889A87CA3EB3CF624DCEF C:\WINDOWS\system32\netman.dll [2009-06-03 06:06] - [2008-04-13 22:52] - 0198144 ____A (Microsoft Corporation) E6D88F1F6745BF00B57E7855A2AB696C C:\WINDOWS\system32\wbem\WMIsvc.dll [2009-06-03 05:16] - [2008-04-13 22:52] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729 C:\WINDOWS\system32\srsvc.dll [2009-06-03 05:17] - [2008-04-13 22:52] - 0171520 ____A (Microsoft Corporation) FE77A85495065F3AD59C5C65B6C54182 C:\WINDOWS\system32\Drivers\sr.sys [2009-06-03 05:17] - [2008-04-13 22:32] - 0073472 ____A (Microsoft Corporation) 50FA898F8C032796D3B1B9951BB5A90F C:\WINDOWS\system32\wscsvc.dll [2009-06-03 06:07] - [2008-04-13 22:52] - 0080896 ____A (Microsoft Corporation) 300B3E84FAF1A5C1F791C159BA28035D C:\WINDOWS\system32\wbem\WMIsvc.dll [2009-06-03 05:16] - [2008-04-13 22:52] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729 C:\WINDOWS\system32\wuauserv.dll [2009-06-03 05:18] - [2008-04-13 22:52] - 0006656 ____A (Microsoft Corporation) 7B4FE05202AA6BF9F4DFD0E6A0D8A085 C:\WINDOWS\system32\qmgr.dll [2009-06-03 05:18] - [2008-04-13 22:52] - 0409088 ____A (Microsoft Corporation) D6F603772A789BB3228F310D650B8BD1 C:\WINDOWS\system32\es.dll [2009-06-03 06:05] - [2008-07-07 22:26] - 0253952 ____A (Microsoft Corporation) AF4F6B5739D18CA7972AB53E091CBC74 C:\WINDOWS\system32\cryptsvc.dll [2009-06-03 06:05] - [2008-04-13 22:52] - 0062464 ____A (Microsoft Corporation) 611F824E5C703A5A899F84C5F1699E4D C:\WINDOWS\system32\svchost.exe [2009-06-03 06:07] - [2008-04-13 22:53] - 0014336 ____A (Microsoft Corporation) 4FBC75B74479C7A6F829E0CA19DF3366 C:\WINDOWS\system32\rpcss.dll [2009-06-03 06:07] - [2009-02-09 12:51] - 0401408 ____A (Microsoft Corporation) 3127AFBF2C1ED0AB14A1BBB7AAECB85B C:\WINDOWS\system32\services.exe [2009-06-03 06:07] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) A3EDBE9053889FB24AB22492472B39DC Extra List: ======= aswTdi(10) Gpc(6) IPSec(4) mfetdik(9) NetBT(5) PSched(7) Tcpip(3) 0x0A000000040000000100000002000000030000000A0000000900000005000000060000000700000008000000 IpSec Tag value is correct. **** End of log **** Ich hoffe ich hab´s... |
19.09.2012, 19:54 | #6 |
/// the machine /// TB-Ausbilder | Webseite kann nicht angezeigt werden Lass bitte Systemlook nochmal laufen, diesmal: :filefind sfcfiles.*
__________________ --> Webseite kann nicht angezeigt werden |
19.09.2012, 20:33 | #7 |
| Webseite kann nicht angezeigt werden SystemLook 30.07.11 by jpshortstuff Log created at 21:32 on 19/09/2012 by User Administrator - Elevation successful ========== filefind ========== Searching for "sfcfiles.*" C:\WINDOWS\system32\sfcfiles.dll --a---- 1571840 bytes [04:07 03/06/2009] [04:29 02/06/2009] 81D2A1B309552DBBB88D1A041CB4A620 -= EOF =- Gruß frglaner |
19.09.2012, 20:55 | #8 |
/// the machine /// TB-Ausbilder | Webseite kann nicht angezeigt werden geh mal bitte auf virustotal.com und lass folgende datei prüfen: C:\WINDOWS\system32\sfcfiles.dll und poste mir den link zum ergebnis.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.09.2012, 21:11 | #9 |
| Webseite kann nicht angezeigt werden Findest Du hier https://www.virustotal.com/file/b17d72bb6d69cd74edced49ad9ae3fa621f2343547426f2a47f736fffdd855f6/analysis/1348085286/ gruß frglaner |
19.09.2012, 21:18 | #10 |
/// the machine /// TB-Ausbilder | Webseite kann nicht angezeigt werden Sieht gut aus Malwarebytes' Anti-Malware
(nach dem scannen auf den Button klicken und Funde löschen lassen!) ESET Online Scanner
Und ein frisches OTL logfile bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.09.2012, 21:46 | #11 |
| Webseite kann nicht angezeigt werden Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.19.12 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 User :: CNU2023M8L [Administrator] Schutz: Aktiviert 19.9.2012 22:41:23 mbam-log-2012-09-19 (22-41-23).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 214469 Laufzeit: 2 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Dokumente und Einstellungen\User\Desktop\VLCMediaPlayerSetup.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\FinalMediaPlayer2011Setup.exe (PUP.BundleOffers.IIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\3C57D487-BAB0-7891-823C-006C65AD63A5\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\All Users\Anwendungsdaten\uslzggir.exe.vir Win32/Weelsof.B trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\User\ms.exe.vir Win32/Weelsof.B trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\uslzggir.exe.vir Win32/Weelsof.B trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{6A133E43-ADF4-4D4E-ABD3-BA4249936868}\RP135\A0011538.exe Win32/Weelsof.B trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{6A133E43-ADF4-4D4E-ABD3-BA4249936868}\RP135\A0011558.exe Win32/Weelsof.B trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{6A133E43-ADF4-4D4E-ABD3-BA4249936868}\RP135\A0012750.exe Win32/Weelsof.B trojan cleaned by deleting - quarantined OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.9.2012 23:11:49 - Run 6 OTL by OldTimer - Version 3.2.63.0 Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy 2,94 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 76,73% Memory free 4,79 Gb Paging File | 4,21 Gb Available in Paging File | 87,91% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 89,43 Gb Total Space | 74,68 Gb Free Space | 83,51% Space Free | Partition Type: NTFS Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator. Cannot determine boot mode. | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe PRC - [2012.09.18 22:12:27 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\OTL(1).exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.08.05 19:58:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe PRC - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe PRC - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe PRC - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) -- C:\Programme\Netwatch\NetWatch.exe PRC - [2010.08.25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe PRC - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe PRC - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe PRC - [2009.01.16 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe PRC - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.13 22:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.09.19 22:27:36 | 002,098,200 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe MOD - [2012.09.19 11:33:07 | 001,811,456 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091900\algo.dll MOD - [2012.09.06 07:25:54 | 000,467,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-14.0.1.dll MOD - [2012.08.05 19:58:18 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010.02.17 12:20:36 | 000,065,576 | R--- | M] () -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll MOD - [2009.01.16 17:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll MOD - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.08.05 19:58:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.29 13:14:11 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2011.05.23 12:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe -- (WMCoreService) SRV - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) [Auto | Running] -- C:\Programme\Netwatch\NetWatch.exe -- (NetWatch) SRV - [2010.08.25 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield) SRV - [2010.08.25 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService) SRV - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1e5132.sys -- (e1express) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.05.27 11:06:16 | 001,970,726 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2011.05.13 21:51:18 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2011.03.08 11:25:58 | 000,144,984 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR) DRV - [2011.02.28 15:24:02 | 000,087,592 | R--- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\h36wgps.sys -- (h36wgps) DRV - [2011.02.11 14:46:36 | 000,149,960 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys -- (Mbm4NUn) DRV - [2011.02.11 14:46:36 | 000,138,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys -- (Mbm4mdm) DRV - [2011.02.11 14:46:36 | 000,132,808 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys -- (Mbm4mgmt) DRV - [2011.02.11 14:46:36 | 000,024,904 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys -- (Mbm4NNd5) DRV - [2011.02.11 14:46:34 | 000,122,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4bus.sys -- (Mbm4bus) DRV - [2011.02.11 14:46:34 | 000,014,920 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys -- (Mbm4mdfl) DRV - [2011.02.09 14:26:44 | 000,023,640 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci) DRV - [2011.01.06 14:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011.01.06 14:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010.12.21 01:27:06 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress) DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI) DRV - [2010.10.15 01:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010.09.02 09:41:18 | 002,699,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2010.08.25 21:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010.08.25 21:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010.08.25 21:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010.08.25 21:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010.08.25 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2010.08.25 21:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2010.07.22 23:52:36 | 000,932,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2010.07.22 23:52:30 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2010.01.26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud) DRV - [2008.07.23 11:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = EWE AG - Strom, Erdgas und Telekommunikation aus einer Hand IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = Babylon Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114435&tt=120912_ccp_3812_8&babsrc=SP_ss&mntrId=28821cc0000000000000028037ec0200 IE - HKCU\..\SearchScopes\{5D55F36D-DE86-4F4A-AD35-65AC5342BF52}: "URL" = hxxp://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=114435&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=28821cc0000000000000028037ec0200" FF - prefs.js..extensions.enabledAddons: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.2.2 FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.2.643.41 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.18 20:47:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.05 19:58:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.09.19 22:27:37 | 000,000,000 | ---D | M] [2012.04.16 21:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions [2012.09.19 22:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions [2012.09.19 22:36:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\ffxtlbr@babylon.com [2012.08.04 22:30:10 | 000,021,674 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\addon@defaulttab.com.xpi [2012.08.05 11:09:31 | 000,314,397 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2012.09.19 22:27:37 | 000,002,223 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\BabylonMngr.xml [2012.04.23 21:12:27 | 000,002,036 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\search-here.xml [2012.04.16 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.19 22:27:37 | 000,000,000 | ---D | M] (Browser Manager) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\BROWSER MANAGER\2.2.643.41\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION [2012.08.05 19:58:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.19 22:26:27 | 000,002,360 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Babylon Search CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ O1 HOSTS File: ([2012.09.19 20:41:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKCU..\Run: [SDP] C:\Programme\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-48S0V.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O15 - HKLM\..Trusted Domains: ewe.de ([gate] https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9D581F-CC17-4ACE-B151-662E2C1ED90D}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C4ECB1-DF1F-47F5-AEE4-0BE78D45AF19}: DhcpNameServer = 10.160.34.1 10.160.34.2 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.03 05:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.19 22:53:12 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.09.19 22:31:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes [2012.09.19 22:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.09.19 22:30:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Programme\FilesFrog Update Checker [2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\FilesFrog Update Checker [2012.09.19 22:27:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Start Menu [2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager [2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BabylonToolbar [2012.09.19 22:26:44 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar [2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Babylon [2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2012.09.19 20:49:47 | 000,693,265 | ---- | C] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe [2012.09.19 17:43:11 | 000,000,000 | ---D | C] -- C:\avast! sandbox [2012.09.19 17:38:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.09.19 17:38:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.09.19 17:38:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.09.19 17:38:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.09.19 17:35:38 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.09.19 17:35:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Verwaltung [2012.09.19 17:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.09.18 20:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome [2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Google [2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google [2012.09.18 20:47:28 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.09.18 20:47:28 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.09.18 20:47:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus [2012.09.18 20:47:27 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.09.18 20:47:27 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.09.18 20:47:27 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.09.18 20:47:27 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.09.18 20:47:27 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.09.18 20:47:27 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.09.18 20:47:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012.09.18 20:47:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.09.18 20:16:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\QUARANTINE [2012.09.18 18:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\2012_09 Hamburg Arena Polo [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.19 23:14:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job [2012.09.19 23:03:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.09.19 23:03:00 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.19 22:54:19 | 000,531,650 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.09.19 22:54:19 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.09.19 22:54:19 | 000,107,066 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.09.19 22:54:19 | 000,089,478 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.09.19 22:50:15 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.09.19 22:49:56 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job [2012.09.19 22:49:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.19 22:42:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.19 22:33:07 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-48S0V.exe [2012.09.19 22:33:07 | 000,012,842 | ---- | M] () -- C:\WINDOWS\is-48S0V.msg [2012.09.19 22:33:07 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.19 22:33:07 | 000,000,414 | ---- | M] () -- C:\WINDOWS\is-48S0V.lst [2012.09.19 22:27:41 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk [2012.09.19 22:26:45 | 000,000,315 | ---- | M] () -- C:\user.js [2012.09.19 20:49:50 | 000,693,265 | ---- | M] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe [2012.09.19 20:46:52 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe [2012.09.19 20:41:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.09.19 20:34:49 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk [2012.09.18 21:49:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.18 21:45:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2012.09.18 20:55:11 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.09.18 20:52:44 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.09.18 20:47:28 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.09.18 20:22:02 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata [2012.09.18 19:51:18 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf [2012.09.18 18:52:46 | 000,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.08.21 11:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.19 22:33:07 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-48S0V.exe [2012.09.19 22:33:07 | 000,012,842 | ---- | C] () -- C:\WINDOWS\is-48S0V.msg [2012.09.19 22:33:07 | 000,000,414 | ---- | C] () -- C:\WINDOWS\is-48S0V.lst [2012.09.19 22:30:58 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.19 22:27:41 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk [2012.09.19 22:27:38 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Browser Manager.job [2012.09.19 22:26:45 | 000,000,315 | ---- | C] () -- C:\user.js [2012.09.19 20:46:52 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe [2012.09.19 20:34:49 | 000,000,941 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk [2012.09.19 17:38:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.09.19 17:38:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.09.19 17:38:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.09.19 17:38:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.09.19 17:38:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.09.18 21:45:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2012.09.18 20:52:44 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.09.18 20:47:30 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.09.18 20:47:30 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.18 20:47:28 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.09.18 20:47:27 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.09.18 20:22:02 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata [2012.09.18 19:51:08 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf [2012.04.22 21:37:08 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.13 17:46:48 | 000,120,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.09.20 16:20:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2011.02.27 09:21:40 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin [2011.02.27 09:21:40 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin [2011.02.27 09:21:38 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin [2011.02.27 09:00:22 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll [2011.02.27 08:58:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config ========== ZeroAccess Check ========== [2012.03.12 17:39:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini < End of report > Problemlage kann ich so nicht beurteilen. Hab auch ein bisschen den Überblick verloren. Gruß frglaner OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.9.2012 23:11:49 - Run 6 OTL by OldTimer - Version 3.2.63.0 Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy 2,94 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 76,73% Memory free 4,79 Gb Paging File | 4,21 Gb Available in Paging File | 87,91% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 89,43 Gb Total Space | 74,68 Gb Free Space | 83,51% Space Free | Partition Type: NTFS Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator. Cannot determine boot mode. | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe PRC - [2012.09.18 22:12:27 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\OTL(1).exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.08.05 19:58:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe PRC - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe PRC - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe PRC - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) -- C:\Programme\Netwatch\NetWatch.exe PRC - [2010.08.25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe PRC - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe PRC - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe PRC - [2009.01.16 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe PRC - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.13 22:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.09.19 22:27:36 | 002,098,200 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe MOD - [2012.09.19 11:33:07 | 001,811,456 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091900\algo.dll MOD - [2012.09.06 07:25:54 | 000,467,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-14.0.1.dll MOD - [2012.08.05 19:58:18 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010.02.17 12:20:36 | 000,065,576 | R--- | M] () -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll MOD - [2009.01.16 17:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll MOD - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.08.05 19:58:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.29 13:14:11 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2011.05.23 12:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe -- (WMCoreService) SRV - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) [Auto | Running] -- C:\Programme\Netwatch\NetWatch.exe -- (NetWatch) SRV - [2010.08.25 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield) SRV - [2010.08.25 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService) SRV - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1e5132.sys -- (e1express) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.05.27 11:06:16 | 001,970,726 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2011.05.13 21:51:18 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2011.03.08 11:25:58 | 000,144,984 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR) DRV - [2011.02.28 15:24:02 | 000,087,592 | R--- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\h36wgps.sys -- (h36wgps) DRV - [2011.02.11 14:46:36 | 000,149,960 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys -- (Mbm4NUn) DRV - [2011.02.11 14:46:36 | 000,138,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys -- (Mbm4mdm) DRV - [2011.02.11 14:46:36 | 000,132,808 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys -- (Mbm4mgmt) DRV - [2011.02.11 14:46:36 | 000,024,904 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys -- (Mbm4NNd5) DRV - [2011.02.11 14:46:34 | 000,122,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4bus.sys -- (Mbm4bus) DRV - [2011.02.11 14:46:34 | 000,014,920 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys -- (Mbm4mdfl) DRV - [2011.02.09 14:26:44 | 000,023,640 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci) DRV - [2011.01.06 14:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011.01.06 14:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010.12.21 01:27:06 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress) DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI) DRV - [2010.10.15 01:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010.09.02 09:41:18 | 002,699,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2010.08.25 21:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010.08.25 21:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010.08.25 21:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010.08.25 21:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010.08.25 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2010.08.25 21:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2010.07.22 23:52:36 | 000,932,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2010.07.22 23:52:30 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2010.01.26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud) DRV - [2008.07.23 11:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = EWE AG - Strom, Erdgas und Telekommunikation aus einer Hand IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = Babylon Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114435&tt=120912_ccp_3812_8&babsrc=SP_ss&mntrId=28821cc0000000000000028037ec0200 IE - HKCU\..\SearchScopes\{5D55F36D-DE86-4F4A-AD35-65AC5342BF52}: "URL" = hxxp://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=114435&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=28821cc0000000000000028037ec0200" FF - prefs.js..extensions.enabledAddons: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.2.2 FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.2.643.41 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.18 20:47:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.05 19:58:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.09.19 22:27:37 | 000,000,000 | ---D | M] [2012.04.16 21:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions [2012.09.19 22:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions [2012.09.19 22:36:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\ffxtlbr@babylon.com [2012.08.04 22:30:10 | 000,021,674 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\addon@defaulttab.com.xpi [2012.08.05 11:09:31 | 000,314,397 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2012.09.19 22:27:37 | 000,002,223 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\BabylonMngr.xml [2012.04.23 21:12:27 | 000,002,036 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\search-here.xml [2012.04.16 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.19 22:27:37 | 000,000,000 | ---D | M] (Browser Manager) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\BROWSER MANAGER\2.2.643.41\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION [2012.08.05 19:58:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.19 22:26:27 | 000,002,360 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Babylon Search CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ O1 HOSTS File: ([2012.09.19 20:41:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKCU..\Run: [SDP] C:\Programme\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-48S0V.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O15 - HKLM\..Trusted Domains: ewe.de ([gate] https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9D581F-CC17-4ACE-B151-662E2C1ED90D}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C4ECB1-DF1F-47F5-AEE4-0BE78D45AF19}: DhcpNameServer = 10.160.34.1 10.160.34.2 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.03 05:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.19 22:53:12 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.09.19 22:31:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes [2012.09.19 22:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.09.19 22:30:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Programme\FilesFrog Update Checker [2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\FilesFrog Update Checker [2012.09.19 22:27:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Start Menu [2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager [2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BabylonToolbar [2012.09.19 22:26:44 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar [2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Babylon [2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2012.09.19 20:49:47 | 000,693,265 | ---- | C] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe [2012.09.19 17:43:11 | 000,000,000 | ---D | C] -- C:\avast! sandbox [2012.09.19 17:38:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.09.19 17:38:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.09.19 17:38:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.09.19 17:38:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.09.19 17:35:38 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.09.19 17:35:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Verwaltung [2012.09.19 17:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.09.18 20:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome [2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Google [2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google [2012.09.18 20:47:28 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.09.18 20:47:28 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.09.18 20:47:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus [2012.09.18 20:47:27 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.09.18 20:47:27 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.09.18 20:47:27 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.09.18 20:47:27 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.09.18 20:47:27 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.09.18 20:47:27 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.09.18 20:47:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012.09.18 20:47:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.09.18 20:16:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\QUARANTINE [2012.09.18 18:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\2012_09 Hamburg Arena Polo [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.19 23:14:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job [2012.09.19 23:03:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.09.19 23:03:00 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.19 22:54:19 | 000,531,650 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.09.19 22:54:19 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.09.19 22:54:19 | 000,107,066 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.09.19 22:54:19 | 000,089,478 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.09.19 22:50:15 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.09.19 22:49:56 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job [2012.09.19 22:49:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.19 22:42:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.19 22:33:07 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-48S0V.exe [2012.09.19 22:33:07 | 000,012,842 | ---- | M] () -- C:\WINDOWS\is-48S0V.msg [2012.09.19 22:33:07 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.19 22:33:07 | 000,000,414 | ---- | M] () -- C:\WINDOWS\is-48S0V.lst [2012.09.19 22:27:41 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk [2012.09.19 22:26:45 | 000,000,315 | ---- | M] () -- C:\user.js [2012.09.19 20:49:50 | 000,693,265 | ---- | M] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe [2012.09.19 20:46:52 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe [2012.09.19 20:41:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.09.19 20:34:49 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk [2012.09.18 21:49:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.18 21:45:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2012.09.18 20:55:11 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.09.18 20:52:44 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.09.18 20:47:28 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.09.18 20:22:02 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata [2012.09.18 19:51:18 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf [2012.09.18 18:52:46 | 000,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.08.21 11:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.19 22:33:07 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-48S0V.exe [2012.09.19 22:33:07 | 000,012,842 | ---- | C] () -- C:\WINDOWS\is-48S0V.msg [2012.09.19 22:33:07 | 000,000,414 | ---- | C] () -- C:\WINDOWS\is-48S0V.lst [2012.09.19 22:30:58 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.19 22:27:41 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk [2012.09.19 22:27:38 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Browser Manager.job [2012.09.19 22:26:45 | 000,000,315 | ---- | C] () -- C:\user.js [2012.09.19 20:46:52 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe [2012.09.19 20:34:49 | 000,000,941 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk [2012.09.19 17:38:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.09.19 17:38:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.09.19 17:38:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.09.19 17:38:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.09.19 17:38:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.09.18 21:45:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2012.09.18 20:52:44 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.09.18 20:47:30 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.09.18 20:47:30 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.18 20:47:28 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.09.18 20:47:27 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.09.18 20:22:02 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata [2012.09.18 19:51:08 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf [2012.04.22 21:37:08 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.13 17:46:48 | 000,120,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.09.20 16:20:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2011.02.27 09:21:40 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin [2011.02.27 09:21:40 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin [2011.02.27 09:21:38 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin [2011.02.27 09:00:22 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll [2011.02.27 08:58:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config ========== ZeroAccess Check ========== [2012.03.12 17:39:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini < End of report > Problemlage kann ich so nicht beurteilen. Hab auch ein bisschen den Überblick verloren. Gruß frglaner Hallo Schrauber, Display bleibt jetzt blau nach dem Hochfahren (weißer Bildschirm mit ursprünglichem Eintrag "Webseite kann nicht..." erscheint nicht mehr). Task-Manager kann angesteuert werden. Sonst geht nix... Gruß frglaner |
20.09.2012, 06:56 | #12 |
/// the machine /// TB-Ausbilder | Webseite kann nicht angezeigt werden Bitte starte mal OTl, setze bei Extra Registrierung den Button auf Benutze Safe List und klick Scan, poste beide Logfiles. Start > ausführen: sfc /scannow
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
20.09.2012, 15:13 | #13 |
| Webseite kann nicht angezeigt werden Also hier die Logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.9.2012 16:04:12 - Run 7 OTL by OldTimer - Version 3.2.63.0 Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy 2,94 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 77,88% Memory free 4,79 Gb Paging File | 4,26 Gb Available in Paging File | 89,02% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 89,43 Gb Total Space | 74,39 Gb Free Space | 83,19% Space Free | Partition Type: NTFS Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator. Cannot determine boot mode. | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe PRC - [2012.09.18 21:48:21 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.08.05 19:58:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe PRC - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe PRC - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe PRC - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) -- C:\Programme\Netwatch\NetWatch.exe PRC - [2010.08.25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe PRC - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe PRC - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe PRC - [2009.01.16 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe PRC - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.13 22:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.09.20 08:28:32 | 001,811,968 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12092000\algo.dll MOD - [2012.09.19 22:28:30 | 001,811,456 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091901\algo.dll MOD - [2012.09.19 22:27:36 | 002,098,200 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe MOD - [2012.09.06 07:25:54 | 000,467,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-14.0.1.dll MOD - [2012.08.05 19:58:18 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010.02.17 12:20:36 | 000,065,576 | R--- | M] () -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2009.01.16 17:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll MOD - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.08.05 19:58:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.29 13:14:11 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2011.05.23 12:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe -- (WMCoreService) SRV - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) [Auto | Running] -- C:\Programme\Netwatch\NetWatch.exe -- (NetWatch) SRV - [2010.08.25 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield) SRV - [2010.08.25 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService) SRV - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1e5132.sys -- (e1express) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.05.27 11:06:16 | 001,970,726 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2011.05.13 21:51:18 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2011.03.08 11:25:58 | 000,144,984 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR) DRV - [2011.02.28 15:24:02 | 000,087,592 | R--- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\h36wgps.sys -- (h36wgps) DRV - [2011.02.11 14:46:36 | 000,149,960 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys -- (Mbm4NUn) DRV - [2011.02.11 14:46:36 | 000,138,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys -- (Mbm4mdm) DRV - [2011.02.11 14:46:36 | 000,132,808 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys -- (Mbm4mgmt) DRV - [2011.02.11 14:46:36 | 000,024,904 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys -- (Mbm4NNd5) DRV - [2011.02.11 14:46:34 | 000,122,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4bus.sys -- (Mbm4bus) DRV - [2011.02.11 14:46:34 | 000,014,920 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys -- (Mbm4mdfl) DRV - [2011.02.09 14:26:44 | 000,023,640 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci) DRV - [2011.01.06 14:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011.01.06 14:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010.12.21 01:27:06 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress) DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI) DRV - [2010.10.15 01:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010.09.02 09:41:18 | 002,699,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2010.08.25 21:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010.08.25 21:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010.08.25 21:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010.08.25 21:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010.08.25 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2010.08.25 21:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2010.07.22 23:52:36 | 000,932,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2010.07.22 23:52:30 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2010.01.26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud) DRV - [2008.07.23 11:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = EWE AG - Strom, Erdgas und Telekommunikation aus einer Hand IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = Babylon Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114435&tt=120912_ccp_3812_8&babsrc=SP_ss&mntrId=28821cc0000000000000028037ec0200 IE - HKCU\..\SearchScopes\{5D55F36D-DE86-4F4A-AD35-65AC5342BF52}: "URL" = hxxp://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=114435&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=28821cc0000000000000028037ec0200" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.18 20:47:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.05 19:58:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.09.19 22:27:37 | 000,000,000 | ---D | M] [2012.04.16 21:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions [2012.09.19 22:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions [2012.09.19 22:36:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\ffxtlbr@babylon.com [2012.08.04 22:30:10 | 000,021,674 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\addon@defaulttab.com.xpi [2012.08.05 11:09:31 | 000,314,397 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2012.09.19 22:27:37 | 000,002,223 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\BabylonMngr.xml [2012.04.23 21:12:27 | 000,002,036 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\search-here.xml [2012.04.16 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.19 22:27:37 | 000,000,000 | ---D | M] (Browser Manager) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\BROWSER MANAGER\2.2.643.41\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION [2012.08.05 19:58:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.19 22:26:27 | 000,002,360 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Babylon Search CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ O1 HOSTS File: ([2012.09.19 20:41:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKCU..\Run: [SDP] C:\Programme\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-48S0V.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O15 - HKLM\..Trusted Domains: ewe.de ([gate] https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.6.108.140 212.6.108.141 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9D581F-CC17-4ACE-B151-662E2C1ED90D}: DhcpNameServer = 212.6.108.140 212.6.108.141 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C4ECB1-DF1F-47F5-AEE4-0BE78D45AF19}: DhcpNameServer = 10.160.34.1 10.160.34.2 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.03 05:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.19 23:40:33 | 000,000,000 | ---D | C] -- C:\avast! sandbox [2012.09.19 22:53:12 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.09.19 22:31:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes [2012.09.19 22:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.09.19 22:30:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Programme\FilesFrog Update Checker [2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\FilesFrog Update Checker [2012.09.19 22:27:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Start Menu [2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager [2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BabylonToolbar [2012.09.19 22:26:44 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar [2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Babylon [2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2012.09.19 20:49:47 | 000,693,265 | ---- | C] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe [2012.09.19 17:38:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.09.19 17:38:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.09.19 17:38:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.09.19 17:38:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.09.19 17:35:38 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.09.19 17:35:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Verwaltung [2012.09.19 17:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.09.18 20:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome [2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Google [2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google [2012.09.18 20:47:28 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.09.18 20:47:28 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.09.18 20:47:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus [2012.09.18 20:47:27 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.09.18 20:47:27 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.09.18 20:47:27 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.09.18 20:47:27 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.09.18 20:47:27 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.09.18 20:47:27 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.09.18 20:47:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012.09.18 20:47:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.09.18 20:16:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\QUARANTINE [2012.09.18 18:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\2012_09 Hamburg Arena Polo [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.20 16:09:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job [2012.09.20 16:03:05 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.09.20 15:53:01 | 000,531,650 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.09.20 15:53:01 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.09.20 15:53:01 | 000,107,066 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.09.20 15:53:01 | 000,089,478 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.09.20 15:49:00 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.09.20 15:48:34 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.20 15:48:34 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job [2012.09.20 15:48:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.20 07:15:49 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.19 22:33:07 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-48S0V.exe [2012.09.19 22:33:07 | 000,012,842 | ---- | M] () -- C:\WINDOWS\is-48S0V.msg [2012.09.19 22:33:07 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.19 22:33:07 | 000,000,414 | ---- | M] () -- C:\WINDOWS\is-48S0V.lst [2012.09.19 22:27:41 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk [2012.09.19 22:26:45 | 000,000,315 | ---- | M] () -- C:\user.js [2012.09.19 20:49:50 | 000,693,265 | ---- | M] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe [2012.09.19 20:46:52 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe [2012.09.19 20:41:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.09.19 20:34:49 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk [2012.09.18 21:49:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.18 21:45:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2012.09.18 20:55:11 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.09.18 20:52:44 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.09.18 20:47:28 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.09.18 20:22:02 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata [2012.09.18 19:51:18 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf [2012.09.18 18:52:46 | 000,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.20 15:48:48 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Browser Manager.job [2012.09.19 22:33:07 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-48S0V.exe [2012.09.19 22:33:07 | 000,012,842 | ---- | C] () -- C:\WINDOWS\is-48S0V.msg [2012.09.19 22:33:07 | 000,000,414 | ---- | C] () -- C:\WINDOWS\is-48S0V.lst [2012.09.19 22:30:58 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.19 22:27:41 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk [2012.09.19 22:26:45 | 000,000,315 | ---- | C] () -- C:\user.js [2012.09.19 20:46:52 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe [2012.09.19 20:34:49 | 000,000,941 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk [2012.09.19 17:38:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.09.19 17:38:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.09.19 17:38:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.09.19 17:38:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.09.19 17:38:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.09.18 21:45:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2012.09.18 20:52:44 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.09.18 20:47:30 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.09.18 20:47:30 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.18 20:47:28 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.09.18 20:47:27 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.09.18 20:22:02 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata [2012.09.18 19:51:08 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf [2012.04.22 21:37:08 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.13 17:46:48 | 000,120,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.09.20 16:20:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2011.02.27 09:21:40 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin [2011.02.27 09:21:40 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin [2011.02.27 09:21:38 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin [2011.02.27 09:00:22 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll [2011.02.27 08:58:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config ========== ZeroAccess Check ========== [2012.03.12 17:39:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.9.2012 16:04:12 - Run 7 OTL by OldTimer - Version 3.2.63.0 Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy 2,94 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 77,88% Memory free 4,79 Gb Paging File | 4,26 Gb Available in Paging File | 89,02% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 89,43 Gb Total Space | 74,39 Gb Free Space | 83,19% Space Free | Partition Type: NTFS Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator. Cannot determine boot mode. | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\McAfee\Common Framework\FrameworkService.exe" = C:\Programme\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.) "C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe" = C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker -- (Bitberry Software) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{646E8C34-C88B-42F9-9F41-985A801219E1}" = HP Mobile Broadband Drivers "{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}" = McAfee Agent "{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E0824C9B-F196-4667-8CE8-3A0B685B0820}" = HP HotKey Support "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{F48BE301-EC78-4686-B580-EE4934558798}" = Broadcom 2070 Bluetooth 3.0 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "avast" = avast! Free Antivirus "BabylonToolbar" = Babylon toolbar on IE "Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32 "ESET Online Scanner" = ESET Online Scanner v3 "FilesFrog Update Checker" = FilesFrog Update Checker "FinalMediaPlayer_is1" = Final Media Player 2011 "Google Chrome" = Google Chrome "ie8" = Windows Internet Explorer 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "PROPLUS" = Microsoft Office Professional Plus 2007 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Trusted Software Assistant_is1" = File Type Assistant "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "winusb0100" = Microsoft WinUsb 1.0 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb. Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ Application Events ] Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb. Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ Application Events ] Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb. Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 20.9.2012 01:16:18 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: aswSnx aswTdi mfehidk Error - 20.9.2012 01:21:36 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_161D103C&REV_30\4&3277fbd5&0&00E2) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 20.9.2012 01:21:36 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_161D103C&REV_30\4&3277fbd5&0&01E2) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 20.9.2012 01:21:37 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_161D103C&REV_30\4&3277fbd5&0&02E2) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7001 Description = Der Dienst "McAfee Validation Trust Protection Service" ist vom Dienst "McAfee Inc. mfehidk" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7001 Description = Der Dienst "McAfee McShield" ist vom Dienst "McAfee Validation Trust Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: aswSnx aswTdi mfehidk Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_161D103C&REV_30\4&3277fbd5&0&00E2) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_161D103C&REV_30\4&3277fbd5&0&01E2) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_161D103C&REV_30\4&3277fbd5&0&02E2) wurde ohne vorbereitende Maßnahmen vom System entfernt. < End of report > |
20.09.2012, 15:14 | #14 |
| Webseite kann nicht angezeigt werden Also hier die Logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.9.2012 16:04:12 - Run 7 OTL by OldTimer - Version 3.2.63.0 Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy 2,94 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 77,88% Memory free 4,79 Gb Paging File | 4,26 Gb Available in Paging File | 89,02% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 89,43 Gb Total Space | 74,39 Gb Free Space | 83,19% Space Free | Partition Type: NTFS Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator. Cannot determine boot mode. | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe PRC - [2012.09.18 21:48:21 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.08.05 19:58:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe PRC - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe PRC - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe PRC - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) -- C:\Programme\Netwatch\NetWatch.exe PRC - [2010.08.25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe PRC - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe PRC - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe PRC - [2009.01.16 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe PRC - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.13 22:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.09.20 08:28:32 | 001,811,968 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12092000\algo.dll MOD - [2012.09.19 22:28:30 | 001,811,456 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091901\algo.dll MOD - [2012.09.19 22:27:36 | 002,098,200 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe MOD - [2012.09.06 07:25:54 | 000,467,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-14.0.1.dll MOD - [2012.08.05 19:58:18 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010.02.17 12:20:36 | 000,065,576 | R--- | M] () -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2009.01.16 17:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll MOD - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.08.05 19:58:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.29 13:14:11 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2011.05.23 12:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe -- (WMCoreService) SRV - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) [Auto | Running] -- C:\Programme\Netwatch\NetWatch.exe -- (NetWatch) SRV - [2010.08.25 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield) SRV - [2010.08.25 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService) SRV - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1e5132.sys -- (e1express) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.05.27 11:06:16 | 001,970,726 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2011.05.13 21:51:18 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2011.03.08 11:25:58 | 000,144,984 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR) DRV - [2011.02.28 15:24:02 | 000,087,592 | R--- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\h36wgps.sys -- (h36wgps) DRV - [2011.02.11 14:46:36 | 000,149,960 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys -- (Mbm4NUn) DRV - [2011.02.11 14:46:36 | 000,138,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys -- (Mbm4mdm) DRV - [2011.02.11 14:46:36 | 000,132,808 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys -- (Mbm4mgmt) DRV - [2011.02.11 14:46:36 | 000,024,904 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys -- (Mbm4NNd5) DRV - [2011.02.11 14:46:34 | 000,122,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4bus.sys -- (Mbm4bus) DRV - [2011.02.11 14:46:34 | 000,014,920 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys -- (Mbm4mdfl) DRV - [2011.02.09 14:26:44 | 000,023,640 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci) DRV - [2011.01.06 14:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011.01.06 14:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010.12.21 01:27:06 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress) DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI) DRV - [2010.10.15 01:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010.09.02 09:41:18 | 002,699,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2010.08.25 21:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010.08.25 21:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010.08.25 21:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010.08.25 21:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010.08.25 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2010.08.25 21:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2010.07.22 23:52:36 | 000,932,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2010.07.22 23:52:30 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2010.01.26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud) DRV - [2008.07.23 11:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = EWE AG - Strom, Erdgas und Telekommunikation aus einer Hand IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = Babylon Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114435&tt=120912_ccp_3812_8&babsrc=SP_ss&mntrId=28821cc0000000000000028037ec0200 IE - HKCU\..\SearchScopes\{5D55F36D-DE86-4F4A-AD35-65AC5342BF52}: "URL" = hxxp://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=114435&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=28821cc0000000000000028037ec0200" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.18 20:47:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.05 19:58:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.09.19 22:27:37 | 000,000,000 | ---D | M] [2012.04.16 21:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions [2012.09.19 22:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions [2012.09.19 22:36:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\ffxtlbr@babylon.com [2012.08.04 22:30:10 | 000,021,674 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\addon@defaulttab.com.xpi [2012.08.05 11:09:31 | 000,314,397 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2012.09.19 22:27:37 | 000,002,223 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\BabylonMngr.xml [2012.04.23 21:12:27 | 000,002,036 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\search-here.xml [2012.04.16 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.19 22:27:37 | 000,000,000 | ---D | M] (Browser Manager) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\BROWSER MANAGER\2.2.643.41\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION [2012.08.05 19:58:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.19 22:26:27 | 000,002,360 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Babylon Search CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ O1 HOSTS File: ([2012.09.19 20:41:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKCU..\Run: [SDP] C:\Programme\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-48S0V.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O15 - HKLM\..Trusted Domains: ewe.de ([gate] https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.6.108.140 212.6.108.141 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9D581F-CC17-4ACE-B151-662E2C1ED90D}: DhcpNameServer = 212.6.108.140 212.6.108.141 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C4ECB1-DF1F-47F5-AEE4-0BE78D45AF19}: DhcpNameServer = 10.160.34.1 10.160.34.2 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.03 05:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.19 23:40:33 | 000,000,000 | ---D | C] -- C:\avast! sandbox [2012.09.19 22:53:12 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.09.19 22:31:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes [2012.09.19 22:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.09.19 22:30:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Programme\FilesFrog Update Checker [2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\FilesFrog Update Checker [2012.09.19 22:27:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Start Menu [2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager [2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BabylonToolbar [2012.09.19 22:26:44 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar [2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Babylon [2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2012.09.19 20:49:47 | 000,693,265 | ---- | C] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe [2012.09.19 17:38:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.09.19 17:38:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.09.19 17:38:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.09.19 17:38:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.09.19 17:35:38 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.09.19 17:35:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Verwaltung [2012.09.19 17:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.09.18 20:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome [2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Google [2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google [2012.09.18 20:47:28 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.09.18 20:47:28 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.09.18 20:47:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus [2012.09.18 20:47:27 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.09.18 20:47:27 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.09.18 20:47:27 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.09.18 20:47:27 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.09.18 20:47:27 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.09.18 20:47:27 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.09.18 20:47:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012.09.18 20:47:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.09.18 20:16:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\QUARANTINE [2012.09.18 18:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\2012_09 Hamburg Arena Polo [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.20 16:09:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job [2012.09.20 16:03:05 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.09.20 15:53:01 | 000,531,650 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.09.20 15:53:01 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.09.20 15:53:01 | 000,107,066 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.09.20 15:53:01 | 000,089,478 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.09.20 15:49:00 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.09.20 15:48:34 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.20 15:48:34 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job [2012.09.20 15:48:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.20 07:15:49 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.19 22:33:07 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-48S0V.exe [2012.09.19 22:33:07 | 000,012,842 | ---- | M] () -- C:\WINDOWS\is-48S0V.msg [2012.09.19 22:33:07 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.19 22:33:07 | 000,000,414 | ---- | M] () -- C:\WINDOWS\is-48S0V.lst [2012.09.19 22:27:41 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk [2012.09.19 22:26:45 | 000,000,315 | ---- | M] () -- C:\user.js [2012.09.19 20:49:50 | 000,693,265 | ---- | M] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe [2012.09.19 20:46:52 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe [2012.09.19 20:41:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.09.19 20:34:49 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk [2012.09.18 21:49:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.18 21:45:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2012.09.18 20:55:11 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.09.18 20:52:44 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.09.18 20:47:28 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.09.18 20:22:02 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata [2012.09.18 19:51:18 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf [2012.09.18 18:52:46 | 000,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.20 15:48:48 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Browser Manager.job [2012.09.19 22:33:07 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-48S0V.exe [2012.09.19 22:33:07 | 000,012,842 | ---- | C] () -- C:\WINDOWS\is-48S0V.msg [2012.09.19 22:33:07 | 000,000,414 | ---- | C] () -- C:\WINDOWS\is-48S0V.lst [2012.09.19 22:30:58 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.19 22:27:41 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk [2012.09.19 22:26:45 | 000,000,315 | ---- | C] () -- C:\user.js [2012.09.19 20:46:52 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe [2012.09.19 20:34:49 | 000,000,941 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk [2012.09.19 17:38:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.09.19 17:38:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.09.19 17:38:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.09.19 17:38:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.09.19 17:38:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.09.18 21:45:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2012.09.18 20:52:44 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.09.18 20:47:30 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.09.18 20:47:30 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.18 20:47:28 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.09.18 20:47:27 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.09.18 20:22:02 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata [2012.09.18 19:51:08 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf [2012.04.22 21:37:08 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.13 17:46:48 | 000,120,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.09.20 16:20:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2011.02.27 09:21:40 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin [2011.02.27 09:21:40 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin [2011.02.27 09:21:38 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin [2011.02.27 09:00:22 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll [2011.02.27 08:58:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config ========== ZeroAccess Check ========== [2012.03.12 17:39:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.9.2012 16:04:12 - Run 7 OTL by OldTimer - Version 3.2.63.0 Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy 2,94 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 77,88% Memory free 4,79 Gb Paging File | 4,26 Gb Available in Paging File | 89,02% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 89,43 Gb Total Space | 74,39 Gb Free Space | 83,19% Space Free | Partition Type: NTFS Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator. Cannot determine boot mode. | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\McAfee\Common Framework\FrameworkService.exe" = C:\Programme\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.) "C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe" = C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker -- (Bitberry Software) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{646E8C34-C88B-42F9-9F41-985A801219E1}" = HP Mobile Broadband Drivers "{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}" = McAfee Agent "{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E0824C9B-F196-4667-8CE8-3A0B685B0820}" = HP HotKey Support "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{F48BE301-EC78-4686-B580-EE4934558798}" = Broadcom 2070 Bluetooth 3.0 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "avast" = avast! Free Antivirus "BabylonToolbar" = Babylon toolbar on IE "Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32 "ESET Online Scanner" = ESET Online Scanner v3 "FilesFrog Update Checker" = FilesFrog Update Checker "FinalMediaPlayer_is1" = Final Media Player 2011 "Google Chrome" = Google Chrome "ie8" = Windows Internet Explorer 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "PROPLUS" = Microsoft Office Professional Plus 2007 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Trusted Software Assistant_is1" = File Type Assistant "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "winusb0100" = Microsoft WinUsb 1.0 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb. Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ Application Events ] Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb. Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ Application Events ] Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb. Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 20.9.2012 01:16:18 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: aswSnx aswTdi mfehidk Error - 20.9.2012 01:21:36 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_161D103C&REV_30\4&3277fbd5&0&00E2) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 20.9.2012 01:21:36 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_161D103C&REV_30\4&3277fbd5&0&01E2) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 20.9.2012 01:21:37 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_161D103C&REV_30\4&3277fbd5&0&02E2) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7001 Description = Der Dienst "McAfee Validation Trust Protection Service" ist vom Dienst "McAfee Inc. mfehidk" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7001 Description = Der Dienst "McAfee McShield" ist vom Dienst "McAfee Validation Trust Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: aswSnx aswTdi mfehidk Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_161D103C&REV_30\4&3277fbd5&0&00E2) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_161D103C&REV_30\4&3277fbd5&0&01E2) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_161D103C&REV_30\4&3277fbd5&0&02E2) wurde ohne vorbereitende Maßnahmen vom System entfernt. < End of report > Warum das immer zwei Mal kommt ist mir schleierhaft... sfc /scannow ausgeführt mit nicht nachvollziehbarem Ergebnis. ? Gruß frglaner |
20.09.2012, 15:52 | #15 |
/// the machine /// TB-Ausbilder | Webseite kann nicht angezeigt werden Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Webseite kann nicht angezeigt werden |
abbruch, abgesicherte, abgesicherten, angezeigt, avast, besuch, cdburnerxp, desktop, fontcache, interne, internetseite, modus, netzwerk, neustart, nichts, ntdll.dll, problem, rechner, scan, scanner, schei, schöne, schönen, seite, task-manager, virenscan, virenscanner, webseite |