Falsche Seiten bei Internetexplorer und Firefox werden aufgerufen

cosinus · 19.10.2012, 10:49

Zitat:

Was Du mit Incredibar und Mystart meinst, ist mir nicht klar.

Das war doch nur ein Beispiel! Das Verhalten ist gleich bzw ähnlich ob es nun ihavenet, mystart oder irgendeinanderer Werbedreck ist!

Mach bitte einen (neuen) CustomScan mit OTL - das Log davon nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

himbeertoni2 · 19.10.2012, 12:03

Bittschön, ich hoffe so stimmts.

Code:

ATTFilter

OTL Logfile:

	Code: 

 ATTFilter

  
	OTL logfile created on: 19.10.2012 12:46:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\download
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 49,75% Memory free
3,81 Gb Paging File | 3,31 Gb Available in Paging File | 86,87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,50 Gb Total Space | 40,67 Gb Free Space | 54,59% Space Free | Partition Type: NTFS
Drive K: | 78,09 Gb Total Space | 44,12 Gb Free Space | 56,50% Space Free | Partition Type: NTFS
Drive L: | 78,09 Gb Total Space | 44,12 Gb Free Space | 56,50% Space Free | Partition Type: NTFS
Drive N: | 148,38 Gb Total Space | 19,68 Gb Free Space | 13,26% Space Free | Partition Type: NTFS
Drive O: | 148,38 Gb Total Space | 19,68 Gb Free Space | 13,26% Space Free | Partition Type: NTFS
Drive P: | 148,38 Gb Total Space | 19,68 Gb Free Space | 13,26% Space Free | Partition Type: NTFS
 
Computer Name: USER9 | User Name: info | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.19 12:42:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\download\OTL.exe
PRC - [2012.10.13 15:22:07 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.04.20 07:59:04 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.07.15 11:40:22 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2011.07.15 11:38:38 | 001,052,480 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2008.07.14 16:17:22 | 002,525,720 | ---- | M] (Intel) -- C:\Programme\Intel\AMT\UNS.exe
PRC - [2008.07.14 16:17:22 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\atchksrv.exe
PRC - [2008.07.14 16:17:20 | 000,109,080 | ---- | M] (Intel) -- C:\Programme\Intel\AMT\LMS.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.05.04 11:07:38 | 000,085,600 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\VPTray.exe
PRC - [2005.05.04 11:05:26 | 001,727,072 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\Rtvscan.exe
PRC - [2005.05.04 11:03:22 | 000,019,552 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\DefWatch.exe
PRC - [2005.04.18 15:58:36 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
PRC - [2005.04.18 15:57:30 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
PRC - [2005.04.18 15:57:04 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.13 15:22:07 | 002,294,240 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.10.09 14:02:18 | 009,814,968 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012.07.27 22:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
MOD - [2010.11.26 13:19:16 | 000,139,264 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2009.08.23 19:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2005.01.06 18:33:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.13 15:22:07 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 14:02:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.04.20 07:59:04 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.09.12 20:26:20 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.15 11:38:38 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.07.15 11:35:34 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008.07.14 16:17:22 | 002,525,720 | ---- | M] (Intel) [Auto | Running] -- C:\Programme\Intel\AMT\UNS.exe -- (UNS)
SRV - [2008.07.14 16:17:22 | 000,182,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\atchksrv.exe -- (atchksrv)
SRV - [2008.07.14 16:17:20 | 000,109,080 | ---- | M] (Intel) [Auto | Running] -- C:\Programme\Intel\AMT\LMS.exe -- (LMS)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.05.04 11:06:02 | 000,128,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Programme\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005.05.04 11:05:26 | 001,727,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005.05.04 11:03:22 | 000,019,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005.04.18 15:58:36 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005.04.18 15:58:14 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005.04.18 15:57:30 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005.04.05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005.03.30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.17 10:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20121017.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.09.17 10:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20121017.019\NAVENG.SYS -- (NAVENG)
DRV - [2012.08.01 02:34:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
DRV - [2012.08.01 02:34:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.06.22 18:01:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.10.14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.06.10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008.07.14 16:11:36 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2005.04.05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2005.04.05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2005.04.01 20:36:04 | 000,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005.03.30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005.02.04 20:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005.02.04 20:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Symantec AntiVirus\savrt.sys -- (SAVRT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-620666589-249995487-2555250118-1145\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-620666589-249995487-2555250118-1145\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-620666589-249995487-2555250118-1145\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-620666589-249995487-2555250118-1145\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-620666589-249995487-2555250118-1145\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-620666589-249995487-2555250118-1145\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 F6 70 C4 EB 76 CC 01  [binary data]
IE - HKU\S-1-5-21-620666589-249995487-2555250118-1145\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-620666589-249995487-2555250118-1145\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-620666589-249995487-2555250118-1145\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-620666589-249995487-2555250118-1145\..\SearchScopes\{0A3323D5-D136-4472-A222-6BDC1ECFD296}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-620666589-249995487-2555250118-1145\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.3
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Programme\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.13 15:22:07 | 000,000,000 | ---D | M]
 
[2012.05.10 12:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Mozilla\Extensions
[2012.05.10 12:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.10.11 13:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Mozilla\Firefox\Profiles\n8wx67ew.default\extensions
[2012.08.16 08:58:34 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Mozilla\Firefox\Profiles\n8wx67ew.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.10.11 13:37:31 | 000,252,340 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Mozilla\Firefox\Profiles\n8wx67ew.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.10.13 15:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.13 15:22:07 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.06.21 15:28:44 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 09:45:43 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.21 15:28:44 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 15:28:44 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 15:28:44 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 15:28:44 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2004.08.16 20:16:51 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-620666589-249995487-2555250118-1145..\Run: [GoogleDriveSync] C:\Programme\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-620666589-249995487-2555250118-1145..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-620666589-249995487-2555250118-1145\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263381451390 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.121.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ACR-Alzenau.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0B3EA82-2F94-4AE1-8ED0-622DECB833F1}: DhcpNameServer = 192.168.121.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.13 12:44:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.10.06 11:14:00 | 000,729,464 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O32 - AutoRun File - [2011.05.16 10:05:43 | 000,011,222 | ---- | M] () - K:\autonet 86795.jpg -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.18 11:47:38 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.10.15 18:14:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Anwendungsdaten\Avg2013
[2012.10.15 10:09:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Malwarebytes
[2012.10.15 10:02:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.10.15 10:02:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.10.15 10:02:24 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.10.15 10:02:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.10.15 09:21:43 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2012.10.15 09:21:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Anwendungsdaten\MFAData
[2012.10.15 09:21:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2012.10.13 15:21:57 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2012.10.13 11:04:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\info\Eigene Dateien\Google Drive
[2012.10.13 11:01:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.13 10:47:28 | 000,000,000 | --SD | C] -- C:\Google Drive
[2012.10.13 10:45:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Drive
[2012.10.11 14:29:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.10.11 14:21:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\anpo.republika.pl
[2012.10.11 14:19:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\fltk.org
[2012.10.08 10:49:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\EurekaLog
[2012.10.04 11:02:41 | 000,000,000 | ---D | C] -- C:\Programme\Garmin GPS Plugin
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.19 12:50:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C64888E2-EC42-4C39-97CC-CA31003B95E5}.job
[2012.10.19 12:02:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.10.19 11:52:01 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.18 17:17:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.18 17:16:37 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\dagbh.job
[2012.10.18 17:16:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.10.18 13:26:40 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.17 09:00:08 | 000,103,192 | ---- | M] () -- C:\Dokumente und Einstellungen\info\Eigene Dateien\VW Pioneer.pdf
[2012.10.13 10:47:28 | 000,001,443 | ---- | M] () -- C:\Dokumente und Einstellungen\info\Desktop\Google Drive.lnk
[2012.10.11 14:09:22 | 000,098,304 | RHS- | M] () -- C:\WINDOWS\System32\gsrvctr4.dll
[2012.10.11 03:54:03 | 000,001,783 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.10.10 17:16:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.24 18:16:19 | 000,001,732 | -H-- | M] () -- C:\Dokumente und Einstellungen\info\Eigene Dateien\Default.rdp
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.17 09:00:08 | 000,103,192 | ---- | C] () -- C:\Dokumente und Einstellungen\info\Eigene Dateien\VW Pioneer.pdf
[2012.10.15 10:02:48 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.11 14:09:23 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\dagbh.job
[2012.10.11 14:09:22 | 000,098,304 | RHS- | C] () -- C:\WINDOWS\System32\gsrvctr4.dll
[2012.09.24 17:50:57 | 000,001,732 | -H-- | C] () -- C:\Dokumente und Einstellungen\info\Eigene Dateien\Default.rdp
[2012.09.08 09:18:57 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\ChilkatCsv.dll
[2012.02.15 04:03:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.14 11:28:57 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2011.11.11 15:50:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.09.23 16:15:43 | 001,552,051 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-620666589-249995487-2555250118-1145-0.dat
[2011.09.23 16:15:39 | 000,274,298 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.09.23 09:54:29 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011.09.23 09:54:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2011.09.16 12:12:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2011.09.16 12:04:35 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\zSHP2600.EXE
[2011.09.16 12:04:34 | 011,206,656 | ---- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL
[2011.09.16 12:04:34 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\ZHHP2600.EXE
[2011.09.16 12:04:33 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\AGISSI.DLL
[2011.09.16 08:40:08 | 000,009,360 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2011.09.12 21:20:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2011.09.12 20:22:49 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
 
========== ZeroAccess Check ==========
 
[2010.01.13 13:10:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 08:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.09.19 18:22:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2010.01.13 15:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2012.10.15 09:21:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2011.09.23 09:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2011.10.17 08:10:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GARMIN
[2012.10.15 18:31:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2011.10.17 08:08:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ODIR
[2012.10.11 14:29:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.05.10 12:38:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2011.09.12 20:24:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.09.12 20:24:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011.09.29 12:49:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\1&1
[2012.10.11 14:21:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\anpo.republika.pl
[2011.12.13 09:43:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\becker
[2012.10.13 10:04:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\EurekaLog
[2012.07.19 16:28:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\FileZilla
[2012.10.11 14:19:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\fltk.org
[2012.10.13 11:01:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Garmin
[2012.10.13 11:58:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\gsak
[2011.09.24 10:10:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\HTC
[2012.02.04 14:21:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.07.09 14:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\naviextras
[2012.04.27 10:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Nvu
[2011.09.19 17:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\TeamViewer
[2012.05.10 12:37:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\TomTom
[2012.10.15 09:27:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\TuneUp Software
[2011.09.19 19:39:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Windows Search
[2010.09.07 18:08:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Canneverbe Limited
[2011.09.13 19:05:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\TeamViewer
[2011.09.12 20:24:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\TuneUp Software
[2011.09.12 19:48:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Windows Desktop Search
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.29 12:49:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\1&1
[2011.09.24 10:08:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Adobe
[2012.10.11 14:21:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\anpo.republika.pl
[2011.12.13 09:43:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\becker
[2012.10.13 10:04:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\EurekaLog
[2012.04.02 18:07:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\FastStone
[2012.07.19 16:28:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\FileZilla
[2012.10.11 14:19:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\fltk.org
[2012.10.13 11:01:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Garmin
[2012.10.13 11:58:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\gsak
[2011.09.24 10:10:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\HTC
[2012.02.04 14:21:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.09.16 08:42:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Identities
[2011.09.23 17:02:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Macromedia
[2012.10.15 10:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Malwarebytes
[2012.02.08 16:15:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Media Player Classic
[2012.02.14 09:30:21 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Microsoft
[2011.09.28 16:25:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Mozilla
[2012.07.09 14:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\naviextras
[2012.04.27 10:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Nvu
[2011.09.28 14:43:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Sun
[2011.09.19 17:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\TeamViewer
[2012.05.10 12:37:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\TomTom
[2012.10.15 09:27:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\TuneUp Software
[2011.09.19 19:39:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Windows Search
[2011.09.21 10:38:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.12.13 09:53:25 | 007,554,920 | ---- | M] (Nav N Go Kft.) -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\becker\backup\CK-KAA7-RQW3-B1LH-A8QN\283390\drive0\ContentManager\Becker_Content_Manager_Setup.exe
[2011.12.13 09:53:25 | 000,090,112 | ---- | M] () -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\becker\backup\CK-KAA7-RQW3-B1LH-A8QN\283390\drive0\ContentManager\ContentManagerStarter.exe
[2011.12.13 09:53:38 | 008,555,544 | ---- | M] (Nav N Go Kft.) -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\becker\backup\CK-KAA7-RQW3-B1LH-A8QN\283390\drive0\iGO8\iGO8.exe
[2011.12.13 10:03:17 | 000,152,088 | ---- | M] () -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\becker\backup\CK-KAA7-RQW3-B1LH-A8QN\283390\drive0\NNGStart\NNGStart.exe
[2011.09.30 15:50:30 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\info\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
[2010.10.06 11:14:00 | 000,729,464 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autoruns.exe
[2010.11.15 12:45:00 | 004,155,256 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe
[2006.11.01 15:07:00 | 000,334,720 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\RootkitRevealer.exe
[2012.07.13 09:28:14 | 000,225,488 | ---- | M] (Igor Pavlov) -- C:\synctool_C8_download_01.exe
[1999.07.01 20:36:00 | 000,162,816 | ---- | M] () -- C:\wget.exe
 
< MD5 for: AGP440.SYS  >
[2004.08.16 20:26:20 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.16 20:26:20 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.16 20:14:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.07.26 20:02:44 | 000,305,688 | ---- | M] (Intel Corporation) MD5=BDC361489A7F22E568060FA6FB3C960E -- C:\DELL\drivers\SATA\IaStor.sys
[2004.08.16 20:33:30 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.16 20:31:54 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.16 20:31:54 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2010.01.13 13:36:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.01.13 13:36:00 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.01.13 13:36:00 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.10.11 14:09:22 | 000,098,304 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\gsrvctr4.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >
         
 --- --- ---

cosinus · 19.10.2012, 14:03

Ist unauffällig

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

himbeertoni2 · 19.10.2012, 14:37

Hab ich gemacht.

Code:

ATTFilter

15:29:55.0015 2380  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
15:29:55.0359 2380  ============================================================
15:29:55.0359 2380  Current date / time: 2012/10/19 15:29:55.0359
15:29:55.0359 2380  SystemInfo:
15:29:55.0359 2380  
15:29:55.0359 2380  OS Version: 5.1.2600 ServicePack: 3.0
15:29:55.0359 2380  Product type: Workstation
15:29:55.0359 2380  ComputerName: USER9
15:29:55.0359 2380  UserName: info
15:29:55.0359 2380  Windows directory: C:\WINDOWS
15:29:55.0359 2380  System windows directory: C:\WINDOWS
15:29:55.0359 2380  Processor architecture: Intel x86
15:29:55.0359 2380  Number of processors: 2
15:29:55.0359 2380  Page size: 0x1000
15:29:55.0359 2380  Boot type: Normal boot
15:29:55.0359 2380  ============================================================
15:29:56.0609 2380  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:29:56.0609 2380  ============================================================
15:29:56.0609 2380  \Device\Harddisk0\DR0:
15:29:56.0609 2380  MBR partitions:
15:29:56.0609 2380  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950283F
15:29:56.0609 2380  ============================================================
15:29:56.0640 2380  C: <-> \Device\Harddisk0\DR0\Partition1
15:29:56.0656 2380  ============================================================
15:29:56.0656 2380  Initialize success
15:29:56.0656 2380  ============================================================
15:30:28.0546 2800  ============================================================
15:30:28.0546 2800  Scan started
15:30:28.0546 2800  Mode: Manual; SigCheck; TDLFS; 
15:30:28.0546 2800  ============================================================
15:30:29.0062 2800  ================ Scan system memory ========================
15:30:30.0078 2800  System memory - ok
15:30:30.0078 2800  ================ Scan services =============================
15:30:30.0171 2800  Abiosdsk - ok
15:30:30.0171 2800  abp480n5 - ok
15:30:30.0187 2800  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:30:31.0015 2800  ACPI - ok
15:30:31.0046 2800  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
15:30:31.0171 2800  ACPIEC - ok
15:30:31.0218 2800  [ 307F5E03B02A3022D664C36D1EA25F2C ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
15:30:31.0296 2800  ADIHdAudAddService - ok
15:30:31.0343 2800  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:30:31.0359 2800  AdobeFlashPlayerUpdateSvc - ok
15:30:31.0359 2800  adpu160m - ok
15:30:31.0390 2800  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
15:30:31.0484 2800  aec - ok
15:30:31.0562 2800  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
15:30:31.0593 2800  AFD - ok
15:30:31.0593 2800  Aha154x - ok
15:30:31.0593 2800  aic78u2 - ok
15:30:31.0609 2800  aic78xx - ok
15:30:31.0640 2800  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
15:30:31.0734 2800  Alerter - ok
15:30:31.0750 2800  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
15:30:31.0859 2800  ALG - ok
15:30:31.0859 2800  AliIde - ok
15:30:31.0859 2800  amsint - ok
15:30:31.0890 2800  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
15:30:32.0000 2800  AppMgmt - ok
15:30:32.0000 2800  asc - ok
15:30:32.0000 2800  asc3350p - ok
15:30:32.0015 2800  asc3550 - ok
15:30:32.0062 2800  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:30:32.0062 2800  aspnet_state - ok
15:30:32.0078 2800  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:30:32.0171 2800  AsyncMac - ok
15:30:32.0218 2800  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
15:30:32.0296 2800  atapi - ok
15:30:32.0375 2800  [ 68FA51CB9AF5A7C35D493F844223856E ] atchksrv        C:\Programme\Intel\AMT\atchksrv.exe
15:30:32.0406 2800  atchksrv - ok
15:30:32.0406 2800  Atdisk - ok
15:30:32.0421 2800  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:30:32.0515 2800  Atmarpc - ok
15:30:32.0546 2800  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
15:30:32.0656 2800  AudioSrv - ok
15:30:32.0687 2800  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
15:30:32.0765 2800  audstub - ok
15:30:32.0781 2800  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
15:30:32.0875 2800  Beep - ok
15:30:32.0906 2800  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
15:30:33.0000 2800  BITS - ok
15:30:33.0031 2800  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
15:30:33.0062 2800  Browser - ok
15:30:33.0093 2800  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
15:30:33.0187 2800  cbidf2k - ok
15:30:33.0218 2800  [ 75F7548A7F148DEF39C22C1C5148C62B ] ccEvtMgr        C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
15:30:33.0234 2800  ccEvtMgr - ok
15:30:33.0250 2800  [ BD35BED35CF22371FC23E2583C0087F8 ] ccPwdSvc        C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
15:30:33.0265 2800  ccPwdSvc - ok
15:30:33.0281 2800  [ 74815A27890B65B0B791EA4CA12E3263 ] ccSetMgr        C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
15:30:33.0296 2800  ccSetMgr - ok
15:30:33.0296 2800  cd20xrnt - ok
15:30:33.0328 2800  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
15:30:33.0421 2800  Cdaudio - ok
15:30:33.0437 2800  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
15:30:33.0531 2800  Cdfs - ok
15:30:33.0562 2800  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:30:33.0656 2800  Cdrom - ok
15:30:33.0687 2800  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
15:30:33.0765 2800  CiSvc - ok
15:30:33.0796 2800  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
15:30:33.0890 2800  ClipSrv - ok
15:30:33.0906 2800  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:30:33.0937 2800  clr_optimization_v2.0.50727_32 - ok
15:30:33.0968 2800  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:30:33.0984 2800  clr_optimization_v4.0.30319_32 - ok
15:30:33.0984 2800  CmdIde - ok
15:30:33.0984 2800  COMSysApp - ok
15:30:33.0984 2800  Cpqarray - ok
15:30:34.0015 2800  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
15:30:34.0109 2800  CryptSvc - ok
15:30:34.0109 2800  dac2w2k - ok
15:30:34.0109 2800  dac960nt - ok
15:30:34.0156 2800  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
15:30:34.0218 2800  DcomLaunch - ok
15:30:34.0265 2800  [ C85E1B59A12D71D9922647F9CE079AA5 ] DefWatch        C:\Programme\Symantec AntiVirus\DefWatch.exe
15:30:34.0265 2800  DefWatch - ok
15:30:34.0296 2800  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
15:30:34.0406 2800  Dhcp - ok
15:30:34.0421 2800  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
15:30:34.0515 2800  Disk - ok
15:30:34.0515 2800  dmadmin - ok
15:30:34.0562 2800  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
15:30:34.0656 2800  dmboot - ok
15:30:34.0687 2800  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
15:30:34.0781 2800  dmio - ok
15:30:34.0796 2800  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
15:30:34.0890 2800  dmload - ok
15:30:34.0906 2800  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
15:30:35.0000 2800  dmserver - ok
15:30:35.0031 2800  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
15:30:35.0125 2800  DMusic - ok
15:30:35.0156 2800  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
15:30:35.0218 2800  Dnscache - ok
15:30:35.0234 2800  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
15:30:35.0312 2800  Dot3svc - ok
15:30:35.0312 2800  dpti2o - ok
15:30:35.0343 2800  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
15:30:35.0437 2800  drmkaud - ok
15:30:35.0468 2800  [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
15:30:35.0484 2800  e1express - ok
15:30:35.0484 2800  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
15:30:35.0578 2800  EapHost - ok
15:30:35.0625 2800  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
15:30:35.0656 2800  eeCtrl - ok
15:30:35.0687 2800  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilDrv11220 C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
15:30:35.0703 2800  EraserUtilDrv11220 - ok
15:30:35.0734 2800  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
15:30:35.0828 2800  ERSvc - ok
15:30:35.0875 2800  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
15:30:35.0890 2800  Eventlog - ok
15:30:35.0937 2800  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
15:30:35.0984 2800  EventSystem - ok
15:30:36.0015 2800  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
15:30:36.0093 2800  Fastfat - ok
15:30:36.0125 2800  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:30:36.0156 2800  FastUserSwitchingCompatibility - ok
15:30:36.0171 2800  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
15:30:36.0265 2800  Fdc - ok
15:30:36.0296 2800  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
15:30:36.0390 2800  Fips - ok
15:30:36.0390 2800  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
15:30:36.0484 2800  Flpydisk - ok
15:30:36.0531 2800  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
15:30:36.0609 2800  FltMgr - ok
15:30:36.0656 2800  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:30:36.0671 2800  FontCache3.0.0.0 - ok
15:30:36.0703 2800  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:30:36.0828 2800  Fs_Rec - ok
15:30:36.0843 2800  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:30:36.0937 2800  Ftdisk - ok
15:30:36.0968 2800  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:30:37.0031 2800  Gpc - ok
15:30:37.0062 2800  [ CEC45180029F1012054A41CEEEA9CEAB ] grmnusb         C:\WINDOWS\system32\drivers\grmnusb.sys
15:30:37.0062 2800  grmnusb - ok
15:30:37.0093 2800  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:30:37.0187 2800  HDAudBus - ok
15:30:37.0218 2800  [ C865D1F6D03595DF213DC3C67E4E4C58 ] HECI            C:\WINDOWS\system32\DRIVERS\HECI.sys
15:30:37.0265 2800  HECI - ok
15:30:37.0343 2800  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:30:37.0437 2800  helpsvc - ok
15:30:37.0468 2800  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
15:30:37.0562 2800  HidServ - ok
15:30:37.0578 2800  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:30:37.0656 2800  hidusb - ok
15:30:37.0671 2800  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
15:30:37.0750 2800  hkmsvc - ok
15:30:37.0750 2800  hpn - ok
15:30:37.0781 2800  [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32        C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
15:30:37.0843 2800  HTCAND32 - ok
15:30:37.0859 2800  [ 04E3B3554076B8192A668EFE88A682A1 ] htcnprot        C:\WINDOWS\system32\DRIVERS\htcnprot.sys
15:30:37.0875 2800  htcnprot - ok
15:30:37.0921 2800  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
15:30:37.0968 2800  HTTP - ok
15:30:37.0984 2800  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
15:30:38.0078 2800  HTTPFilter - ok
15:30:38.0078 2800  i2omp - ok
15:30:38.0093 2800  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
15:30:38.0203 2800  i8042prt - ok
15:30:38.0375 2800  [ B2768350BB50469AEB1AFE694372B613 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:30:38.0656 2800  ialm - ok
15:30:38.0718 2800  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:30:38.0765 2800  idsvc - ok
15:30:38.0812 2800  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
15:30:38.0906 2800  Imapi - ok
15:30:38.0937 2800  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
15:30:39.0031 2800  ImapiService - ok
15:30:39.0031 2800  ini910u - ok
15:30:39.0031 2800  IntelIde - ok
15:30:39.0062 2800  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:30:39.0156 2800  intelppm - ok
15:30:39.0203 2800  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
15:30:39.0296 2800  Ip6Fw - ok
15:30:39.0328 2800  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:30:39.0421 2800  IpFilterDriver - ok
15:30:39.0437 2800  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:30:39.0531 2800  IpInIp - ok
15:30:39.0562 2800  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:30:39.0656 2800  IpNat - ok
15:30:39.0656 2800  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:30:39.0734 2800  IPSec - ok
15:30:39.0765 2800  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
15:30:39.0859 2800  IRENUM - ok
15:30:39.0875 2800  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:30:39.0953 2800  isapnp - ok
15:30:40.0015 2800  [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
15:30:40.0031 2800  JavaQuickStarterService - ok
15:30:40.0031 2800  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:30:40.0109 2800  Kbdclass - ok
15:30:40.0125 2800  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:30:40.0203 2800  kbdhid - ok
15:30:40.0250 2800  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
15:30:40.0343 2800  kmixer - ok
15:30:40.0343 2800  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
15:30:40.0421 2800  KSecDD - ok
15:30:40.0453 2800  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
15:30:40.0484 2800  lanmanserver - ok
15:30:40.0515 2800  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:30:40.0578 2800  lanmanworkstation - ok
15:30:40.0609 2800  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
15:30:40.0703 2800  LmHosts - ok
15:30:40.0734 2800  [ 7AFA5A94560C3AA0323BA8C6559FDCA0 ] LMS             C:\Programme\Intel\AMT\LMS.exe
15:30:40.0750 2800  LMS - ok
15:30:40.0765 2800  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
15:30:40.0781 2800  MBAMProtector - ok
15:30:40.0828 2800  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:30:40.0859 2800  MBAMScheduler - ok
15:30:40.0890 2800  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
15:30:40.0937 2800  MBAMService - ok
15:30:40.0953 2800  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
15:30:41.0031 2800  Messenger - ok
15:30:41.0109 2800  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
15:30:41.0125 2800  Microsoft Office Groove Audit Service - ok
15:30:41.0140 2800  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
15:30:41.0234 2800  mnmdd - ok
15:30:41.0250 2800  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
15:30:41.0343 2800  mnmsrvc - ok
15:30:41.0359 2800  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
15:30:41.0453 2800  Modem - ok
15:30:41.0468 2800  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:30:41.0562 2800  Mouclass - ok
15:30:41.0578 2800  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:30:41.0671 2800  mouhid - ok
15:30:41.0703 2800  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
15:30:41.0796 2800  MountMgr - ok
15:30:41.0859 2800  [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
15:30:41.0875 2800  MozillaMaintenance - ok
15:30:41.0875 2800  mraid35x - ok
15:30:41.0890 2800  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:30:41.0968 2800  MRxDAV - ok
15:30:41.0984 2800  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:30:42.0031 2800  MRxSmb - ok
15:30:42.0046 2800  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
15:30:42.0140 2800  MSDTC - ok
15:30:42.0171 2800  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
15:30:42.0265 2800  Msfs - ok
15:30:42.0265 2800  MSIServer - ok
15:30:42.0281 2800  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:30:42.0359 2800  MSKSSRV - ok
15:30:42.0375 2800  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:30:42.0453 2800  MSPCLOCK - ok
15:30:42.0453 2800  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
15:30:42.0562 2800  MSPQM - ok
15:30:42.0578 2800  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:30:42.0656 2800  mssmbios - ok
15:30:42.0687 2800  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
15:30:42.0718 2800  Mup - ok
15:30:42.0765 2800  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
15:30:42.0859 2800  napagent - ok
15:30:42.0937 2800  [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG          C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20121017.019\naveng.sys
15:30:42.0937 2800  NAVENG - ok
15:30:43.0000 2800  [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15         C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20121017.019\navex15.sys
15:30:43.0031 2800  NAVEX15 - ok
15:30:43.0046 2800  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
15:30:43.0140 2800  NDIS - ok
15:30:43.0171 2800  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:30:43.0187 2800  NdisTapi - ok
15:30:43.0218 2800  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:30:43.0312 2800  Ndisuio - ok
15:30:43.0328 2800  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:30:43.0421 2800  NdisWan - ok
15:30:43.0437 2800  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
15:30:43.0515 2800  NDProxy - ok
15:30:43.0546 2800  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
15:30:43.0546 2800  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:30:43.0546 2800  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:30:43.0562 2800  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
15:30:43.0656 2800  NetBIOS - ok
15:30:43.0671 2800  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
15:30:43.0765 2800  NetBT - ok
15:30:43.0812 2800  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
15:30:43.0890 2800  NetDDE - ok
15:30:43.0890 2800  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
15:30:43.0968 2800  NetDDEdsdm - ok
15:30:44.0000 2800  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
15:30:44.0093 2800  Netlogon - ok
15:30:44.0125 2800  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
15:30:44.0218 2800  Netman - ok
15:30:44.0250 2800  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:30:44.0265 2800  NetTcpPortSharing - ok
15:30:44.0296 2800  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
15:30:44.0328 2800  Nla - ok
15:30:44.0390 2800  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess       C:\Programme\CDBurnerXP\NMSAccessU.exe
15:30:44.0406 2800  NMSAccess - ok
15:30:44.0406 2800  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
15:30:44.0484 2800  Npfs - ok
15:30:44.0515 2800  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
15:30:44.0625 2800  Ntfs - ok
15:30:44.0625 2800  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
15:30:44.0703 2800  NtLmSsp - ok
15:30:44.0734 2800  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
15:30:44.0843 2800  NtmsSvc - ok
15:30:44.0859 2800  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
15:30:44.0953 2800  Null - ok
15:30:44.0984 2800  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:30:45.0078 2800  NwlnkFlt - ok
15:30:45.0093 2800  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:30:45.0187 2800  NwlnkFwd - ok
15:30:45.0265 2800  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
15:30:45.0296 2800  odserv - ok
15:30:45.0312 2800  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
15:30:45.0328 2800  ose - ok
15:30:45.0343 2800  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
15:30:45.0437 2800  Parport - ok
15:30:45.0453 2800  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
15:30:45.0531 2800  PartMgr - ok
15:30:45.0562 2800  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
15:30:45.0656 2800  ParVdm - ok
15:30:45.0718 2800  [ 68139940B5AC84AFFB7EB1B713BE66E7 ] PassThru Service C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
15:30:45.0750 2800  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
15:30:45.0750 2800  PassThru Service - detected UnsignedFile.Multi.Generic (1)
15:30:45.0750 2800  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
15:30:45.0828 2800  PCI - ok
15:30:45.0843 2800  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
15:30:45.0937 2800  PCIIde - ok
15:30:45.0984 2800  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
15:30:46.0062 2800  Pcmcia - ok
15:30:46.0078 2800  perc2 - ok
15:30:46.0078 2800  perc2hib - ok
15:30:46.0109 2800  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
15:30:46.0109 2800  PlugPlay - ok
15:30:46.0125 2800  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
15:30:46.0140 2800  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:30:46.0140 2800  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:30:46.0171 2800  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
15:30:46.0234 2800  PolicyAgent - ok
15:30:46.0250 2800  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:30:46.0328 2800  PptpMiniport - ok
15:30:46.0328 2800  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:30:46.0406 2800  ProtectedStorage - ok
15:30:46.0421 2800  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
15:30:46.0515 2800  PSched - ok
15:30:46.0546 2800  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:30:46.0640 2800  Ptilink - ok
15:30:46.0656 2800  ql1080 - ok
15:30:46.0656 2800  Ql10wnt - ok
15:30:46.0656 2800  ql12160 - ok
15:30:46.0656 2800  ql1240 - ok
15:30:46.0656 2800  ql1280 - ok
15:30:46.0656 2800  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:30:46.0734 2800  RasAcd - ok
15:30:46.0781 2800  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
15:30:46.0875 2800  RasAuto - ok
15:30:46.0906 2800  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:30:47.0812 2800  Rasl2tp - ok
15:30:47.0843 2800  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
15:30:47.0937 2800  RasMan - ok
15:30:47.0968 2800  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:30:48.0062 2800  RasPppoe - ok
15:30:48.0062 2800  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
15:30:48.0140 2800  Raspti - ok
15:30:48.0156 2800  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:30:48.0234 2800  Rdbss - ok
15:30:48.0250 2800  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:30:48.0343 2800  RDPCDD - ok
15:30:48.0359 2800  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:30:48.0468 2800  rdpdr - ok
15:30:48.0500 2800  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
15:30:48.0531 2800  RDPWD - ok
15:30:48.0578 2800  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
15:30:48.0671 2800  RDSessMgr - ok
15:30:48.0687 2800  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
15:30:48.0781 2800  redbook - ok
15:30:48.0828 2800  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
15:30:48.0906 2800  RemoteAccess - ok
15:30:48.0921 2800  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
15:30:49.0000 2800  RemoteRegistry - ok
15:30:49.0015 2800  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
15:30:49.0093 2800  RpcLocator - ok
15:30:49.0109 2800  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
15:30:49.0140 2800  RpcSs - ok
15:30:49.0171 2800  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
15:30:49.0265 2800  RSVP - ok
15:30:49.0281 2800  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
15:30:49.0359 2800  SamSs - ok
15:30:49.0375 2800  [ F5A114922572B6B3A78990EB8A5EAD28 ] SavRoam         C:\Programme\Symantec AntiVirus\SavRoam.exe
15:30:49.0390 2800  SavRoam - ok
15:30:49.0421 2800  [ A00D5AA4748A1002590F08AA00FC660D ] SAVRT           C:\Programme\Symantec AntiVirus\savrt.sys
15:30:49.0437 2800  SAVRT - ok
15:30:49.0437 2800  [ 1E805005583BE1C1568A3FCE259C81E3 ] SAVRTPEL        C:\Programme\Symantec AntiVirus\Savrtpel.sys
15:30:49.0453 2800  SAVRTPEL - ok
15:30:49.0468 2800  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
15:30:49.0562 2800  SCardSvr - ok
15:30:49.0593 2800  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
15:30:49.0687 2800  Schedule - ok
15:30:49.0718 2800  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:30:49.0796 2800  Secdrv - ok
15:30:49.0828 2800  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
15:30:49.0906 2800  seclogon - ok
15:30:49.0937 2800  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
15:30:50.0031 2800  SENS - ok
15:30:50.0046 2800  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
15:30:50.0109 2800  serenum - ok
15:30:50.0140 2800  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
15:30:50.0250 2800  Serial - ok
15:30:50.0265 2800  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
15:30:50.0359 2800  Sfloppy - ok
15:30:50.0390 2800  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
15:30:50.0500 2800  SharedAccess - ok
15:30:50.0515 2800  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:30:50.0546 2800  ShellHWDetection - ok
15:30:50.0546 2800  Simbad - ok
15:30:50.0593 2800  [ 443E397643965E08C5AB6A6CAA732B97 ] SNDSrvc         C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
15:30:50.0609 2800  SNDSrvc - ok
15:30:50.0609 2800  Sparrow - ok
15:30:50.0656 2800  [ C30FA11923892A4DBD1C747DB8492E8F ] SPBBCDrv        C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
15:30:50.0671 2800  SPBBCDrv - ok
15:30:50.0734 2800  [ EA07435C72A8534C3A8E02D87246E546 ] SPBBCSvc        C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
15:30:50.0796 2800  SPBBCSvc - ok
15:30:50.0812 2800  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
15:30:50.0906 2800  splitter - ok
15:30:50.0937 2800  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
15:30:50.0968 2800  Spooler - ok
15:30:51.0000 2800  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
15:30:51.0078 2800  sr - ok
15:30:51.0109 2800  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
15:30:51.0203 2800  srservice - ok
15:30:51.0250 2800  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
15:30:51.0343 2800  Srv - ok
15:30:51.0390 2800  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
15:30:51.0484 2800  SSDPSRV - ok
15:30:51.0515 2800  [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen        C:\WINDOWS\system32\drivers\StarOpen.sys
15:30:51.0515 2800  StarOpen ( UnsignedFile.Multi.Generic ) - warning
15:30:51.0515 2800  StarOpen - detected UnsignedFile.Multi.Generic (1)
15:30:51.0578 2800  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
15:30:51.0671 2800  stisvc - ok
15:30:51.0703 2800  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
15:30:51.0812 2800  swenum - ok
15:30:51.0843 2800  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
15:30:51.0937 2800  swmidi - ok
15:30:51.0953 2800  SwPrv - ok
15:30:52.0093 2800  [ 21CD3F25CF4C1BCC8A56068774E4952B ] Symantec AntiVirus C:\Programme\Symantec AntiVirus\Rtvscan.exe
15:30:52.0218 2800  Symantec AntiVirus - ok
15:30:52.0218 2800  symc810 - ok
15:30:52.0234 2800  symc8xx - ok
15:30:52.0296 2800  [ B3F8B9EAB2EBE205C0FE053FBA951D8C ] SymEvent        C:\Programme\Symantec\SYMEVENT.SYS
15:30:52.0328 2800  SymEvent - ok
15:30:52.0343 2800  [ 7C73B65F1BDFAB9052A5076C0CA622DE ] SYMREDRV        C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
15:30:52.0359 2800  SYMREDRV - ok
15:30:52.0421 2800  [ B4562798891DCA27ED67CA07ACBADBD9 ] SYMTDI          C:\WINDOWS\System32\Drivers\SYMTDI.SYS
15:30:52.0468 2800  SYMTDI - ok
15:30:52.0468 2800  sym_hi - ok
15:30:52.0468 2800  sym_u3 - ok
15:30:52.0484 2800  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
15:30:52.0593 2800  sysaudio - ok
15:30:52.0625 2800  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
15:30:52.0734 2800  SysmonLog - ok
15:30:52.0781 2800  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
15:30:52.0890 2800  TapiSrv - ok
15:30:52.0921 2800  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:30:52.0968 2800  Tcpip - ok
15:30:53.0000 2800  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
15:30:53.0078 2800  TDPIPE - ok
15:30:53.0093 2800  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
15:30:53.0187 2800  TDTCP - ok
15:30:53.0296 2800  [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7     C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
15:30:53.0453 2800  TeamViewer7 - ok
15:30:53.0468 2800  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
15:30:53.0562 2800  TermDD - ok
15:30:53.0578 2800  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
15:30:53.0703 2800  TermService - ok
15:30:53.0718 2800  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
15:30:53.0734 2800  Themes - ok
15:30:53.0765 2800  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
15:30:53.0859 2800  TlntSvr - ok
15:30:53.0921 2800  [ 83682F469A3D65E8B6F06C28212318BD ] TomTomHOMEService C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
15:30:53.0937 2800  TomTomHOMEService - ok
15:30:53.0937 2800  TosIde - ok
15:30:53.0968 2800  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
15:30:54.0062 2800  TrkWks - ok
15:30:54.0109 2800  [ 84ABDD88E8AA95FABEC5D5772AF1B78C ] TuneUp.Defrag   C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
15:30:54.0140 2800  TuneUp.Defrag - ok
15:30:54.0187 2800  [ FD644D4E1D7B7150F5FE0005F9327EFE ] TuneUp.UtilitiesSvc C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
15:30:54.0234 2800  TuneUp.UtilitiesSvc - ok
15:30:54.0265 2800  [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
15:30:54.0265 2800  TuneUpUtilitiesDrv - ok
15:30:54.0296 2800  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
15:30:54.0375 2800  Udfs - ok
15:30:54.0375 2800  ultra - ok
15:30:54.0484 2800  [ 2F2F22828C385DF3480DEED9FD9C7F46 ] UNS             C:\Programme\Intel\AMT\UNS.exe
15:30:54.0593 2800  UNS - ok
15:30:54.0625 2800  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
15:30:54.0734 2800  Update - ok
15:30:54.0765 2800  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
15:30:54.0859 2800  upnphost - ok
15:30:54.0890 2800  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
15:30:54.0968 2800  UPS - ok
15:30:54.0984 2800  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:30:55.0078 2800  usbccgp - ok
15:30:55.0109 2800  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:30:55.0203 2800  usbehci - ok
15:30:55.0203 2800  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:30:55.0312 2800  usbhub - ok
15:30:55.0343 2800  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:30:55.0421 2800  USBSTOR - ok
15:30:55.0453 2800  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:30:55.0531 2800  usbuhci - ok
15:30:55.0546 2800  [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
15:30:55.0640 2800  usb_rndisx - ok
15:30:55.0671 2800  [ D25D99FC996A560CBDF47B3A98056501 ] UxTuneUp        C:\WINDOWS\System32\uxtuneup.dll
15:30:55.0687 2800  UxTuneUp - ok
15:30:55.0703 2800  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
15:30:55.0781 2800  VgaSave - ok
15:30:55.0781 2800  ViaIde - ok
15:30:55.0781 2800  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
15:30:55.0875 2800  VolSnap - ok
15:30:55.0921 2800  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
15:30:56.0031 2800  VSS - ok
15:30:56.0046 2800  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
15:30:56.0140 2800  W32Time - ok
15:30:56.0171 2800  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:30:56.0265 2800  Wanarp - ok
15:30:56.0296 2800  [ 4769596D7CC0F5FA447D2BABC239672A ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
15:30:56.0328 2800  Wdf01000 - ok
15:30:56.0343 2800  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
15:30:56.0421 2800  wdmaud - ok
15:30:56.0453 2800  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
15:30:56.0531 2800  WebClient - ok
15:30:56.0609 2800  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
15:30:56.0703 2800  winmgmt - ok
15:30:56.0734 2800  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
15:30:56.0765 2800  WmdmPmSN - ok
15:30:56.0781 2800  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
15:30:56.0828 2800  Wmi - ok
15:30:56.0843 2800  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:30:56.0937 2800  WmiApSrv - ok
15:30:57.0015 2800  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
15:30:57.0109 2800  WMPNetworkSvc - ok
15:30:57.0125 2800  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:30:57.0156 2800  WpdUsb - ok
15:30:57.0218 2800  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:30:57.0265 2800  WPFFontCache_v0400 - ok
15:30:57.0296 2800  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
15:30:57.0390 2800  wscsvc - ok
15:30:57.0390 2800  WSearch - ok
15:30:57.0406 2800  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
15:30:57.0500 2800  wuauserv - ok
15:30:57.0531 2800  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:30:57.0593 2800  WudfPf - ok
15:30:57.0609 2800  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:30:57.0640 2800  WudfRd - ok
15:30:57.0671 2800  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
15:30:57.0687 2800  WudfSvc - ok
15:30:57.0734 2800  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
15:30:57.0859 2800  WZCSVC - ok
15:30:57.0875 2800  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
15:30:57.0968 2800  xmlprov - ok
15:30:57.0984 2800  ================ Scan global ===============================
15:30:58.0015 2800  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
15:30:58.0046 2800  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
15:30:58.0078 2800  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
15:30:58.0093 2800  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
15:30:58.0093 2800  [Global] - ok
15:30:58.0093 2800  ================ Scan MBR ==================================
15:30:58.0109 2800  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
15:30:58.0343 2800  \Device\Harddisk0\DR0 - ok
15:30:58.0343 2800  ================ Scan VBR ==================================
15:30:58.0359 2800  [ D9AB17704452A1BEF0DF5830719C6190 ] \Device\Harddisk0\DR0\Partition1
15:30:58.0359 2800  \Device\Harddisk0\DR0\Partition1 - ok
15:30:58.0359 2800  ============================================================
15:30:58.0359 2800  Scan finished
15:30:58.0359 2800  ============================================================
15:30:58.0468 3656  Detected object count: 4
15:30:58.0468 3656  Actual detected object count: 4
15:32:12.0718 3656  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:12.0718 3656  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:32:12.0718 3656  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:12.0718 3656  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:32:12.0718 3656  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:12.0718 3656  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:32:12.0718 3656  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:12.0718 3656  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 


 hier steht das Log

cosinus · 19.10.2012, 15:26

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

himbeertoni2 · 19.10.2012, 16:12

Auch erledigt

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 12-10-18.03 - info 19.10.2012  16:35:58.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2005.1018 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\info\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\info\Anwendungsdaten\1&1
C:\Thumbs.db
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\msstdfmt.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-19 bis 2012-10-19  ))))))))))))))))))))))))))))))
.
.
2012-10-18 09:47 . 2012-10-18 09:47	--------	d-----w-	c:\programme\ESET
2012-10-15 16:14 . 2012-10-15 16:14	--------	d-----w-	c:\dokumente und einstellungen\info\Lokale Einstellungen\Anwendungsdaten\Avg2013
2012-10-15 08:09 . 2012-10-15 08:09	--------	d-----w-	c:\dokumente und einstellungen\info\Anwendungsdaten\Malwarebytes
2012-10-15 08:02 . 2012-10-15 08:02	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-10-15 08:02 . 2012-09-29 17:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-15 08:02 . 2012-10-18 11:26	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-10-15 07:21 . 2012-10-15 16:31	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\MFAData
2012-10-15 07:21 . 2012-10-15 07:21	--------	d--h--w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Common Files
2012-10-15 07:21 . 2012-10-15 07:21	--------	d-----w-	c:\dokumente und einstellungen\info\Lokale Einstellungen\Anwendungsdaten\MFAData
2012-10-13 08:47 . 2012-10-19 10:39	--------	d-----w-	C:\Google Drive
2012-10-11 12:21 . 2012-10-11 12:21	--------	d-----w-	c:\dokumente und einstellungen\info\Anwendungsdaten\anpo.republika.pl
2012-10-11 12:19 . 2012-10-11 12:19	--------	d-----w-	c:\dokumente und einstellungen\info\Anwendungsdaten\fltk.org
2012-10-11 12:09 . 2012-10-11 12:09	98304	--sha-r-	c:\windows\system32\gsrvctr4.dll
2012-10-08 08:49 . 2012-10-13 08:04	--------	d-----w-	c:\dokumente und einstellungen\info\Anwendungsdaten\EurekaLog
2012-10-04 09:02 . 2012-10-04 09:02	--------	d-----w-	c:\programme\Garmin GPS Plugin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 12:02 . 2012-04-11 09:32	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-09 12:02 . 2011-09-23 15:01	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-03 13:26 . 2012-09-03 13:32	8265728	----a-w-	c:\windows\system32\H264IPPDLL.dll
2012-09-03 13:26 . 2012-09-03 13:32	790528	----a-w-	c:\windows\system32\TestDLL_VC5.dll
2012-09-03 13:26 . 2012-09-03 13:32	29	----a-w-	c:\windows\system32\REG.BAT
2012-09-03 13:26 . 2012-09-03 13:32	288768	----a-w-	c:\windows\system32\FLVDecoder.ax
2012-08-28 15:05 . 2004-08-16 18:30	916992	----a-w-	c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2004-08-16 18:18	43520	------w-	c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2004-08-16 18:17	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-16 18:16	385024	------w-	c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-16 18:31	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-08-23 06:26 . 2004-08-16 18:22	2151424	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-23 06:26 . 2004-08-04 00:50	2030080	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-06 15:38 . 2012-09-08 07:18	577536	----a-w-	c:\windows\system32\ChilkatCsv.dll
2012-10-13 13:22 . 2012-10-13 13:21	261600	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-10-02 07:42	556056	----a-w-	c:\programme\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-10-02 07:42	556056	----a-w-	c:\programme\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-10-02 07:42	556056	----a-w-	c:\programme\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-10-02 07:42	556056	----a-w-	c:\programme\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\programme\TomTom HOME 2\TomTomHOMERunner.exe" [2012-04-20 247728]
"GoogleDriveSync"="c:\programme\Google\Drive\googledrivesync.exe" [2012-10-02 15687032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2005-04-18 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-05-04 85600]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HTC Sync Loader"="c:\programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"atchk"="c:\programme\Intel\AMT\atchk.exe"
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"SoundMAXPnP"=c:\programme\Analog Devices\Core\smax4pnp.exe
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiSpyWareDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [15.10.2012 10:02 399432]
R2 PassThru Service;Internet Pass-Through Service;c:\programme\HTC\Internet Pass-Through\PassThruSvr.exe [12.08.2011 17:13 87040]
R2 TeamViewer7;TeamViewer 7;c:\programme\TeamViewer\Version7\TeamViewer_Service.exe [16.07.2012 16:31 2673064]
R2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [20.04.2012 07:59 92592]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [15.07.2011 11:38 1052480]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\programme\Intel\AMT\UNS.exe [13.01.2010 13:16 2525720]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 07:24 10064]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [15.10.2012 10:02 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [11.04.2012 11:32 250808]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [24.09.2011 10:08 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22.06.2010 18:01 21248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [15.10.2012 10:02 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [10.05.2012 17:28 115168]
S3 SavRoam;SAVRoam;c:\programme\Symantec AntiVirus\SavRoam.exe [04.05.2005 11:06 128608]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 22208474
*Deregistered* - 22208474
*Deregistered* - EraserUtilDrv11220
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 12:02]
.
2012-10-18 c:\windows\Tasks\dagbh.job
- c:\windows\system32\gsrvctr4.dll [2012-10-11 12:09]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-11-07 18:22]
.
2012-10-19 c:\windows\Tasks\User_Feed_Synchronization-{C64888E2-EC42-4C39-97CC-CA31003B95E5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchAssistant = hxxp://www.google.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.121.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\dokumente und einstellungen\info\Anwendungsdaten\Mozilla\Firefox\Profiles\n8wx67ew.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-19 16:39
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2012-10-19  16:54:51
ComboFix-quarantined-files.txt  2012-10-19 14:54

.
Vor Suchlauf: 11 Verzeichnis(se), 43.545.698.304 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 44.918.468.608 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 10E56094A9F34260D150933EFBE39D70
         
 --- --- ---

cosinus · 19.10.2012, 16:50

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

himbeertoni2 · 20.10.2012, 08:42

Step1 GMER erledigt

Code:

ATTFilter

GMER Logfile:

	Code: 

 ATTFilter

  
	GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-20 09:33:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD800JD-75MSA3 rev.10.01E04
Running: 9c1mte99.exe; Driver: C:\DOKUME~1\info\LOKALE~1\Temp\fgtdapob.sys


---- System - GMER 1.0.15 ----

SSDT            8A71E528                                        ZwConnectPort

Code            \??\C:\DOKUME~1\info\LOKALE~1\Temp\catchme.sys  pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS      Das System kann die angegebene Datei nicht finden. !
?               C:\DOKUME~1\info\LOKALE~1\Temp\catchme.sys      Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                          SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                        SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                       SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                       SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                     SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                        fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                        SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
         
 --- --- ---

Osam auch erledigt

Code:

ATTFilter

 OSAM Logfile:

	Code: 

 ATTFilter

  
	Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 09:52:10 on 20.10.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 16.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"dagbh.job" - ? - C:\WINDOWS\system32\gsrvctr4.dll  (File is exclusively opened, access blocked | File found, but it contains no detailed information)
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP1.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\DOKUME~1\info\LOKALE~1\Temp\catchme.sys  (File not found)
"EraserUtilDrv11220" (EraserUtilDrv11220) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
"fgtdapob" (fgtdapob) - ? - C:\DOKUME~1\info\LOKALE~1\Temp\fgtdapob.sys  (Hidden registry entry, rootkit activity | File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20121019.002\naveng.sys
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20121019.002\navex15.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"SAVRT" (SAVRT) - "Symantec Corporation" - C:\Programme\Symantec AntiVirus\savrt.sys
"SAVRTPEL" (SAVRTPEL) - "Symantec Corporation" - C:\Programme\Symantec AntiVirus\Savrtpel.sys
"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Programme\Symantec\SYMEVENT.SYS
"SYMREDRV" (SYMREDRV) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
"SYMTDI" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMTDI.SYS
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
{BDA77241-42F6-11d0-85E2-00AA001FE28C} "VpshellEx Class" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} "DellSystemLite.Scanner" - ? - C:\WINDOWS\Downloaded Program Files\DellSystemLite.ocx / hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
Garmin Communicator Plug-In "Garmin Communicator Plug-In" - ? -   (File not found | COM-object registry key not found) / https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash32_11_4_402_287.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\info\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"GoogleDriveSync" - "Google" - "C:\Programme\Google\Drive\googledrivesync.exe" /autostart
"TomTomHOME.exe" - "TomTom" - "C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"ccApp" - "Symantec Corporation" - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
"FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe
"GrooveMonitor" - "Microsoft Corporation" - "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"HTC Sync Loader" - ? - "C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"vptray" - "Symantec Corporation" - C:\PROGRA~1\SYMANT~1\VPTray.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Intel(R) Active Management Technology Local Management Service" (LMS) - "Intel" - C:\Programme\Intel\AMT\LMS.exe
"Intel(R) Active Management Technology System Status Service" (atchksrv) - "Intel Corporation" - C:\Programme\Intel\AMT\atchksrv.exe
"Intel(R) Active Management Technology User Notification Service" (UNS) - "Intel" - C:\Programme\Intel\AMT\UNS.exe
"Internet Pass-Through Service" (PassThru Service) - ? - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll
"NMSAccess" (NMSAccess) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll
"SAVRoam" (SavRoam) - "symantec" - C:\Programme\Symantec AntiVirus\SavRoam.exe
"Symantec AntiVirus" (Symantec AntiVirus) - "Symantec Corporation " - C:\Programme\Symantec AntiVirus\Rtvscan.exe
"Symantec AntiVirus Definition Watcher" (DefWatch) - "Symantec Corporation" - C:\Programme\Symantec AntiVirus\DefWatch.exe
"Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
"Symantec Network Drivers Service" (SNDSrvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
"Symantec Password Validation" (ccPwdSvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
"Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
"Symantec SPBBCSvc" (SPBBCSvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"NavLogon" - "Symantec Corporation" - C:\WINDOWS\system32\NavLogon.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
 --- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR auch ausgeführt, hier wurde was gefunden und rot markiert im Programm
10:06:06.390 File: C:\WINDOWS\system32\gsrvctr4.dll **INFECTED** Win32:Crypt-NYP [Trj]

Code:

ATTFilter

 


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-20 09:57:08
-----------------------------
09:57:08.812    OS Version: Windows 5.1.2600 Service Pack 3
09:57:08.812    Number of processors: 2 586 0xF0B
09:57:08.812    ComputerName: USER9  UserName: info
09:57:09.187    Initialize success
10:00:50.046    AVAST engine defs: 12101901
10:02:48.250    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
10:02:48.250    Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
10:02:48.281    Disk 0 MBR read successfully
10:02:48.281    Disk 0 MBR scan
10:02:48.312    Disk 0 Windows XP default MBR code
10:02:48.328    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76293 MB offset 63
10:02:48.359    Disk 0 scanning sectors +156248190
10:02:48.546    Disk 0 scanning C:\WINDOWS\system32\drivers
10:03:17.515    Service scanning
10:03:33.062    Modules scanning
10:04:01.859    Disk 0 trace - called modules:
10:04:01.875    ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 
10:04:01.875    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8c0ab8]
10:04:01.890    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x8a8c4d98]
10:04:02.281    AVAST engine scan C:\WINDOWS
10:04:53.109    AVAST engine scan C:\WINDOWS\system32
10:06:06.390    File: C:\WINDOWS\system32\gsrvctr4.dll  **INFECTED** Win32:Crypt-NYP [Trj]
10:12:20.609    AVAST engine scan C:\WINDOWS\system32\drivers
10:13:13.265    AVAST engine scan C:\Dokumente und Einstellungen\info
10:21:51.281    AVAST engine scan C:\Dokumente und Einstellungen\All Users
10:23:39.500    Scan finished successfully
10:24:48.312    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\info\Desktop\MBR.dat"
10:24:48.328    The log file has been saved successfully to "C:\Dokumente und Einstellungen\info\Desktop\aswMBR.txt"

cosinus · 21.10.2012, 12:04

Hm, tatsächlich, diese Datei ist mir nicht aufgefallen

Code:

ATTFilter

C:\WINDOWS\system32\gsrvctr4.dll

Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

himbeertoni2 · 22.10.2012, 08:15

Moin, moin,
Klappt leider nicht, es steht schon eine viertel Stunde und zwar:

Uploading file...

Please wait, do not close the window until the upload ends.

The time required for this operation depends on the file size, the net load and your connection speed.

Computing hash...

Virenscanner ist aus.
Entweder mach ich was falsch, oder die Seite funktioniert nicht.

Der Fortschrittsbalken läuft auch nicht los.

cosinus · 22.10.2012, 11:30

Mach bitte einen OTL-Fix mit diesem Script:

Code:

ATTFilter

:Files
C:\WINDOWS\system32\gsrvctr4.dll
:Commands
[emptytemp]

himbeertoni2 · 22.10.2012, 11:55

Ich sag mal ganz vorsichtig und leise: Yappadappaduh!
Hab grad mal gegoogelt und er hat sich ordentlich verhalten.
Sollte der Trojaner weiter zum nächsten armen Würstchen gezogen sein?

Grüße

Code:

ATTFilter



All processes killed
========== FILES ==========
C:\WINDOWS\system32\gsrvctr4.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: info
->Temp folder emptied: 75874800 bytes
->Temporary Internet Files folder emptied: 62401490 bytes
->Java cache emptied: 286075 bytes
->FireFox cache emptied: 238629813 bytes
->Google Chrome cache emptied: 6390938 bytes
->Flash cache emptied: 58364 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 373795 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134333 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33251 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 368,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10222012_124131

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\ExchangePerflog_8484fa31e5afde6bcfcccd43.dat moved successfully.
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRF{08D86AAA-B8F9-41AA-9B48-CA033E2A2D05}.tmp moved successfully.
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{566ED568-B76B-4463-8925-401CF128D8D6}.tmp moved successfully.
File\Folder C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{775AF0E1-B1F2-496E-9061-391C9E0631AB}.tmp not found!
File\Folder C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{AA710315-D5DD-4A73-B796-366FC5C27C8A}.tmp not found!
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{AA8778B9-7E90-4BE6-940D-EB81705D36F6}.tmp moved successfully.
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{C3166E29-E135-4407-8ADD-900D8BE5195D}.tmp moved successfully.
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{E7C4EA87-E60F-4414-9359-82F6176786AE}.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 22.10.2012, 12:25

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

himbeertoni2 · 22.10.2012, 12:45

Erledigt...

cosinus · 22.10.2012, 13:30

Danke, hier ist die Zecke

=> https://www.virustotal.com/file/99f8...is/1350908865/

Noch schlechte Erkennungsraten

Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

22.10.2012, 11:30	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Falsche Seiten bei Internetexplorer und Firefox werden aufgerufen Mach bitte einen OTL-Fix mit diesem Script: Code: ATTFilter :Files C:\WINDOWS\system32\gsrvctr4.dll :Commands [emptytemp] __________________ Logfiles bitte immer in CODE-Tags posten

Falsche Seiten bei Internetexplorer und Firefox werden aufgerufen

Plagegeister aller Art und deren Bekämpfung: Falsche Seiten bei Internetexplorer und Firefox werden aufgerufen