GMX Abuse meldet mir Infizierung mit Virus "Zeus"

cosinus · 26.04.2013, 09:12

Ja probier bitte aus

Costanzo · 26.04.2013, 09:28

Zitat:

Zitat von cosinus

Ja probier bitte aus

Ok, Wiederherstellung Montag scheint zu funktionieren.

cosinus · 26.04.2013, 09:58

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Costanzo · 26.04.2013, 10:43

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Microsoft Windows XP x86
Ran by elsaesser on 26.04.2013 at 11:15:46.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1529201136-1576731350-2773778870-1129\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\nctaudiocdgrabber2.dll



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\mozilla\firefox\profiles\srkvwtv1.default\user.js
Emptied folder: C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\mozilla\firefox\profiles\srkvwtv1.default\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.04.2013 at 11:20:26.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADW Cleaner:

Code:

ATTFilter

# AdwCleaner v2.202 - Datei am 26/04/2013 um 11:23:47 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 2 (32 bits)
# Benutzer : elsaesser - HP-LABOR-4
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\elsaesser\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

***** [Internet Browser] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Firefox\Profiles\srkvwtv1.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Dokumente und Einstellungen\traxler\Anwendungsdaten\Mozilla\Firefox\Profiles\l4b9jhkl.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Dokumente und Einstellungen\werkcad\Anwendungsdaten\Mozilla\Firefox\Profiles\p7kft8qd.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ioov3c3d.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v9.0.597.94

Datei : C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2066 octets] - [26/04/2013 11:23:47]

########## EOF - C:\AdwCleaner[S1].txt - [2126 octets] ##########

OTL:

Code:

ATTFilter

OTL logfile created on: 26.04.2013 11:31:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\elsaesser\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.98% Memory free
3.84 Gb Paging File | 3.57 Gb Available in Paging File | 92.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232.88 Gb Total Space | 200.69 Gb Free Space | 86.18% Space Free | Partition Type: NTFS
Drive P: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
Drive Q: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
Drive R: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
Drive T: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
Drive U: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
Drive V: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
Drive W: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
Drive X: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
Drive Z: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
 
Computer Name: HP-LABOR-4 | User Name: elsaesser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\elsaesser\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Norman\Nse\Bin\nsesvc.exe (Norman ASA)
PRC - C:\Programme\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Programme\Norman\Npm\Bin\zlh.exe (Norman ASA)
PRC - C:\Programme\Norman\Nvc\Bin\nvcoas.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\nvoy.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\zanda.exe (Norman ASA)
PRC - C:\Programme\Norman\Nvc\Bin\nip.exe (Norman ASA)
PRC - C:\Programme\Norman\Nvc\Bin\cclaw.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\njeeves.exe ()
PRC - C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA)
PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\Programme\Norman\Npm\Bin\njeeves.exe ()
MOD - C:\Programme\Norman\Nvc\Bin\ndlg.dll ()
MOD - C:\Programme\Norman\Npm\Bin\noemrc.dll ()
MOD - C:\Programme\Norman\Npm\Bin\nqtcore4.dll ()
MOD - C:\Programme\Norman\Npm\Bin\lua.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (nsesvc) -- C:\Programme\Norman\Nse\Bin\nsesvc.exe (Norman ASA)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (NormanZfr) -- C:\Programme\Norman\Npm\Bin\zfr.exe (Norman ASA)
SRV - (nvcoas) -- C:\Programme\Norman\Nvc\Bin\nvcoas.exe (Norman ASA)
SRV - (NVOY) -- C:\Programme\Norman\Npm\Bin\nvoy.exe (Norman ASA)
SRV - (Norman ZANDA) -- C:\Programme\Norman\Npm\Bin\zanda.exe (Norman ASA)
SRV - (Norman NJeeves) -- C:\Programme\Norman\Npm\Bin\njeeves.exe ()
SRV - (Scheduler) -- C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA)
SRV - (eLoggerSvc6) -- C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA)
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (msvsmon90) -- C:\Programme\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (pdfcDispatcher) -- C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (TetaSCDevice) -- C:\WINDOWS\system32\tetascop.SYS File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (FTD2XX) -- System32\Drivers\FTD2XX.sys File not found
DRV - (Changer) --  File not found
DRV - (NvcMFlt) -- C:\WINDOWS\system32\drivers\nvcw32mf.sys (Norman ASA)
DRV - (Ndiskio) -- C:\Programme\Norman\Nse\Bin\ndiskio.sys (Norman ASA)
DRV - (nnetsec) -- C:\WINDOWS\system32\drivers\nnetsec.sys (Norman ASA)
DRV - (NNetSecC) -- C:\Programme\Norman\Ngs\Bin\nnetsecc.sys (Norman ASA)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (NGS) -- c:\Programme\Norman\Ngs\Bin\ngs.sys (Norman ASA)
DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (VirtualCom) -- C:\WINDOWS\system32\drivers\glvsp.sys (OEM(CI))
DRV - (npdrv) -- C:\WINDOWS\system32\drivers\npdrv.sys (Moxa Technologies Co., Ltd. )
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel(R) Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel(R) Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel(R) Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel(R) Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel(R) Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel(R) Corporation)
DRV - (Sentinel) -- C:\WINDOWS\system32\drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (Symmpi) -- C:\WINDOWS\system32\drivers\symmpi.sys (LSI Logic)
DRV - (SSIPDDP) -- C:\WINDOWS\system32\drivers\SSIPDDP.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1529201136-1576731350-2773778870-1129\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1529201136-1576731350-2773778870-1129\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1529201136-1576731350-2773778870-1129\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1529201136-1576731350-2773778870-1129\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1529201136-1576731350-2773778870-1129\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ch"
FF - prefs.js..extensions.enabledAddons: en-GB%40dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:1.3.1
FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0
FF - prefs.js..extensions.enabledAddons: %7B9d1f059c-cada-4111-9696-41a62d64e3ba%7D:0.10.0.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\programme\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.02.01 10:08:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.14 12:32:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.25 08:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.02.01 10:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2013.02.25 08:47:19 | 000,000,000 | ---D | M]
 
[2010.10.27 08:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Extensions
[2010.10.27 08:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.03 17:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Firefox\Profiles\srkvwtv1.default\extensions
[2012.12.03 17:48:46 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Firefox\Profiles\srkvwtv1.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2012.10.26 13:30:49 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Firefox\Profiles\srkvwtv1.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.11.30 16:31:32 | 000,025,781 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Firefox\Profiles\srkvwtv1.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2012.10.26 13:30:47 | 000,021,093 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Firefox\Profiles\srkvwtv1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2008.08.27 08:42:46 | 000,001,660 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Firefox\Profiles\srkvwtv1.default\searchplugins\leo-deu-eng.xml
[2012.11.30 16:31:53 | 000,001,330 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Firefox\Profiles\srkvwtv1.default\searchplugins\wikipedia-en.xml
[2013.01.14 12:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.14 12:31:59 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2013.02.01 10:07:55 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll
[2013.01.14 12:31:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.14 12:31:56 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2013.01.14 12:31:56 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.14 12:31:56 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.14 12:31:56 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.14 12:31:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
 
O1 HOSTS File: ([2013.04.25 13:41:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Norman ZANDA] C:\Programme\Norman\npm\bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1529201136-1576731350-2773778870-1129..\Run: [Zoubyd] C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Nyev\buac.exe (InnoTech Co. Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\Rohner\Startmenü\Programme\Autostart\AOM.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Web\AOM.exe (Adobe Systems, Incorporated)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1529201136-1576731350-2773778870-1129\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = UNITONAG.intra
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64DE5CA8-5EBE-4D7E-9F58-2752C0D78815}: NameServer = 192.168.1.6,0.0.0.0
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.13 13:26:36 | 000,001,120 | ---- | M] () - Q:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.01.26 12:27:12 | 000,000,000 | ---D | M] - Z:\AutoCAD -- [ NTFS ]
O32 - AutoRun File - [2007.07.16 11:02:02 | 000,000,000 | ---D | M] - Z:\autosketch -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.26 11:15:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.04.26 11:14:06 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.26 11:12:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\OTL.exe
[2013.04.26 11:11:35 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\JRT.exe
[2013.04.26 10:21:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.04.26 10:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\WINDOWS
[2013.04.26 10:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2013.04.26 10:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\images
[2013.04.26 10:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\html
[2013.04.25 13:56:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013.04.25 13:33:26 | 000,000,000 | ---D | C] -- C:\cmdcons
[2013.04.25 13:18:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.25 13:18:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.04.24 08:05:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.04.24 08:05:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.04.22 15:25:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\elsaesser\Desktop\DMAX Soft Version 2.16 Beta 2
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.26 11:31:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.26 11:29:02 | 000,018,642 | ---- | M] () -- C:\WINDOWS\UEDIT32.INI
[2013.04.26 11:27:29 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1529201136-1576731350-2773778870-1129.job
[2013.04.26 11:27:29 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1529201136-1576731350-2773778870-1129.job
[2013.04.26 11:27:10 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1529201136-1576731350-2773778870-1129.job
[2013.04.26 11:27:07 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.26 11:27:05 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_elsaesser.job
[2013.04.26 11:26:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.26 11:26:00 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.26 11:12:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\OTL.exe
[2013.04.26 11:12:29 | 000,619,461 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\adwcleaner.exe
[2013.04.26 11:11:36 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\JRT.exe
[2013.04.26 11:09:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.04.26 09:51:50 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\sysdata.xml
[2013.04.26 09:30:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.04.26 08:41:51 | 000,500,102 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.26 08:41:51 | 000,482,434 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.26 08:41:51 | 000,086,974 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.26 08:41:50 | 000,100,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.25 13:41:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.04.24 10:10:00 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\defogger_reenable
[2013.04.22 18:11:37 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_elsaesser.job
[2013.04.22 18:09:02 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_elsaesser.job
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.26 11:12:29 | 000,619,461 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\adwcleaner.exe
[2013.04.26 10:24:46 | 2138,365,952 | -HS- | C] () -- C:\hiberfil.sys
[2013.04.26 09:51:50 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\sysdata.xml
[2013.04.25 13:33:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.04.25 13:33:29 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.04.24 10:10:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\defogger_reenable
[2013.04.22 18:09:01 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_elsaesser.job
[2013.04.22 18:09:01 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_elsaesser.job
[2013.04.22 18:09:00 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_elsaesser.job
[2013.04.22 15:24:58 | 045,407,693 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\DMAX Soft Version 2.16 Beta 2.zip
[2011.09.14 16:45:18 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2011.06.24 14:03:34 | 000,002,164 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\.recently-used.xbel
[2011.05.12 16:12:19 | 000,000,236 | ---- | C] () -- C:\WINDOWS\DsmDwnld.INI
[2011.05.12 16:08:48 | 000,000,063 | ---- | C] () -- C:\WINDOWS\DSMProgrammer.INI
[2011.05.12 13:20:45 | 000,000,024 | ---- | C] () -- C:\WINDOWS\C63.INI
[2009.02.26 17:01:58 | 000,019,938 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\MPS Icon 24x24 bis 128x128#.2009_02_26_16_01_58.1
[2009.02.26 17:01:58 | 000,014,466 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Neues Dokument 1.2009_02_26_16_01_58.0
[2009.01.21 18:29:48 | 000,191,440 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2008.12.17 09:47:30 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.11 10:07:20 | 000,179,545 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\debuggee.mdmp
[2008.05.08 09:28:27 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.05.06 07:59:33 | 000,002,412 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2008.05.05 01:37:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2006.02.28 14:00:00 | 001,492,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004.08.04 09:57:20 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004.08.04 09:57:38 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 26.04.2013 11:31:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\elsaesser\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.98% Memory free
3.84 Gb Paging File | 3.57 Gb Available in Paging File | 92.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232.88 Gb Total Space | 200.69 Gb Free Space | 86.18% Space Free | Partition Type: NTFS
Drive P: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
Drive Q: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
Drive R: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
Drive T: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
Drive U: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
Drive V: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
Drive W: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
Drive X: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
Drive Z: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS
 
Computer Name: HP-LABOR-4 | User Name: elsaesser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- C:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.txt [@ = UltraEdit.txt] -- C:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
 
[HKEY_USERS\S-1-5-21-1529201136-1576731350-2773778870-1129\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\mcuez\prog\motpm.exe" = C:\Programme\mcuez\prog\motpm.exe:*:Enabled:motpm
"C:\Programme\mcuez\prog\mcuez.exe" = C:\Programme\mcuez\prog\mcuez.exe:*:Enabled:MCUez EXE -- (Motorola)
"C:\Programme\mcuez\prog\Launcher.exe" = C:\Programme\mcuez\prog\Launcher.exe:*:Enabled:Launcher
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio Data Module
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD Plus
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B92A11C-F48F-430A-AB8D-3F7CA80669CD}" = SDMSSplash
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5757AE1A-1DB4-4898-9806-09F77FBD5E57}" = MSDN Library for Visual Studio .NET 2003
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{860CEC95-75B3-461F-B0C6-0BD96B0C4A14}" = PMD Software Suite
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8BD1F2E9-AE66-4E1B-8B09-BECFF831C905}" = Norman Endpoint Protection
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio Audio Module
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B02F7022-0267-4D7E-94AE-E57A99162E77}" = MPS Tools
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio Copy Module
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B461FE96-6E19-44E6-A621-938493D9AF35}" = MPS Software Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C152E341-135F-4F23-BF0C-D593C04A7D18}" = PMD Tools
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF787A9E-CFB5-42A0-A490-2C169DB7C1F5}" = SigmaStudio 3.0
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FEF07CF4-5834-4AF1-9DEA-9EE94B53C6EB}" = PhotoS
"7-Zip" = 7-Zip 4.62
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutoSketch v5.0" = AutoSketch
"BC2_is1" = Beyond Compare Version 2.5.3
"Cool Edit 2000" = Cool Edit 2000
"Cool Edit 96" = Cool Edit 96
"CW6812BDeinstKey" = IAR 68HC12 C-SPY BDM-Debugger
"Diagram Designer" = Diagram Designer
"DMAX Software Suite" = DMAX Software Suite
"DMAX Tools" = DMAX Tools
"EW6812DeinstKey" = IAR 6812 Embedded Workbench
"Fotosizer" = Fotosizer 1.18
"FotoSketcher_is1" = FotoSketcher - Version 1.6
"FreePDF_XP" = FreePDF (Remove only)
"FT_INF" = FT_INF
"FuH_Docklight_V1_7_is1" = Docklight V1.7
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HelpNDoc_is1" = HelpNDoc 2.6.0.74 Standard Edition
"HTML Help Workshop" = HTML Help Workshop
"IconWorkshop" = Axialis IconWorkshop 6.31
"Inkscape" = Inkscape 0.48.0
"Install Creator Pro" = Install Creator Pro
"Install Maker Pro" = Install Maker Pro
"IrfanView" = IrfanView (remove only)
"Lexmark Printer Software Uninstall" = Lexmark Drucker-Software deinstallieren
"MCUez for  HC12 Development Tools" = MCUez for HC12 Development Tools
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MProg 3.0a" = MProg 3.0a
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"NetMos Technology" = NetMos Multi-IO Controller
"NPort Administration Suite_is1" = NPort Administration Suite Ver1.10
"Office8.0" = Microsoft Office 97, Professional Edition
"Orcad Family Release 9.2 Standalone" = Orcad Family Release 9.2 Standalone
"PDF Complete" = PDF Complete
"Photo To Sketch_is1" = Photo To Sketch 3.51
"PhotoFiltre" = PhotoFiltre
"PMPSoft" = PMPSoft
"PrintKey2000" = PrintKey2000
"Professional Screen Saver Producer" = Axialis Professional Screen Saver Producer 3.6
"PSPad editor_is1" = PSPad editor
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 16.0" = RealPlayer
"Realterm" = Realterm 2.0.0.43
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SLSSoft" = SLSSoft
"Unlocker" = Unlocker 1.8.5
"Visual C++ 6.0 Professional Edition" = Microsoft Visual C++ 6.0 Professional Edition
"Visual Studio .NET Professional 2003 - English" = Microsoft Visual Studio .NET Professional 2003 - English
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.0
"WIC" = Windows Imaging Component
"WinGimp-2.0_is1" = GIMP 2.6.11
"Winmail Opener" = Winmail Opener 1.4
"WinPcapInst" = WinPcap 4.0.2
"Wireshark" = Wireshark 0.99.7
"XnView_is1" = XnView 1.94.2
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1529201136-1576731350-2773778870-1129\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DMAX Adjust" = DMAX Adjust
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.05.2009 07:28:03 | Computer Name = HP-LABOR-4 | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.3053 - Schwerwiegender Fehler im Ausführungsmodul
 (7A2E0F92) (0).
 
Error - 11.06.2009 07:01:49 | Computer Name = HP-LABOR-4 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung cspy.exe, Version 2.0.0.17, fehlgeschlagenes
 Modul b6812.cdr, Version 2.1.0.2, Fehleradresse 0x00015546.
 
Error - 03.07.2009 03:15:33 | Computer Name = HP-LABOR-4 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dmax sound.exe, Version 1.0.0.1, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000064.
 
Error - 08.07.2009 02:19:08 | Computer Name = HP-LABOR-4 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul ntdll.dll, Version 5.1.2600.2180, Fehleradresse 0x00064ed1.
 
Error - 10.07.2009 04:18:27 | Computer Name = HP-LABOR-4 | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.3053 - Schwerwiegender Fehler im Ausführungsmodul
 (7A097706) (80131506).
 
Error - 10.07.2009 04:18:43 | Computer Name = HP-LABOR-4 | Source = Microsoft Visual Studio | ID = 1000
Description = Faulting application devenv.exe, version 9.0.30729.1, stamp 488f2b50,
 faulting module mscordbi.dll, version 2.0.50727.3053, stamp 4889dc56, debug? 0,
 fault address 0x000024f8.
 
Error - 10.07.2009 04:20:37 | Computer Name = HP-LABOR-4 | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.3053 - Schwerwiegender Fehler im Ausführungsmodul
 (7A097706) (80131506).
 
Error - 17.07.2009 09:05:02 | Computer Name = HP-LABOR-4 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dsm.exe, Version 1.0.0.1, fehlgeschlagenes
 Modul dsm.exe, Version 1.0.0.1, Fehleradresse 0x00018c55.
 
Error - 29.07.2009 03:08:26 | Computer Name = HP-LABOR-4 | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.3053 - Schwerwiegender Fehler im Ausführungsmodul
 (7A2E0F92) (0).
 
Error - 30.07.2009 06:51:25 | Computer Name = HP-LABOR-4 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.0.3372, fehlgeschlagenes
 Modul npswf32.dll, Version 9.0.124.0, Fehleradresse 0x0022b773.
 
[ System Events ]
Error - 16.04.2037 08:02:36 | Computer Name = HP-LABOR-4 | Source = NETLOGON | ID = 3224
Description = Das Ändern des Kennworts für das Computerkonto HP-LABOR-4$ ist fehlgeschlagen.
Folgender
 Fehler ist aufgetreten:   %%8206
 
 
< End of report >

cosinus · 26.04.2013, 15:08

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Costanzo · 26.04.2013, 15:55

aswMBR

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-26 16:27:00
-----------------------------
16:27:00.312    OS Version: Windows 5.1.2600 Service Pack 2
16:27:00.312    Number of processors: 2 586 0xF02
16:27:00.312    ComputerName: HP-LABOR-4  UserName: elsaesser
16:27:00.953    Initialize success
16:31:17.546    AVAST engine defs: 13042600
16:31:41.140    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:31:41.140    Disk 0 Vendor: ST3250310AS 3.AHB Size: 238475MB BusType: 3
16:31:41.375    Disk 0 MBR read successfully
16:31:41.375    Disk 0 MBR scan
16:31:41.390    Disk 0 Windows XP default MBR code
16:31:41.390    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       238464 MB offset 63
16:31:41.406    Disk 0 scanning sectors +488376000
16:31:41.656    Disk 0 scanning C:\WINDOWS\system32\drivers
16:32:00.687    Service scanning
16:32:39.625    Modules scanning
16:32:45.015    Module: C:\WINDOWS\System32\DLA\DLADResN.SYS  **SUSPICIOUS**
16:32:46.703    Disk 0 trace - called modules:
16:32:46.718    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
16:32:47.218    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89da2ab8]
16:32:47.218    3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\00000067[0x89dc7f18]
16:32:47.218    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89dc6d98]
16:32:47.718    AVAST engine scan C:\WINDOWS
16:32:56.734    AVAST engine scan C:\WINDOWS\system32
16:38:27.093    AVAST engine scan C:\WINDOWS\system32\drivers
16:39:09.703    AVAST engine scan C:\Dokumente und Einstellungen\elsaesser
16:39:37.218    File: C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Nyev\buac.exe  **INFECTED** Win32:Malware-gen
16:49:47.359    AVAST engine scan C:\Dokumente und Einstellungen\All Users
16:50:41.593    Scan finished successfully
16:51:07.234    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\elsaesser\Desktop\MBR.dat"
16:51:07.234    The log file has been saved successfully to "C:\Dokumente und Einstellungen\elsaesser\Desktop\aswMBR.txt"

TDSS-Killer:

Code:

ATTFilter

16:51:51.0687 2792  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:51:52.0093 2792  ============================================================
16:51:52.0093 2792  Current date / time: 2013/04/26 16:51:52.0093
16:51:52.0093 2792  SystemInfo:
16:51:52.0093 2792  
16:51:52.0093 2792  OS Version: 5.1.2600 ServicePack: 2.0
16:51:52.0093 2792  Product type: Workstation
16:51:52.0093 2792  ComputerName: HP-LABOR-4
16:51:52.0093 2792  UserName: elsaesser
16:51:52.0093 2792  Windows directory: C:\WINDOWS
16:51:52.0093 2792  System windows directory: C:\WINDOWS
16:51:52.0093 2792  Processor architecture: Intel x86
16:51:52.0093 2792  Number of processors: 2
16:51:52.0093 2792  Page size: 0x1000
16:51:52.0093 2792  Boot type: Normal boot
16:51:52.0093 2792  ============================================================
16:51:54.0250 2792  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:51:54.0250 2792  ============================================================
16:51:54.0250 2792  \Device\Harddisk0\DR0:
16:51:54.0250 2792  MBR partitions:
16:51:54.0250 2792  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
16:51:54.0250 2792  ============================================================
16:51:54.0281 2792  C: <-> \Device\Harddisk0\DR0\Partition1
16:51:54.0281 2792  ============================================================
16:51:54.0281 2792  Initialize success
16:51:54.0281 2792  ============================================================
16:52:19.0437 2200  ============================================================
16:52:19.0437 2200  Scan started
16:52:19.0437 2200  Mode: Manual; SigCheck; TDLFS; 
16:52:19.0437 2200  ============================================================
16:52:19.0953 2200  ================ Scan system memory ========================
16:52:20.0906 2200  System memory - ok
16:52:20.0906 2200  ================ Scan services =============================
16:52:21.0031 2200  Abiosdsk - ok
16:52:21.0031 2200  abp480n5 - ok
16:52:21.0062 2200  [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc        C:\WINDOWS\system32\drivers\ac97intc.sys
16:52:21.0640 2200  ac97intc - ok
16:52:21.0671 2200  [ 94B4741D2CF9ED38140B831293D1601A ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:52:21.0812 2200  ACPI - ok
16:52:21.0828 2200  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
16:52:22.0000 2200  ACPIEC - ok
16:52:22.0109 2200  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:52:22.0281 2200  AdobeFlashPlayerUpdateSvc - ok
16:52:22.0281 2200  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:52:22.0406 2200  adpu160m - ok
16:52:22.0421 2200  [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320         C:\WINDOWS\system32\DRIVERS\adpu320.sys
16:52:22.0468 2200  adpu320 ( UnsignedFile.Multi.Generic ) - warning
16:52:22.0468 2200  adpu320 - detected UnsignedFile.Multi.Generic (1)
16:52:22.0500 2200  [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
16:52:22.0656 2200  aec - ok
16:52:22.0671 2200  [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD             C:\WINDOWS\System32\drivers\afd.sys
16:52:22.0859 2200  AFD - ok
16:52:22.0859 2200  Aha154x - ok
16:52:22.0859 2200  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:52:23.0000 2200  aic78u2 - ok
16:52:23.0000 2200  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:52:23.0109 2200  aic78xx - ok
16:52:23.0156 2200  [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
16:52:23.0265 2200  Alerter - ok
16:52:23.0296 2200  [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG             C:\WINDOWS\System32\alg.exe
16:52:23.0453 2200  ALG - ok
16:52:23.0453 2200  AliIde - ok
16:52:23.0453 2200  amsint - ok
16:52:23.0484 2200  [ BECD5328E7869807D6557BE4FE60C72F ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
16:52:23.0578 2200  AppMgmt - ok
16:52:23.0578 2200  asc - ok
16:52:23.0578 2200  asc3350p - ok
16:52:23.0593 2200  asc3550 - ok
16:52:23.0718 2200  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:52:23.0828 2200  aspnet_state - ok
16:52:23.0859 2200  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:52:23.0984 2200  AsyncMac - ok
16:52:24.0031 2200  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
16:52:24.0109 2200  atapi - ok
16:52:24.0109 2200  Atdisk - ok
16:52:24.0109 2200  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:52:24.0265 2200  Atmarpc - ok
16:52:24.0312 2200  [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
16:52:24.0406 2200  AudioSrv - ok
16:52:24.0421 2200  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
16:52:24.0562 2200  audstub - ok
16:52:24.0609 2200  [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:52:24.0671 2200  b57w2k ( UnsignedFile.Multi.Generic ) - warning
16:52:24.0671 2200  b57w2k - detected UnsignedFile.Multi.Generic (1)
16:52:24.0687 2200  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
16:52:24.0812 2200  Beep - ok
16:52:24.0859 2200  [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS            C:\WINDOWS\system32\qmgr.dll
16:52:25.0015 2200  BITS - ok
16:52:25.0062 2200  [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser         C:\WINDOWS\System32\browser.dll
16:52:25.0171 2200  Browser - ok
16:52:25.0218 2200  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
16:52:25.0328 2200  cbidf2k - ok
16:52:25.0328 2200  cd20xrnt - ok
16:52:25.0359 2200  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
16:52:25.0500 2200  Cdaudio - ok
16:52:25.0515 2200  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
16:52:25.0671 2200  Cdfs - ok
16:52:25.0703 2200  [ 7B53584D94E9D8716B2DE91D5F1CB42D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:52:25.0781 2200  Cdrom - ok
16:52:25.0796 2200  Changer - ok
16:52:25.0812 2200  [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc           C:\WINDOWS\system32\cisvc.exe
16:52:25.0984 2200  CiSvc - ok
16:52:26.0015 2200  [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
16:52:26.0140 2200  ClipSrv - ok
16:52:26.0156 2200  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:52:26.0296 2200  clr_optimization_v2.0.50727_32 - ok
16:52:26.0296 2200  CmdIde - ok
16:52:26.0296 2200  COMSysApp - ok
16:52:26.0312 2200  Cpqarray - ok
16:52:26.0343 2200  [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
16:52:26.0468 2200  CryptSvc - ok
16:52:26.0484 2200  dac2w2k - ok
16:52:26.0484 2200  dac960nt - ok
16:52:26.0531 2200  [ 9F28FF58D6D67B123272869D89D14004 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
16:52:26.0656 2200  DcomLaunch - ok
16:52:26.0703 2200  [ 81CDBF47D6FF9CF08672A0C877CE38C8 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
16:52:26.0796 2200  Dhcp - ok
16:52:26.0828 2200  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
16:52:26.0968 2200  Disk - ok
16:52:27.0031 2200  [ 5A29679449029A82DF994B862B7D0DE0 ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS
16:52:27.0093 2200  DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
16:52:27.0093 2200  DLABOIOM - detected UnsignedFile.Multi.Generic (1)
16:52:27.0093 2200  [ 7581407A6A3C56860AE31E6E423FE824 ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
16:52:27.0156 2200  DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
16:52:27.0156 2200  DLACDBHM - detected UnsignedFile.Multi.Generic (1)
16:52:27.0171 2200  [ A5DC84AEB8FBEEFE4C984B8755718B95 ] DLADResN        C:\WINDOWS\system32\DLA\DLADResN.SYS
16:52:27.0265 2200  DLADResN ( UnsignedFile.Multi.Generic ) - warning
16:52:27.0265 2200  DLADResN - detected UnsignedFile.Multi.Generic (1)
16:52:27.0265 2200  [ 29E86B3DBCC0CCF2DCC12191BA17EB2B ] DLAIFS_M        C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
16:52:27.0375 2200  DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
16:52:27.0375 2200  DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
16:52:27.0375 2200  [ 3D3CA499291FAB9966198C2C1CA7043F ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
16:52:27.0453 2200  DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
16:52:27.0453 2200  DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
16:52:27.0453 2200  [ CE8032966E6C15EF980C7CD0810ED5D0 ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS
16:52:27.0531 2200  DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
16:52:27.0531 2200  DLAPoolM - detected UnsignedFile.Multi.Generic (1)
16:52:27.0562 2200  [ 693DFD92D41A3D270053CD97834E4960 ] DLARTL_N        C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
16:52:27.0640 2200  DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
16:52:27.0640 2200  DLARTL_N - detected UnsignedFile.Multi.Generic (1)
16:52:27.0656 2200  [ E79432D1BF255854A0006FBA9682473A ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
16:52:27.0734 2200  DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
16:52:27.0734 2200  DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
16:52:27.0750 2200  [ 095F713890FC229FA0C70DFFD04FFCC3 ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
16:52:27.0843 2200  DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
16:52:27.0843 2200  DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
16:52:27.0843 2200  dmadmin - ok
16:52:27.0890 2200  [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
16:52:28.0140 2200  dmboot - ok
16:52:28.0171 2200  [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
16:52:28.0343 2200  dmio - ok
16:52:28.0343 2200  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
16:52:28.0468 2200  dmload - ok
16:52:28.0484 2200  [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver        C:\WINDOWS\System32\dmserver.dll
16:52:28.0578 2200  dmserver - ok
16:52:28.0593 2200  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
16:52:28.0718 2200  DMusic - ok
16:52:28.0718 2200  [ D1F5B71BBAEEE07B78980DBD878C0BC7 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
16:52:28.0859 2200  Dnscache - ok
16:52:28.0875 2200  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:52:28.0984 2200  dpti2o - ok
16:52:28.0984 2200  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
16:52:29.0140 2200  drmkaud - ok
16:52:29.0156 2200  [ D626B0037E3585C12520F1E5CD67DFDE ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
16:52:29.0234 2200  DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
16:52:29.0234 2200  DRVMCDB - detected UnsignedFile.Multi.Generic (1)
16:52:29.0234 2200  [ 2AEEE1600D0F14BA535F90A1F4411B54 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
16:52:29.0296 2200  DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
16:52:29.0296 2200  DRVNDDM - detected UnsignedFile.Multi.Generic (1)
16:52:29.0312 2200  [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:52:29.0453 2200  E100B - ok
16:52:29.0640 2200  [ 47E646AFBF2CBC2E64844A8AC34C725D ] eLoggerSvc6     C:\Programme\Norman\Npm\Bin\Elogsvc.exe
16:52:29.0718 2200  eLoggerSvc6 - ok
16:52:29.0750 2200  [ 877A4512CC9074D6954776AF47021766 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
16:52:29.0859 2200  ERSvc - ok
16:52:29.0906 2200  [ EDB6B81761BD60F32F740BBC40AFB676 ] Eventlog        C:\WINDOWS\system32\services.exe
16:52:30.0125 2200  Eventlog - ok
16:52:30.0156 2200  [ 4E1A8645EE77CB9454FFE53C59620A25 ] EventSystem     C:\WINDOWS\system32\es.dll
16:52:30.0312 2200  EventSystem - ok
16:52:30.0359 2200  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
16:52:30.0906 2200  Fastfat - ok
16:52:30.0953 2200  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:52:31.0078 2200  FastUserSwitchingCompatibility - ok
16:52:31.0093 2200  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
16:52:31.0234 2200  Fdc - ok
16:52:31.0281 2200  [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
16:52:31.0406 2200  Fips - ok
16:52:31.0437 2200  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:52:31.0593 2200  Flpydisk - ok
16:52:31.0640 2200  [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:52:31.0734 2200  FltMgr - ok
16:52:31.0812 2200  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:52:31.0843 2200  FontCache3.0.0.0 - ok
16:52:31.0843 2200  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:52:31.0968 2200  Fs_Rec - ok
16:52:31.0968 2200  FTD2XX - ok
16:52:32.0000 2200  [ F443589225D1BE41F686ED736926CA64 ] FTDIBUS         C:\WINDOWS\system32\drivers\ftdibus.sys
16:52:32.0078 2200  FTDIBUS - ok
16:52:32.0109 2200  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:52:32.0281 2200  Ftdisk - ok
16:52:32.0312 2200  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:52:32.0468 2200  Gpc - ok
16:52:32.0562 2200  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Programme\Google\Update\GoogleUpdate.exe
16:52:32.0578 2200  gupdate - ok
16:52:32.0578 2200  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
16:52:32.0593 2200  gupdatem - ok
16:52:32.0625 2200  [ 2A013E7530BEAB6E569FAA83F517E836 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
16:52:32.0703 2200  HdAudAddService - ok
16:52:32.0734 2200  [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:52:32.0859 2200  HDAudBus - ok
16:52:32.0953 2200  [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:52:33.0093 2200  helpsvc - ok
16:52:33.0093 2200  HidServ - ok
16:52:33.0109 2200  hpn - ok
16:52:33.0156 2200  [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
16:52:33.0375 2200  HTTP - ok
16:52:33.0390 2200  [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
16:52:33.0500 2200  HTTPFilter - ok
16:52:33.0500 2200  i2omgmt - ok
16:52:33.0500 2200  i2omp - ok
16:52:33.0515 2200  [ 7C575018D0413440D75432A78B88C899 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:52:33.0671 2200  i8042prt - ok
16:52:33.0687 2200  [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x            C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
16:52:33.0828 2200  i81x - ok
16:52:33.0875 2200  [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0         C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
16:52:34.0015 2200  iAimFP0 - ok
16:52:34.0015 2200  [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1         C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
16:52:34.0156 2200  iAimFP1 - ok
16:52:34.0156 2200  [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2         C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
16:52:34.0296 2200  iAimFP2 - ok
16:52:34.0296 2200  [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3         C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
16:52:34.0421 2200  iAimFP3 - ok
16:52:34.0437 2200  [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4         C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
16:52:34.0562 2200  iAimFP4 - ok
16:52:34.0562 2200  [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5         C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
16:52:34.0703 2200  iAimFP5 - ok
16:52:34.0703 2200  [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6         C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
16:52:34.0828 2200  iAimFP6 - ok
16:52:34.0828 2200  [ 7BB3AA595E4507A788DE1CDC63F4C8C4 ] iAimFP7         C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
16:52:34.0968 2200  iAimFP7 - ok
16:52:34.0968 2200  [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0         C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
16:52:35.0125 2200  iAimTV0 - ok
16:52:35.0125 2200  [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1         C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
16:52:35.0250 2200  iAimTV1 - ok
16:52:35.0265 2200  [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3         C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
16:52:35.0375 2200  iAimTV3 - ok
16:52:35.0375 2200  [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4         C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
16:52:35.0515 2200  iAimTV4 - ok
16:52:35.0546 2200  [ 791CC45DE6E50445BE72E8AD6401FF45 ] iAimTV5         C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
16:52:35.0671 2200  iAimTV5 - ok
16:52:35.0687 2200  [ 352FA0E98BC461CE1CE5D41F64DB558D ] iAimTV6         C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
16:52:35.0796 2200  iAimTV6 - ok
16:52:35.0859 2200  [ 0674CE8AE167D830B871A99C677C5C59 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:52:36.0015 2200  ialm - ok
16:52:36.0093 2200  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:52:36.0265 2200  idsvc - ok
16:52:36.0296 2200  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
16:52:36.0421 2200  Imapi - ok
16:52:36.0468 2200  [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService    C:\WINDOWS\system32\imapi.exe
16:52:36.0671 2200  ImapiService - ok
16:52:36.0687 2200  ini910u - ok
16:52:36.0812 2200  [ 418FE3A08346CCCA61BC9A04457F46CF ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:52:37.0671 2200  IntcAzAudAddService - ok
16:52:37.0687 2200  [ D63C33F65F6EBC732116403D88883B2D ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
16:52:37.0843 2200  IntelIde - ok
16:52:37.0859 2200  [ C1C2CC1DA79C5EE10457EF0A3B8568C7 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:52:37.0984 2200  intelppm - ok
16:52:37.0984 2200  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:52:38.0109 2200  Ip6Fw - ok
16:52:38.0109 2200  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:52:38.0234 2200  IpFilterDriver - ok
16:52:38.0250 2200  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:52:38.0390 2200  IpInIp - ok
16:52:38.0406 2200  [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:52:38.0578 2200  IpNat - ok
16:52:38.0593 2200  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:52:38.0734 2200  IPSec - ok
16:52:38.0734 2200  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
16:52:38.0828 2200  IRENUM - ok
16:52:38.0859 2200  [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:52:39.0000 2200  isapnp - ok
16:52:39.0109 2200  [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
16:52:39.0234 2200  JavaQuickStarterService - ok
16:52:39.0265 2200  [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:52:39.0406 2200  Kbdclass - ok
16:52:39.0421 2200  [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
16:52:39.0593 2200  kmixer - ok
16:52:39.0609 2200  [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
16:52:39.0703 2200  KSecDD - ok
16:52:39.0750 2200  [ 36D74668F5448D55887FA3958488DC06 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:52:39.0843 2200  lanmanworkstation - ok
16:52:39.0984 2200  [ 656B09EE2900B00B5D9874DA513A9ED3 ] Lavasoft Ad-Aware Service C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
16:52:40.0406 2200  Lavasoft Ad-Aware Service - ok
16:52:40.0437 2200  [ 0BD6D3F477DF86420DE942A741DABE37 ] Lavasoft Kernexplorer C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys
16:52:40.0546 2200  Lavasoft Kernexplorer - ok
16:52:40.0593 2200  [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd             C:\WINDOWS\system32\DRIVERS\Lbd.sys
16:52:40.0671 2200  Lbd - ok
16:52:40.0671 2200  lbrtfdc - ok
16:52:40.0734 2200  [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
16:52:40.0828 2200  LmHosts - ok
16:52:40.0984 2200  [ A9D1A5A0E8224FDE018DF5AFE93845D1 ] MDM             C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
16:52:41.0171 2200  MDM ( UnsignedFile.Multi.Generic ) - warning
16:52:41.0171 2200  MDM - detected UnsignedFile.Multi.Generic (1)
16:52:41.0203 2200  [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger       C:\WINDOWS\System32\msgsvc.dll
16:52:41.0343 2200  Messenger - ok
16:52:41.0359 2200  [ 729D83E56C29C510258A6E9E79FFDDC3 ] mf              C:\WINDOWS\system32\DRIVERS\mf.sys
16:52:41.0562 2200  mf - ok
16:52:41.0593 2200  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
16:52:41.0687 2200  mnmdd - ok
16:52:41.0734 2200  [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
16:52:41.0937 2200  mnmsrvc - ok
16:52:42.0000 2200  [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
16:52:42.0140 2200  Modem - ok
16:52:42.0156 2200  [ 71E15CA47FD947552054AFB28536268F ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:52:42.0296 2200  Mouclass - ok
16:52:42.0312 2200  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
16:52:42.0453 2200  MountMgr - ok
16:52:42.0500 2200  [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
16:52:42.0640 2200  MozillaMaintenance - ok
16:52:42.0640 2200  mraid35x - ok
16:52:42.0656 2200  [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:52:42.0843 2200  MRxDAV - ok
16:52:42.0875 2200  [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:52:43.0140 2200  MRxSmb - ok
16:52:43.0171 2200  [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
16:52:43.0296 2200  MSDTC - ok
16:52:43.0312 2200  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
16:52:43.0437 2200  Msfs - ok
16:52:43.0453 2200  MSIServer - ok
16:52:43.0453 2200  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:52:43.0578 2200  MSKSSRV - ok
16:52:43.0578 2200  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:52:43.0718 2200  MSPCLOCK - ok
16:52:43.0718 2200  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
16:52:43.0843 2200  MSPQM - ok
16:52:43.0890 2200  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:52:44.0000 2200  mssmbios - ok
16:52:44.0093 2200  MSSQL$SQLEXPRESS - ok
16:52:44.0140 2200  [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:52:44.0234 2200  MSSQLServerADHelper - ok
16:52:44.0484 2200  [ 70E994D23895DF6B1EE1E70145299FCF ] msvsmon90       C:\Programme\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
16:52:44.0906 2200  msvsmon90 - ok
16:52:44.0921 2200  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
16:52:45.0078 2200  Mup - ok
16:52:45.0093 2200  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
16:52:45.0281 2200  NDIS - ok
16:52:45.0359 2200  [ 725123F7AEBFEF717E3F26B25B149D7A ] Ndiskio         C:\Programme\Norman\Nse\Bin\NDISKIO.SYS
16:52:45.0437 2200  Ndiskio - ok
16:52:45.0453 2200  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:52:45.0593 2200  NdisTapi - ok
16:52:45.0625 2200  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:52:45.0765 2200  Ndisuio - ok
16:52:45.0781 2200  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:52:45.0968 2200  NdisWan - ok
16:52:46.0000 2200  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
16:52:46.0125 2200  NDProxy - ok
16:52:46.0171 2200  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
16:52:46.0234 2200  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:52:46.0234 2200  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:52:46.0250 2200  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
16:52:46.0390 2200  NetBIOS - ok
16:52:46.0453 2200  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
16:52:46.0609 2200  NetBT - ok
16:52:46.0656 2200  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE          C:\WINDOWS\system32\netdde.exe
16:52:46.0843 2200  NetDDE - ok
16:52:46.0859 2200  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
16:52:46.0921 2200  NetDDEdsdm - ok
16:52:46.0937 2200  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon        C:\WINDOWS\system32\lsass.exe
16:52:47.0078 2200  Netlogon - ok
16:52:47.0109 2200  [ CDF4DA6B518105343FE9E8AFBBF8FBF4 ] Netman          C:\WINDOWS\System32\netman.dll
16:52:47.0218 2200  Netman - ok
16:52:47.0281 2200  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:52:47.0750 2200  NetTcpPortSharing - ok
16:52:47.0828 2200  [ F01863FB9B02EDD0D457B406926070E5 ] NGS             c:\programme\norman\ngs\bin\ngs.sys
16:52:47.0906 2200  NGS - ok
16:52:47.0953 2200  [ B36E08F680BAE4DFC5C24D00A2DFC9E7 ] Nla             C:\WINDOWS\System32\mswsock.dll
16:52:48.0046 2200  Nla - ok
16:52:48.0046 2200  [ 60CF8C7192B3614F240838DDBAA4A245 ] nm              C:\WINDOWS\system32\DRIVERS\NMnt.sys
16:52:48.0187 2200  nm - ok
16:52:48.0218 2200  [ DB1F8037073175014C119749F8AB7E08 ] nnetsec         C:\WINDOWS\system32\DRIVERS\nnetsec.sys
16:52:48.0296 2200  nnetsec - ok
16:52:48.0312 2200  [ 9F49380E683B14D6FFA16B4C251EA175 ] NNetSecC        C:\Programme\Norman\ngs\bin\nnetsecc.sys
16:52:48.0390 2200  NNetSecC - ok
16:52:48.0406 2200  [ 20F65E9205FFFD2F8579E0F8CE38B68F ] Norman NJeeves  C:\Programme\Norman\Npm\Bin\Njeeves.exe
16:52:48.0515 2200  Norman NJeeves - ok
16:52:48.0531 2200  [ DD3E6F98B73AAD03FAE0653CD5A92649 ] Norman ZANDA    C:\Programme\Norman\Npm\Bin\Zanda.exe
16:52:48.0703 2200  Norman ZANDA - ok
16:52:48.0750 2200  [ 2374F930C03FFE663662D04C2A3E0087 ] NormanZfr       C:\Programme\Norman\Npm\Bin\zfr.exe
16:52:48.0890 2200  NormanZfr ( UnsignedFile.Multi.Generic ) - warning
16:52:48.0890 2200  NormanZfr - detected UnsignedFile.Multi.Generic (1)
16:52:48.0937 2200  [ E1ACB2CDA08CA2E780CB4CF115E2A542 ] npdrv           C:\WINDOWS\system32\drivers\npdrv.sys
16:52:49.0015 2200  npdrv ( UnsignedFile.Multi.Generic ) - warning
16:52:49.0015 2200  npdrv - detected UnsignedFile.Multi.Generic (1)
16:52:49.0062 2200  [ 6623E51595C0076755C29C00846C4EB2 ] NPF             C:\WINDOWS\system32\drivers\npf.sys
16:52:49.0125 2200  NPF - ok
16:52:49.0171 2200  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
16:52:49.0312 2200  Npfs - ok
16:52:49.0359 2200  [ 8894FD9B82F771B27D27191E91374311 ] nsesvc          C:\Programme\Norman\Nse\Bin\NSESVC.EXE
16:52:49.0484 2200  nsesvc - ok
16:52:49.0515 2200  [ B78BE402C3F63DD55521F73876951CDD ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
16:52:49.0734 2200  Ntfs - ok
16:52:49.0765 2200  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
16:52:49.0828 2200  NtLmSsp - ok
16:52:49.0859 2200  [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
16:52:50.0031 2200  NtmsSvc - ok
16:52:50.0046 2200  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
16:52:50.0156 2200  Null - ok
16:52:50.0203 2200  [ 1D6B84EA4246B1DC99FCA50DA5191890 ] NvcMFlt         C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys
16:52:50.0265 2200  NvcMFlt - ok
16:52:50.0359 2200  [ 9F39E950A7BE358DC8FEF8EA4F80F935 ] nvcoas          C:\Programme\Norman\Nvc\Bin\nvcoas.exe
16:52:50.0515 2200  nvcoas - ok
16:52:50.0531 2200  [ 19CA1D927EB4D9C88D20E27845EFF07B ] NVOY            C:\Programme\Norman\npm\bin\nvoy.exe
16:52:50.0656 2200  NVOY - ok
16:52:50.0671 2200  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:52:50.0843 2200  NwlnkFlt - ok
16:52:50.0875 2200  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:52:51.0093 2200  NwlnkFwd - ok
16:52:51.0125 2200  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
16:52:51.0296 2200  ose - ok
16:52:51.0312 2200  [ 118C1004E38FDDB5F832A182E6EF6F40 ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
16:52:51.0468 2200  P3 - ok
16:52:51.0484 2200  [ B2F17A2EDB5450E61973A037F63A595B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
16:52:51.0656 2200  Parport - ok
16:52:51.0687 2200  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
16:52:51.0828 2200  PartMgr - ok
16:52:51.0843 2200  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
16:52:51.0968 2200  ParVdm - ok
16:52:51.0968 2200  [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
16:52:52.0125 2200  PCI - ok
16:52:52.0125 2200  PCIDump - ok
16:52:52.0140 2200  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
16:52:52.0234 2200  PCIIde - ok
16:52:52.0265 2200  [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
16:52:52.0453 2200  Pcmcia - ok
16:52:52.0453 2200  PDCOMP - ok
16:52:52.0500 2200  pdfcDispatcher - ok
16:52:52.0500 2200  PDFRAME - ok
16:52:52.0500 2200  PDRELI - ok
16:52:52.0500 2200  PDRFRAME - ok
16:52:52.0515 2200  perc2 - ok
16:52:52.0515 2200  perc2hib - ok
16:52:52.0546 2200  [ EDB6B81761BD60F32F740BBC40AFB676 ] PlugPlay        C:\WINDOWS\system32\services.exe
16:52:52.0625 2200  PlugPlay - ok
16:52:52.0656 2200  [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
16:52:52.0718 2200  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:52:52.0718 2200  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:52:52.0718 2200  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
16:52:52.0796 2200  PolicyAgent - ok
16:52:52.0843 2200  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:52:53.0000 2200  PptpMiniport - ok
16:52:53.0015 2200  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:52:53.0093 2200  ProtectedStorage - ok
16:52:53.0109 2200  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:52:53.0234 2200  Ptilink - ok
16:52:53.0265 2200  [ 86724469CD077901706854974CD13C3E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:52:53.0343 2200  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
16:52:53.0343 2200  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
16:52:53.0343 2200  ql1080 - ok
16:52:53.0343 2200  Ql10wnt - ok
16:52:53.0343 2200  ql12160 - ok
16:52:53.0359 2200  ql1240 - ok
16:52:53.0359 2200  ql1280 - ok
16:52:53.0375 2200  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:52:53.0484 2200  RasAcd - ok
16:52:53.0515 2200  [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto         C:\WINDOWS\System32\rasauto.dll
16:52:53.0640 2200  RasAuto - ok
16:52:53.0671 2200  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:52:53.0796 2200  Rasl2tp - ok
16:52:53.0828 2200  [ A5D2D745A2AEFA327DCA6DA317B5FD70 ] RasMan          C:\WINDOWS\System32\rasmans.dll
16:52:53.0953 2200  RasMan - ok
16:52:53.0968 2200  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:52:54.0078 2200  RasPppoe - ok
16:52:54.0093 2200  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
16:52:54.0218 2200  Raspti - ok
16:52:54.0265 2200  [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:52:54.0453 2200  Rdbss - ok
16:52:54.0468 2200  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:52:54.0578 2200  RDPCDD - ok
16:52:54.0609 2200  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:52:54.0796 2200  rdpdr - ok
16:52:54.0828 2200  [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
16:52:54.0984 2200  RDPWD - ok
16:52:55.0000 2200  [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
16:52:55.0234 2200  RDSessMgr - ok
16:52:55.0312 2200  [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe
16:52:56.0625 2200  RealNetworks Downloader Resolver Service - ok
16:52:56.0656 2200  [ AA56702E230860565CB8D43680F57F33 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
16:52:56.0796 2200  redbook - ok
16:52:56.0812 2200  [ EBA80CDF25E02084857957E820004934 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
16:52:56.0906 2200  RemoteAccess - ok
16:52:56.0937 2200  [ AE81CF7D7CFA79CD03E8FB99788A7E09 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
16:52:57.0031 2200  RemoteRegistry - ok
16:52:57.0078 2200  [ E51A8D02B4BD33EBA1F7A5B76C3766ED ] rpcapd          C:\Programme\WinPcap\rpcapd.exe
16:52:57.0187 2200  rpcapd - ok
16:52:57.0218 2200  [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator      C:\WINDOWS\system32\locator.exe
16:52:57.0390 2200  RpcLocator - ok
16:52:57.0421 2200  [ 9F28FF58D6D67B123272869D89D14004 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
16:52:57.0546 2200  RpcSs - ok
16:52:57.0593 2200  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
16:52:57.0781 2200  RSVP - ok
16:52:57.0796 2200  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs           C:\WINDOWS\system32\lsass.exe
16:52:57.0890 2200  SamSs - ok
16:52:57.0890 2200  [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
16:52:58.0046 2200  SCardSvr - ok
16:52:58.0046 2200  [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
16:52:58.0156 2200  Schedule - ok
16:52:58.0203 2200  [ 5FD85727E19476C24ACB8E7BFFBCE26C ] Scheduler       C:\Programme\Norman\Npm\Bin\scheduler.exe
16:52:58.0296 2200  Scheduler - ok
16:52:58.0296 2200  [ D26E26EA516450AF9D072635C60387F4 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:52:58.0375 2200  Secdrv - ok
16:52:58.0406 2200  [ FED544B43903FB801B106F062110358A ] seclogon        C:\WINDOWS\System32\seclogon.dll
16:52:58.0500 2200  seclogon - ok
16:52:58.0515 2200  [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS            C:\WINDOWS\system32\sens.dll
16:52:58.0593 2200  SENS - ok
16:52:58.0625 2200  [ AEBBA7428A6C40CCE3C5ABDE45190B24 ] Sentinel        C:\WINDOWS\System32\Drivers\SENTINEL.SYS
16:52:58.0671 2200  Sentinel ( UnsignedFile.Multi.Generic ) - warning
16:52:58.0671 2200  Sentinel - detected UnsignedFile.Multi.Generic (1)
16:52:58.0718 2200  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
16:52:58.0843 2200  serenum - ok
16:52:58.0843 2200  [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
16:52:58.0984 2200  Serial - ok
16:52:59.0031 2200  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
16:52:59.0140 2200  Sfloppy - ok
16:52:59.0203 2200  [ 9245420422E409A25C1410ACB4244060 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
16:52:59.0359 2200  SharedAccess - ok
16:52:59.0390 2200  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:52:59.0468 2200  ShellHWDetection - ok
16:52:59.0468 2200  Simbad - ok
16:52:59.0468 2200  Sparrow - ok
16:52:59.0500 2200  [ 8E186B8F23295D1E42C573B82B80D548 ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
16:52:59.0609 2200  splitter - ok
16:52:59.0656 2200  [ 54E7113A4BD696E430919BCAF5C65E06 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
16:52:59.0781 2200  Spooler - ok
16:52:59.0828 2200  [ D2B096CD2F56FAC6EEEED9A77DDF6DC8 ] SQLBrowser      c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:52:59.0921 2200  SQLBrowser - ok
16:52:59.0937 2200  [ 54902536AAD0E9B99BC65F89C0CAF93F ] SQLWriter       c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:53:00.0046 2200  SQLWriter - ok
16:53:00.0078 2200  [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
16:53:00.0187 2200  sr - ok
16:53:00.0234 2200  [ 015F302C4CF961F20C3F98F3A7CA7917 ] srservice       C:\WINDOWS\system32\srsvc.dll
16:53:00.0312 2200  srservice - ok
16:53:00.0328 2200  [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
16:53:00.0406 2200  SSDPSRV - ok
16:53:00.0453 2200  [ 6DB0676E502995C59053683817C94286 ] SSIPDDP         C:\WINDOWS\system32\Drivers\SSIPDDP.SYS
16:53:00.0531 2200  SSIPDDP ( UnsignedFile.Multi.Generic ) - warning
16:53:00.0531 2200  SSIPDDP - detected UnsignedFile.Multi.Generic (1)
16:53:00.0593 2200  [ 7E751068ADA60FC77638622E86A7CD9E ] stisvc          C:\WINDOWS\system32\wiaservc.dll
16:53:00.0796 2200  stisvc - ok
16:53:00.0843 2200  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
16:53:00.0953 2200  swenum - ok
16:53:00.0968 2200  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
16:53:01.0109 2200  swmidi - ok
16:53:01.0109 2200  SwPrv - ok
16:53:01.0140 2200  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
16:53:01.0250 2200  symc810 - ok
16:53:01.0250 2200  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:53:01.0359 2200  symc8xx - ok
16:53:01.0390 2200  [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi          C:\WINDOWS\system32\DRIVERS\symmpi.sys
16:53:01.0421 2200  Symmpi ( UnsignedFile.Multi.Generic ) - warning
16:53:01.0421 2200  Symmpi - detected UnsignedFile.Multi.Generic (1)
16:53:01.0421 2200  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:53:01.0562 2200  sym_hi - ok
16:53:01.0562 2200  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:53:01.0687 2200  sym_u3 - ok
16:53:01.0718 2200  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
16:53:01.0828 2200  sysaudio - ok
16:53:01.0875 2200  [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
16:53:02.0046 2200  SysmonLog - ok
16:53:02.0093 2200  [ 4584E2A5FE662AB3E7C32936E1449043 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
16:53:02.0203 2200  TapiSrv - ok
16:53:02.0218 2200  [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:53:02.0437 2200  Tcpip - ok
16:53:02.0468 2200  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
16:53:02.0578 2200  TDPIPE - ok
16:53:02.0593 2200  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
16:53:02.0703 2200  TDTCP - ok
16:53:02.0718 2200  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
16:53:02.0812 2200  TermDD - ok
16:53:02.0859 2200  [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService     C:\WINDOWS\System32\termsrv.dll
16:53:02.0968 2200  TermService - ok
16:53:02.0968 2200  TetaSCDevice - ok
16:53:02.0984 2200  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] Themes          C:\WINDOWS\System32\shsvcs.dll
16:53:03.0046 2200  Themes - ok
16:53:03.0078 2200  [ 58708746B8267033E5CF2B29659E7F74 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
16:53:03.0218 2200  TlntSvr - ok
16:53:03.0218 2200  TosIde - ok
16:53:03.0234 2200  [ A34E894201D66E380E1FA96FE11B587E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
16:53:03.0359 2200  TrkWks - ok
16:53:03.0390 2200  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
16:53:03.0531 2200  Udfs - ok
16:53:03.0531 2200  ultra - ok
16:53:03.0578 2200  [ B2AF2BA8A3205A8458B61F638FB431DD ] UnlockerDriver5 C:\Programme\Unlocker\UnlockerDriver5.sys
16:53:03.0656 2200  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
16:53:03.0656 2200  UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
16:53:03.0687 2200  [ 09D4A2D7C5A8ABEC227D118765FAADDF ] upnphost        C:\WINDOWS\System32\upnphost.dll
16:53:03.0781 2200  upnphost - ok
16:53:03.0796 2200  [ A99F867E76CFDAA28EE305B93F70E84F ] UPS             C:\WINDOWS\System32\ups.exe
16:53:03.0937 2200  UPS - ok
16:53:03.0953 2200  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:53:04.0093 2200  usbehci - ok
16:53:04.0140 2200  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:53:04.0296 2200  usbhub - ok
16:53:04.0312 2200  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:53:04.0453 2200  USBSTOR - ok
16:53:04.0484 2200  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:53:04.0625 2200  usbuhci - ok
16:53:04.0687 2200  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
16:53:04.0812 2200  VgaSave - ok
16:53:04.0843 2200  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
16:53:04.0984 2200  ViaIde - ok
16:53:05.0031 2200  [ DB3BFE98C445D240F0FD7F307E11CC22 ] VirtualCom      C:\WINDOWS\system32\DRIVERS\glvsp.sys
16:53:05.0109 2200  VirtualCom ( UnsignedFile.Multi.Generic ) - warning
16:53:05.0109 2200  VirtualCom - detected UnsignedFile.Multi.Generic (1)
16:53:05.0125 2200  [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
16:53:05.0312 2200  VolSnap - ok
16:53:05.0359 2200  [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS             C:\WINDOWS\System32\vssvc.exe
16:53:05.0593 2200  VSS - ok
16:53:05.0609 2200  [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time         C:\WINDOWS\system32\w32time.dll
16:53:05.0718 2200  W32Time - ok
16:53:05.0718 2200  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:53:05.0875 2200  Wanarp - ok
16:53:05.0875 2200  WDICA - ok
16:53:05.0890 2200  [ 2797F33EBF50466020C430EE4F037933 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
16:53:06.0031 2200  wdmaud - ok
16:53:06.0078 2200  [ 1EB51FEEA9D3208EAE60604F4346C02E ] WebClient       C:\WINDOWS\System32\webclnt.dll
16:53:06.0171 2200  WebClient - ok
16:53:06.0234 2200  [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
16:53:06.0359 2200  winmgmt - ok
16:53:06.0390 2200  [ D68CC4EBF7B03FD770D5962295AD814E ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
16:53:06.0484 2200  WmdmPmSN - ok
16:53:06.0546 2200  [ 9CBB06E4438D6A0D52A46E0B44796D37 ] Wmi             C:\WINDOWS\System32\advapi32.dll
16:53:06.0640 2200  Wmi - ok
16:53:06.0671 2200  [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:53:06.0796 2200  WmiAcpi - ok
16:53:06.0843 2200  [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:53:07.0078 2200  WmiApSrv - ok
16:53:07.0125 2200  [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
16:53:07.0218 2200  wscsvc - ok
16:53:07.0234 2200  [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
16:53:07.0312 2200  wuauserv - ok
16:53:07.0328 2200  [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
16:53:07.0531 2200  WZCSVC - ok
16:53:07.0546 2200  [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
16:53:07.0671 2200  xmlprov - ok
16:53:07.0671 2200  ================ Scan global ===============================
16:53:07.0718 2200  [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
16:53:07.0765 2200  [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll
16:53:07.0796 2200  [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll
16:53:07.0828 2200  [ EDB6B81761BD60F32F740BBC40AFB676 ] C:\WINDOWS\system32\services.exe
16:53:07.0828 2200  [Global] - ok
16:53:07.0828 2200  ================ Scan MBR ==================================
16:53:07.0859 2200  [ DF9769DBAFC477636448AB0154B8BBC9 ] \Device\Harddisk0\DR0
16:53:08.0078 2200  \Device\Harddisk0\DR0 - ok
16:53:08.0078 2200  ================ Scan VBR ==================================
16:53:08.0078 2200  [ 26195953BEDE9070652B8DE3AB4A2B40 ] \Device\Harddisk0\DR0\Partition1
16:53:08.0078 2200  \Device\Harddisk0\DR0\Partition1 - ok
16:53:08.0078 2200  ============================================================
16:53:08.0078 2200  Scan finished
16:53:08.0078 2200  ============================================================
16:53:08.0187 2368  Detected object count: 24
16:53:08.0187 2368  Actual detected object count: 24
16:53:42.0203 2368  adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0203 2368  adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0203 2368  b57w2k ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0203 2368  b57w2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0203 2368  DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0203 2368  DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0203 2368  DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0203 2368  DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0203 2368  DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0203 2368  DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0203 2368  DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0203 2368  DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0203 2368  DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0203 2368  DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0203 2368  DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0203 2368  DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0203 2368  DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0203 2368  DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0203 2368  DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0203 2368  DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0218 2368  DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0218 2368  DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0218 2368  DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0218 2368  DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0218 2368  DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0218 2368  DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0218 2368  MDM ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0218 2368  MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0218 2368  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0218 2368  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0218 2368  NormanZfr ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0218 2368  NormanZfr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0218 2368  npdrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0218 2368  npdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0218 2368  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0218 2368  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0218 2368  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0218 2368  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0218 2368  Sentinel ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0218 2368  Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0218 2368  SSIPDDP ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0218 2368  SSIPDDP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0218 2368  Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0218 2368  Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0234 2368  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0234 2368  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:53:42.0234 2368  VirtualCom ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:42.0234 2368  VirtualCom ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:54:02.0484 3676  Deinitialize success

cosinus · 26.04.2013, 16:06

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Costanzo · 29.04.2013, 07:51

Hatte übers Wochenende keinen Zugang zum PC.

Nun wollte ich eigentlich Malwarebytes scannen lassen. Folgendes Problem ist aber aufgetaucht:
Das Aktualisierungsfenster öffnet, aber es passiert rein gar nichts. Wenn ich es nach 10min schliesse, stürzt das Programm ab.
Ich dachte vielleicht gibt es Probleme wegen dem Wiederherstellungspunkt und habe deshalb Malwarebytes de- und wieder installiert. Ohne, dass sich was geändert hätte. Habe dann gesehen, dass es den Deinstaller gibt und wollte den runterladen. Auch das ging nicht (Seite nicht erreichbar). Dann versuchte ich www.malwarebytes.org direkt im Browser. Auch hier ist die Seite nicht erreichbar. Dann habe ich noch über Google danach gesucht:

www.malwarebytes.org ist nicht erreichbar
www.de.malwarebytes.org geht ohne Probleme
auf meinem anderen PC gehen beide Seiten problemlos

Ist es möglich, dass die Schadsoftware mich daran hindert?!?

Soll ich nun Malwarebytes zuerst ohne Updates laufen lassen und die Schadsoftware entfernen?

cosinus · 29.04.2013, 10:09

Ja lass MBAM erstmal ohne Updates laufen, dann sehen wir weiter

Costanzo · 29.04.2013, 10:13

Zitat:

Wenn der Scan beendet ist:

lasse alles Gefundene löschen

Diesen Punkt auch gleich ausführen?

cosinus · 29.04.2013, 10:17

Ja, v.a. aber das Log vollständig posten

Costanzo · 29.04.2013, 13:51

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.04.07

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
elsaesser :: HP-LABOR-4 [Administrator]

Schutz: Aktiviert

29.04.2013 11:14:48
MBAM-log-2013-04-29 (13-02-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 502942
Laufzeit: 1 Stunde(n), 36 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Zoubyd (Spyware.Zbot.ED) -> Daten: "C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Nyev\buac.exe" -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Nyev\buac.exe (Spyware.Zbot.ED) -> Keine Aktion durchgeführt.
C:\Programme\Microsoft Visual Studio .NET 2003\SDK\v1.1\QuickStart\howto\samples\xml\xmlnamespace\cp\XmlNameSpace.exe (Adware.StatBlaster) -> Keine Aktion durchgeführt.
C:\System Volume Information\_restore{A3363D93-CFEB-48A1-BABD-E813B7FA5615}\RP780\A0075564.exe (Spyware.Zbot.ED) -> Keine Aktion durchgeführt.
C:\System Volume Information\_restore{A3363D93-CFEB-48A1-BABD-E813B7FA5615}\RP781\A0088030.exe (Spyware.Zbot.ED) -> Keine Aktion durchgeführt.

(Ende)

Nachdem ich das Logfile gespeichert hatte, habe ich alles entfernen lassen.
Nach dem Neustart hatte ich genau das gleiche Problem wie schon letzte Woche: Nach dem Login lädt Windows die Einstellungen, bricht dann ab und der PC startet neu.
Dieses Mal bringt jedoch auch die Systemwiederherstellung nichts. Ich habe zahlreiche Wiederherstellungspunkte ausprobiert - immer das gleiche Problem nach dem Login.
Zweimal kam immerhin noch so eine Meldung:

Zitat:

Wiederherstellung unvollständig
Der Computer kann nicht wie folgt wieder hergestellt werden:
xx.xx.2013
Systemprüfpunkt
Es wurden keine Änderungen am Computer durchgeführt.

Hast du vielleicht noch eine Idee?
Ich frage mich, ob das Bereinigen dieses Punkts:

Zitat:

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

jeweils ein Problem auslöst.

cosinus · 29.04.2013, 14:37

Zitat:

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
jeweils ein Problem auslöst.

Das ist doch nur die Einstellung der bacnhrichtigung des Sicherheitscenters

Verhält sich der PC im Prinzip jetzt wieder so wie nach CF?

Costanzo · 29.04.2013, 15:03

Zitat:

Zitat von cosinus

Das ist doch nur die Einstellung der bacnhrichtigung des Sicherheitscenters

Verhält sich der PC im Prinzip jetzt wieder so wie nach CF?

Ja, verhält sich wieder so wie nach Combofix.
Nur, dass jetzt die Systemwiederherstellung offenbar nichts mehr bringt.

cosinus · 29.04.2013, 15:13

Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

26.04.2013, 09:12	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GMX Abuse meldet mir Infizierung mit Virus "Zeus" Ja probier bitte aus __________________ Logfiles bitte immer in CODE-Tags posten

29.04.2013, 10:09	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GMX Abuse meldet mir Infizierung mit Virus "Zeus" Ja lass MBAM erstmal ohne Updates laufen, dann sehen wir weiter __________________ Logfiles bitte immer in CODE-Tags posten

29.04.2013, 10:17	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GMX Abuse meldet mir Infizierung mit Virus "Zeus" Ja, v.a. aber das Log vollständig posten __________________ Logfiles bitte immer in CODE-Tags posten

GMX Abuse meldet mir Infizierung mit Virus "Zeus"

Log-Analyse und Auswertung: GMX Abuse meldet mir Infizierung mit Virus "Zeus"