Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   "Achtung! Ihr Windows System wurde blockiert" - Bildschirm nach der Anmeldung (https://www.trojaner-board.de/110480-achtung-windows-system-wurde-blockiert-bildschirm-anmeldung.html)

rudi_ruessel 26.02.2012 20:43
"Achtung! Ihr Windows System wurde blockiert" - Bildschirm nach der Anmeldung
 
Hallo, ich habe hier ein etwas lästiges Problem. Es gibt zwei Benutzerkonten, eines mit Admin-Rechten zum Installieren von Software, dieses Konto ist in Ordnung, und ein weiteres Konto mit eingeschränkten Rechten.

Das zweite Konto ist mit einem Virus befallen, der einige Sekunden nach der Anmeldung den PC sperrt und mit einem Bild erscheint auf dem steht:
"Ihr Computer wurde gesperrt...."

Der abgesicherte Modus mit Netzwerkunterstützung funktioniert.
In diesem habe ich nun Malwarebytes, ESET und OTL laufen lassen.

Malwarebytes:

Code:
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
 
Database version: v2012.02.26.04
 
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: PC-MSH [administrator]
 
Protection: Disabled
 
26.02.2012 18:29:34
mbam-log-2012-02-26 (18-29-34).txt
 
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271993
Time elapsed: 20 minute(s), 19 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 7
C:\Dokumente und Einstellungen\Install\DoctorWeb\Quarantine\184.tmp (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Install\DoctorWeb\Quarantine\jar_cache4712311857092989050.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{839FF418-2293-4294-9B2A-A17BFCB76F88}\RP491\A0030572.exe (Trojan.Zbot.CBCGen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{839FF418-2293-4294-9B2A-A17BFCB76F88}\RP492\A0030616.exe (Trojan.Zbot.CBCGen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{839FF418-2293-4294-9B2A-A17BFCB76F88}\RP493\A0030689.exe (Trojan.Zbot.CBCGen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{839FF418-2293-4294-9B2A-A17BFCB76F88}\RP494\A0031784.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{839FF418-2293-4294-9B2A-A17BFCB76F88}\RP494\A0031785.exe (Trojan.Agent) -> Quarantined and deleted successfully.
 
(end)
ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cb7dd65a5bfe5147894441d64eb3313e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-26 04:06:07
# local_time=2012-02-26 05:06:07 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 3736 3736 0 0
# scanned=63137
# found=2
# cleaned=0
# scan_time=3750
C:\Dokumente und Einstellungen\Install\DoctorWeb\Quarantine\184.tmp    a variant of Win32/Kryptik.QOY trojan (unable to clean)    00000000000000000000000000000000    I
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe    a variant of Win32/Kryptik.ABIZ trojan (unable to clean)    00000000000000000000000000000000    I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cb7dd65a5bfe5147894441d64eb3313e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-26 06:51:53
# local_time=2012-02-26 07:51:53 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 15359 15359 0 0
# scanned=63047
# found=1
# cleaned=0
# scan_time=2075
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe    a variant of Win32/Kryptik.ABIZ trojan (unable to clean)    00000000000000000000000000000000    I
OTL:

Code:
OTL logfile created on: 26.02.2012 20:16:09 - Run 4
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 83,02% Memory free
2,32 Gb Paging File | 2,21 Gb Available in Paging File | 95,11% Paging File free
Paging file location(s): C:\pagefile.sys 512 512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40,00 Gb Total Space | 19,21 Gb Free Space | 48,01% Space Free | Partition Type: NTFS
Drive D: | 192,88 Gb Total Space | 189,29 Gb Free Space | 98,14% Space Free | Partition Type: NTFS
Drive E: | 3,72 Gb Total Space | 0,44 Gb Free Space | 11,86% Space Free | Partition Type: FAT32
 
Computer Name: PC-MSH | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.26 16:06:40 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.03 14:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.02.28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.29 23:40:52 | 000,700,032 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009.11.18 04:16:42 | 000,253,568 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009.11.18 04:16:42 | 000,137,344 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009.10.23 01:04:00 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009.09.21 15:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009.09.21 15:44:48 | 000,954,368 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009.09.21 15:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.29 10:42:32 | 000,221,184 | ---- | M] (Lenovo ) [Auto | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009.07.29 10:42:28 | 000,098,304 | ---- | M] (Lenovo ) [Auto | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009.07.08 13:51:00 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2009.02.05 14:36:48 | 000,348,160 | ---- | M] (Red Bend Ltd.) [Auto | Stopped] -- C:\Programme\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent) Intel(R)
SRV - [2009.02.05 14:36:10 | 002,379,776 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv) Intel(R)
SRV - [2008.06.13 17:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008.03.19 21:46:44 | 000,208,896 | R--- | M] () [Auto | Stopped] -- C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe -- (LFKAS)
SRV - [2008.01.22 11:13:26 | 000,275,752 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007.11.29 17:12:18 | 000,120,616 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Programme\Symantec\SAV\SavRoam.exe -- (SavRoam)
SRV - [2007.11.29 17:12:00 | 001,846,056 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Symantec\SAV\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007.11.29 17:11:18 | 000,031,528 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Symantec\SAV\DefWatch.exe -- (DefWatch)
SRV - [2007.10.30 11:35:20 | 000,094,208 | R--- | M] () [Auto | Stopped] -- C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.10.24 19:18:42 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.08.27 17:14:00 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007.07.26 19:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007.05.29 16:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007.05.29 16:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.07 10:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.02.07 10:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.05 09:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20120224.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.08.05 09:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20120224.002\NAVENG.SYS -- (NAVENG)
DRV - [2009.11.27 07:20:06 | 000,177,152 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.11.21 13:34:35 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.11.21 13:24:19 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009.10.23 01:04:00 | 000,004,442 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2009.09.15 12:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2009.08.10 01:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009.08.03 04:07:00 | 000,004,608 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2009.07.21 21:45:30 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2009.07.21 21:45:30 | 000,004,224 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2009.07.09 10:46:04 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009.06.29 13:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009.06.29 13:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009.03.13 14:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Stopped] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2009.02.01 18:39:14 | 000,018,560 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\bpprot.sys -- (BPPROT) Intel(R)
DRV - [2009.02.01 18:39:02 | 000,163,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bpenum.sys -- (bpenum) Intel(R)
DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.06.12 17:38:52 | 000,764,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2008.05.12 18:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008.04.29 16:09:56 | 000,108,032 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.03.25 15:22:50 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008.03.25 15:22:10 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008.03.25 15:22:06 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008.02.15 17:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.10.01 14:58:46 | 009,632,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.08.27 17:13:36 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007.08.27 17:13:32 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007.08.24 11:46:48 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A0101X32.sys -- (MTsensor)
DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.26 19:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007.07.24 11:09:04 | 000,013,880 | R--- | M] () [Kernel | Auto | Stopped] -- C:\Programme\Lenovo\ATK Hotkey\ASMMAP.sys -- (ASMMAP)
DRV - [2006.09.06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Programme\Symantec\SAV\savrt.sys -- (SAVRT)
DRV - [2006.09.06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Programme\Symantec\SAV\Savrtpel.sys -- (SAVRTPEL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.01.04 16:10:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.26 00:05:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.02.25 22:00:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.06 08:19:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2012.02.26 18:35:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2012.02.26 00:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.26 00:10:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.02.26 00:05:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.26 00:10:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.26 00:05:15 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.26 00:05:15 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.26 00:05:15 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.26 00:05:15 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.26 00:05:15 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.26 00:05:15 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EZEJTRAY] C:\Programme\ThinkPad\Utilities\EZEJTRAY.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [LCONTROL] C:\Programme\Lenovo\ATK Hotkey\LCONTROL.exe (ATK0101)
O4 - HKLM..\Run: [LFKA] C:\Programme\Lenovo\ATK Hotkey\LFKA.exe (Lenovo)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PSQLLauncher] C:\Programme\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vptray] C:\Programme\Symantec\SAV\VPTray.exe (Symantec Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [NeroHomeFirstStart] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258809439525 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68855B10-DA08-4658-92AE-29078D9186CB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C134D457-6D00-4E8F-A5E1-7EDCD7E5C723}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Programme\Lenovo\HOTKEY\tphklock.dll) - C:\Programme\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.21 11:12:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{E9D28A7F-49A0-41E8-95B7-4C699B1D3A6A} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.26 19:14:13 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
[2012.02.26 19:14:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
[2012.02.26 18:38:21 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2012.02.26 18:35:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2012.02.26 18:35:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2012.02.26 18:27:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2012.02.26 16:01:22 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.02.26 00:11:00 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.02.26 00:10:05 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2012.02.25 22:24:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.02.25 22:24:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.02.25 22:24:04 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.02.25 22:24:04 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.02.25 21:07:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.02.25 20:09:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\DoctorWeb
[2012.02.25 19:56:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache
[2012.02.25 19:56:26 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2012.02.25 19:56:26 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
[2012.02.25 19:56:26 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\Cookies
[2012.02.25 19:56:26 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
[2012.02.25 19:56:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Favoriten
[2012.02.25 19:56:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop
[2012.02.25 19:56:25 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\SendTo
[2012.02.25 19:56:25 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü
[2012.02.25 19:56:25 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart
[2012.02.25 19:56:25 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Vorlagen
[2012.02.25 19:56:25 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2012.02.25 19:56:25 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
[2012.02.25 19:56:25 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
[2012.02.25 19:56:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.26 19:13:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.26 18:14:55 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2012.02.26 16:06:40 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2012.02.26 15:53:58 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.02.25 22:43:00 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.25 22:41:25 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.25 21:10:00 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012.02.23 17:22:43 | 000,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.23 17:19:58 | 000,492,896 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.02.23 17:19:58 | 000,473,220 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.02.23 17:19:58 | 000,091,364 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.02.23 17:19:58 | 000,076,314 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.02.23 17:15:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.25 22:43:00 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.15 08:58:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.15 08:58:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011.12.16 14:25:46 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011.06.15 13:03:25 | 000,000,152 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~17096484r
[2011.06.15 13:03:25 | 000,000,128 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~17096484
[2011.06.15 13:03:11 | 000,000,344 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\17096484
[2011.01.05 19:09:05 | 000,000,574 | ---- | C] () -- C:\WINDOWS\hpomdl47.dat.temp
[2011.01.04 15:52:46 | 000,233,557 | ---- | C] () -- C:\WINDOWS\hpoins47.dat
[2011.01.04 15:52:46 | 000,000,574 | ---- | C] () -- C:\WINDOWS\hpomdl47.dat
[2010.12.25 12:04:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.09.26 13:39:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.06.20 16:02:02 | 000,467,416 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
 
========== LOP Check ==========
 
[2011.08.08 13:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon
[2011.08.08 13:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DesktopIcons
[2009.11.21 14:54:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2009.11.21 16:04:13 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2011.08.08 13:30:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb
[2012.02.26 15:53:58 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.26 18:27:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2012.02.26 19:14:35 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2012.02.26 18:35:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.11.21 14:40:19 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.11.21 14:40:19 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.11.21 14:40:19 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.11.21 14:40:19 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.02.28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2006.02.28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2006.02.28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2006.02.28 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006.02.28 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2006.02.28 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.02.28 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.11.21 18:55:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.11.21 18:55:56 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.11.21 18:55:56 | 000,454,656 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< End of report >

Jetzt bin ich aber mit meinem Latein am Ende und bitte hiermit um eine kleine Hilfestellung, wie ich denn nun weiter machen könnte?

Als Nachtrag noch die LogFiles von DDS und Gmer, sowie der Risikolog von Norton Antivirus. Das Log von Dr.Web CureIT habe ich leider nicht mehr.

Anhang 30349

cosinus 28.02.2012 13:41
Zitat:
Boot Mode: SafeMode with Networking
Funktioniert der normale Modus mittlerweile (nach MBAM/ESET)?

rudi_ruessel 28.02.2012 18:23
SafeMode with Networking geht.
Im Normalen Modus geht das nicht infizierte Konto "Install" welches Admin-Rechte besitzt.
Das infizierte Konto "User" (hat eingeschränkte Rechte) geht trotz MBAM und ESET immer noch nicht. Wenn der Rechner eine Verbindung zum Internet hat, erscheint bei diesem Konto, nach dem Anmelden der "Gesperrt..."-Bildschirm. Ohne Internetverbindung kommt der Bildschirm nicht. Es ist also immer noch irgend etwas drauf auf der Kiste. Meldet man sich ohne Internetverbindung an und geht erst Online wenn schon alle Programme geladen wurden, kommt der "Gesperrt"-Bildschirm nicht. Der Virus prüft also nur beim Starten die Onlineverbindung. Beim Abmelden will er immer auf die SkypePM.exe warten, keine Ahnung ob das was zu sagen hat. Weil ESET konnte ja auch die Skype.exe schon nicht entfernen.

Grüße

rudi_ruessel 28.02.2012 20:40
Das Log des TDDSKiller aus dem infizierten Konto heraus, ohne das der Rechner online war:

Code:
20:31:57.0765 4224        TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
20:31:57.0781 4224        ============================================================
20:31:57.0781 4224        Current date / time: 2012/02/28 20:31:57.0781
20:31:57.0781 4224        SystemInfo:
20:31:57.0781 4224       
20:31:57.0781 4224        OS Version: 5.1.2600 ServicePack: 3.0
20:31:57.0781 4224        Product type: Workstation
20:31:57.0781 4224        ComputerName: PC-MSH
20:31:57.0781 4224        UserName: Install
20:31:57.0781 4224        Windows directory: C:\WINDOWS
20:31:57.0781 4224        System windows directory: C:\WINDOWS
20:31:57.0781 4224        Processor architecture: Intel x86
20:31:57.0781 4224        Number of processors: 2
20:31:57.0781 4224        Page size: 0x1000
20:31:57.0781 4224        Boot type: Normal boot
20:31:57.0781 4224        ============================================================
20:31:59.0171 4224        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:31:59.0171 4224        Drive \Device\Harddisk1\DR3 - Size: 0xEE47FE00 (3.72 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:31:59.0171 4224        \Device\Harddisk0\DR0:
20:31:59.0171 4224        MBR used
20:31:59.0171 4224        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x50014A7
20:31:59.0171 4224        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x50014E6, BlocksNum 0x181C309B
20:31:59.0171 4224        \Device\Harddisk1\DR3:
20:31:59.0171 4224        MBR used
20:31:59.0171 4224        \Device\Harddisk1\DR3\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7723DF
20:31:59.0234 4224        Initialize success
20:31:59.0234 4224        ============================================================
20:32:08.0109 3852        ============================================================
20:32:08.0109 3852        Scan started
20:32:08.0109 3852        Mode: Manual; SigCheck; TDLFS;
20:32:08.0109 3852        ============================================================
20:32:09.0359 3852        282D0911F - ok
20:32:09.0390 3852        Abiosdsk - ok
20:32:09.0406 3852        abp480n5 - ok
20:32:09.0453 3852        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:32:12.0015 3852        ACPI - ok
20:32:12.0109 3852        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:32:12.0250 3852        ACPIEC - ok
20:32:12.0265 3852        adpu160m - ok
20:32:12.0296 3852        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:32:12.0421 3852        aec - ok
20:32:12.0453 3852        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:32:12.0500 3852        AFD - ok
20:32:12.0515 3852        Aha154x - ok
20:32:12.0515 3852        aic78u2 - ok
20:32:12.0531 3852        aic78xx - ok
20:32:12.0546 3852        AliIde - ok
20:32:12.0562 3852        amsint - ok
20:32:12.0593 3852        ANC            (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
20:32:12.0625 3852        ANC ( UnsignedFile.Multi.Generic ) - warning
20:32:12.0625 3852        ANC - detected UnsignedFile.Multi.Generic (1)
20:32:12.0656 3852        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:32:12.0750 3852        Arp1394 - ok
20:32:12.0750 3852        asc - ok
20:32:12.0765 3852        asc3350p - ok
20:32:12.0781 3852        asc3550 - ok
20:32:12.0843 3852        ASMMAP          (7b4d08d2017ac06689d422e06c43f0aa) C:\Programme\Lenovo\ATK Hotkey\ASMMAP.sys
20:32:12.0906 3852        ASMMAP - ok
20:32:12.0953 3852        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:32:13.0046 3852        AsyncMac - ok
20:32:13.0078 3852        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:32:13.0187 3852        atapi - ok
20:32:13.0203 3852        Atdisk - ok
20:32:13.0218 3852        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:32:13.0328 3852        Atmarpc - ok
20:32:13.0359 3852        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:32:13.0468 3852        audstub - ok
20:32:13.0484 3852        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:32:13.0609 3852        Beep - ok
20:32:13.0640 3852        bpenum          (1be8dcc07a80ca0c54c8850dd414d044) C:\WINDOWS\system32\DRIVERS\bpenum.sys
20:32:13.0703 3852        bpenum - ok
20:32:13.0734 3852        BPPROT          (62465681561e9a8b8ea4ea204c9eec73) C:\WINDOWS\system32\DRIVERS\bpprot.sys
20:32:13.0781 3852        BPPROT - ok
20:32:13.0843 3852        BTKRNL          (9f704f40cd50ae05bbfc492c0342e765) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
20:32:13.0921 3852        BTKRNL - ok
20:32:13.0953 3852        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:32:14.0062 3852        cbidf2k - ok
20:32:14.0093 3852        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:32:14.0203 3852        CCDECODE - ok
20:32:14.0218 3852        cd20xrnt - ok
20:32:14.0250 3852        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:32:14.0359 3852        Cdaudio - ok
20:32:14.0375 3852        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:32:14.0468 3852        Cdfs - ok
20:32:14.0484 3852        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:32:14.0578 3852        Cdrom - ok
20:32:14.0593 3852        Changer - ok
20:32:14.0609 3852        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:32:14.0718 3852        CmBatt - ok
20:32:14.0718 3852        CmdIde - ok
20:32:14.0781 3852        CnxtHdAudService (74d5c90052e936622e077d94121ec2c9) C:\WINDOWS\system32\drivers\CHDAU32.sys
20:32:14.0843 3852        CnxtHdAudService - ok
20:32:14.0875 3852        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:32:14.0968 3852        Compbatt - ok
20:32:14.0984 3852        Cpqarray - ok
20:32:14.0984 3852        dac2w2k - ok
20:32:15.0000 3852        dac960nt - ok
20:32:15.0015 3852        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:32:15.0125 3852        Disk - ok
20:32:15.0171 3852        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
20:32:15.0359 3852        dmboot - ok
20:32:15.0390 3852        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
20:32:15.0546 3852        dmio - ok
20:32:15.0578 3852        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:32:15.0687 3852        dmload - ok
20:32:15.0718 3852        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:32:15.0812 3852        DMusic - ok
20:32:15.0828 3852        dpti2o - ok
20:32:15.0843 3852        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:32:15.0937 3852        drmkaud - ok
20:32:16.0078 3852        eeCtrl          (579a6b6135d32b857faf0e3a974535d8) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
20:32:16.0109 3852        eeCtrl - ok
20:32:16.0125 3852        EraserUtilDrv11113 - ok
20:32:16.0156 3852        EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:32:16.0171 3852        EraserUtilRebootDrv - ok
20:32:16.0203 3852        esihdrv - ok
20:32:16.0312 3852        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:32:16.0453 3852        Fastfat - ok
20:32:16.0484 3852        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:32:16.0578 3852        Fdc - ok
20:32:16.0593 3852        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
20:32:16.0718 3852        Fips - ok
20:32:16.0750 3852        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:32:16.0843 3852        Flpydisk - ok
20:32:16.0875 3852        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:32:16.0968 3852        FltMgr - ok
20:32:17.0015 3852        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:32:17.0125 3852        Fs_Rec - ok
20:32:17.0140 3852        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:32:17.0250 3852        Ftdisk - ok
20:32:17.0265 3852        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:32:17.0359 3852        Gpc - ok
20:32:17.0375 3852        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:32:17.0484 3852        HDAudBus - ok
20:32:17.0500 3852        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:32:17.0609 3852        HidUsb - ok
20:32:17.0625 3852        hpn - ok
20:32:17.0656 3852        HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:32:17.0906 3852        HPZid412 - ok
20:32:18.0000 3852        HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:32:18.0062 3852        HPZipr12 - ok
20:32:18.0109 3852        HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:32:18.0156 3852        HPZius12 - ok
20:32:18.0187 3852        HSFHWAZL        (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:32:18.0234 3852        HSFHWAZL - ok
20:32:18.0281 3852        HSF_DPV        (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:32:18.0406 3852        HSF_DPV - ok
20:32:18.0453 3852        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:32:18.0515 3852        HTTP - ok
20:32:18.0531 3852        i2omgmt - ok
20:32:18.0531 3852        i2omp - ok
20:32:18.0562 3852        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:32:18.0671 3852        i8042prt - ok
20:32:18.0828 3852        ialm            (f592a1b020723cfbd3d2722514066449) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:32:19.0140 3852        ialm - ok
20:32:19.0171 3852        IBMPMDRV        (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
20:32:19.0203 3852        IBMPMDRV - ok
20:32:19.0218 3852        IBMTPCHK        (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
20:32:19.0250 3852        IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
20:32:19.0250 3852        IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
20:32:19.0296 3852        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:32:19.0421 3852        Imapi - ok
20:32:19.0437 3852        ini910u - ok
20:32:19.0468 3852        IntcHdmiAddService (331244286fa249f2456e6d78fda4a93e) C:\WINDOWS\system32\drivers\IntcHdmi.sys
20:32:19.0515 3852        IntcHdmiAddService - ok
20:32:19.0515 3852        IntelIde - ok
20:32:19.0562 3852        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:32:19.0671 3852        intelppm - ok
20:32:19.0687 3852        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:32:19.0796 3852        Ip6Fw - ok
20:32:19.0843 3852        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:32:19.0937 3852        IpFilterDriver - ok
20:32:19.0968 3852        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:32:20.0062 3852        IpInIp - ok
20:32:20.0093 3852        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:32:20.0203 3852        IpNat - ok
20:32:20.0218 3852        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:32:20.0328 3852        IPSec - ok
20:32:20.0343 3852        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:32:20.0437 3852        IRENUM - ok
20:32:20.0468 3852        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:32:20.0562 3852        isapnp - ok
20:32:20.0593 3852        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:32:20.0687 3852        Kbdclass - ok
20:32:20.0734 3852        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:32:20.0843 3852        kmixer - ok
20:32:20.0859 3852        KMWDFILTER      (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
20:32:20.0921 3852        KMWDFILTER - ok
20:32:20.0953 3852        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:32:21.0046 3852        KSecDD - ok
20:32:21.0046 3852        lbrtfdc - ok
20:32:21.0093 3852        lenovo.smi      (3c3f7f424e324c6971632c5de5ff458f) C:\WINDOWS\system32\DRIVERS\smiif32.sys
20:32:21.0109 3852        lenovo.smi - ok
20:32:21.0140 3852        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
20:32:21.0156 3852        MBAMProtector - ok
20:32:21.0203 3852        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:32:21.0234 3852        mdmxsdk - ok
20:32:21.0265 3852        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:32:21.0375 3852        mnmdd - ok
20:32:21.0406 3852        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
20:32:21.0531 3852        Modem - ok
20:32:21.0546 3852        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:32:21.0656 3852        Mouclass - ok
20:32:21.0656 3852        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:32:21.0750 3852        mouhid - ok
20:32:21.0781 3852        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:32:21.0875 3852        MountMgr - ok
20:32:21.0890 3852        mraid35x - ok
20:32:21.0906 3852        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:32:22.0015 3852        MRxDAV - ok
20:32:22.0062 3852        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:32:22.0156 3852        MRxSmb - ok
20:32:22.0203 3852        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:32:22.0312 3852        Msfs - ok
20:32:22.0328 3852        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:32:22.0453 3852        MSKSSRV - ok
20:32:22.0468 3852        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:32:22.0562 3852        MSPCLOCK - ok
20:32:22.0562 3852        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:32:22.0671 3852        MSPQM - ok
20:32:22.0703 3852        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:32:22.0796 3852        mssmbios - ok
20:32:22.0828 3852        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:32:22.0937 3852        MSTEE - ok
20:32:22.0968 3852        MTsensor        (1c0f480b7c6136ddb5fb909995af014a) C:\WINDOWS\system32\DRIVERS\A0101X32.sys
20:32:23.0031 3852        MTsensor - ok
20:32:23.0062 3852        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:32:23.0093 3852        Mup - ok
20:32:23.0109 3852        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:32:23.0203 3852        NABTSFEC - ok
20:32:23.0296 3852        NAVENG          (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20120224.002\naveng.sys
20:32:23.0312 3852        NAVENG - ok
20:32:23.0359 3852        NAVEX15        (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20120224.002\navex15.sys
20:32:23.0421 3852        NAVEX15 - ok
20:32:23.0468 3852        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:32:23.0578 3852        NDIS - ok
20:32:23.0593 3852        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:32:23.0718 3852        NdisIP - ok
20:32:23.0750 3852        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:32:23.0812 3852        NdisTapi - ok
20:32:23.0828 3852        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:32:23.0953 3852        Ndisuio - ok
20:32:23.0968 3852        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:32:24.0125 3852        NdisWan - ok
20:32:24.0140 3852        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:32:24.0218 3852        NDProxy - ok
20:32:24.0234 3852        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:32:24.0343 3852        NetBIOS - ok
20:32:24.0375 3852        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:32:24.0484 3852        NetBT - ok
20:32:24.0656 3852        NETw5x32        (580207a7c9bde8ba65401f51f9ba9741) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
20:32:26.0015 3852        NETw5x32 - ok
20:32:26.0500 3852        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:32:26.0609 3852        NIC1394 - ok
20:32:27.0093 3852        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:32:27.0218 3852        Npfs - ok
20:32:27.0328 3852        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:32:27.0468 3852        Ntfs - ok
20:32:27.0500 3852        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:32:27.0609 3852        Null - ok
20:32:27.0640 3852        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:32:27.0734 3852        NwlnkFlt - ok
20:32:27.0765 3852        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:32:27.0875 3852        NwlnkFwd - ok
20:32:27.0906 3852        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:32:28.0015 3852        ohci1394 - ok
20:32:28.0046 3852        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
20:32:28.0156 3852        Parport - ok
20:32:28.0187 3852        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:32:28.0296 3852        PartMgr - ok
20:32:28.0312 3852        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
20:32:28.0437 3852        ParVdm - ok
20:32:28.0453 3852        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
20:32:28.0546 3852        PCI - ok
20:32:28.0562 3852        PCIDump - ok
20:32:28.0593 3852        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:32:28.0687 3852        PCIIde - ok
20:32:28.0703 3852        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:32:28.0812 3852        Pcmcia - ok
20:32:28.0812 3852        PDCOMP - ok
20:32:28.0828 3852        PDFRAME - ok
20:32:28.0843 3852        PDRELI - ok
20:32:28.0843 3852        PDRFRAME - ok
20:32:28.0859 3852        perc2 - ok
20:32:28.0875 3852        perc2hib - ok
20:32:28.0906 3852        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:32:29.0015 3852        PptpMiniport - ok
20:32:29.0062 3852        psadd          (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
20:32:29.0078 3852        psadd - ok
20:32:29.0078 3852        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:32:29.0171 3852        PSched - ok
20:32:29.0218 3852        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:32:29.0328 3852        Ptilink - ok
20:32:29.0343 3852        ql1080 - ok
20:32:29.0343 3852        Ql10wnt - ok
20:32:29.0359 3852        ql12160 - ok
20:32:29.0375 3852        ql1240 - ok
20:32:29.0375 3852        ql1280 - ok
20:32:29.0390 3852        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:32:29.0484 3852        RasAcd - ok
20:32:29.0500 3852        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:32:29.0609 3852        Rasl2tp - ok
20:32:29.0625 3852        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:32:29.0718 3852        RasPppoe - ok
20:32:29.0718 3852        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:32:29.0828 3852        Raspti - ok
20:32:29.0843 3852        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:32:29.0937 3852        Rdbss - ok
20:32:29.0953 3852        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:32:30.0046 3852        RDPCDD - ok
20:32:30.0093 3852        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:32:30.0156 3852        RDPWD - ok
20:32:30.0171 3852        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:32:30.0265 3852        redbook - ok
20:32:30.0312 3852        rimmptsk        (a5b12a4b3b774432db9b9fa221190e59) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
20:32:30.0359 3852        rimmptsk - ok
20:32:30.0375 3852        rimsptsk        (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
20:32:30.0406 3852        rimsptsk - ok
20:32:30.0421 3852        rismxdp        (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
20:32:30.0453 3852        rismxdp - ok
20:32:30.0500 3852        RTLE8023xp      (6fc7ddf3b8d94fba7ac664452d6478d4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
20:32:30.0562 3852        RTLE8023xp - ok
20:32:30.0593 3852        s24trans        (e7958e8acda7ca20127ef5f2235f25cc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:32:30.0656 3852        s24trans - ok
20:32:30.0734 3852        SAVRT          (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Programme\Symantec\SAV\savrt.sys
20:32:30.0765 3852        SAVRT - ok
20:32:30.0796 3852        SAVRTPEL        (97e5b6f3f95465e1f59360b59d8ec64e) C:\Programme\Symantec\SAV\Savrtpel.sys
20:32:30.0812 3852        SAVRTPEL - ok
20:32:30.0859 3852        sdbus          (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:32:30.0953 3852        sdbus - ok
20:32:30.0984 3852        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:32:31.0093 3852        Secdrv - ok
20:32:31.0125 3852        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
20:32:31.0218 3852        Serial - ok
20:32:31.0265 3852        sffdisk        (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
20:32:31.0359 3852        sffdisk - ok
20:32:31.0375 3852        sffp_sd        (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
20:32:31.0484 3852        sffp_sd - ok
20:32:31.0500 3852        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:32:31.0609 3852        Sfloppy - ok
20:32:31.0656 3852        Shockprf        (fc0127343bd1ce1986ba12f8937f1057) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
20:32:31.0671 3852        Shockprf - ok
20:32:31.0671 3852        Simbad - ok
20:32:31.0687 3852        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:32:31.0781 3852        SLIP - ok
20:32:31.0812 3852        smihlp          (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys
20:32:31.0828 3852        smihlp - ok
20:32:32.0078 3852        SNP2UVC        (5a440e4d29ff4eadd05a0331a27d7ff2) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
20:32:32.0609 3852        SNP2UVC - ok
20:32:32.0625 3852        Sparrow - ok
20:32:32.0718 3852        SPBBCDrv        (60053e9c1fc4f6887c296c19cb825244) C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
20:32:32.0765 3852        SPBBCDrv - ok
20:32:32.0796 3852        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:32:33.0000 3852        splitter - ok
20:32:33.0031 3852        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
20:32:33.0109 3852        sr - ok
20:32:33.0156 3852        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:32:33.0250 3852        Srv - ok
20:32:33.0296 3852        StillCam        (a2dbcc4c8860449df1ab758ea28b4de0) C:\WINDOWS\system32\DRIVERS\serscan.sys
20:32:33.0406 3852        StillCam - ok
20:32:33.0437 3852        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:32:33.0546 3852        streamip - ok
20:32:33.0578 3852        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:32:33.0703 3852        swenum - ok
20:32:33.0718 3852        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:32:33.0843 3852        swmidi - ok
20:32:33.0859 3852        symc810 - ok
20:32:33.0875 3852        symc8xx - ok
20:32:33.0921 3852        SymEvent        (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
20:32:33.0953 3852        SymEvent - ok
20:32:33.0984 3852        SYMREDRV        (e919f0922248a826964428f479a3dc24) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
20:32:34.0000 3852        SYMREDRV - ok
20:32:34.0015 3852        SYMTDI          (c177d5a655af572c456ec977582b9bc0) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
20:32:34.0031 3852        SYMTDI - ok
20:32:34.0046 3852        sym_hi - ok
20:32:34.0062 3852        sym_u3 - ok
20:32:34.0093 3852        SynTP          (d7dc30b8b41e7a913c3fccc0631e72ec) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:32:34.0125 3852        SynTP - ok
20:32:34.0156 3852        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:32:34.0265 3852        sysaudio - ok
20:32:34.0296 3852        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:32:34.0406 3852        Tcpip - ok
20:32:34.0453 3852        TcUsb          (64abea4001f8eb869385e65d85bc302b) C:\WINDOWS\system32\Drivers\tcusb.sys
20:32:34.0468 3852        TcUsb - ok
20:32:34.0515 3852        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:32:34.0640 3852        TDPIPE - ok
20:32:34.0671 3852        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:32:34.0843 3852        TDTCP - ok
20:32:34.0859 3852        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:32:35.0046 3852        TermDD - ok
20:32:35.0078 3852        TosIde - ok
20:32:35.0109 3852        TPDIGIMN        (521866a3ce5a1a69b4b4a87bdb52be26) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
20:32:35.0125 3852        TPDIGIMN - ok
20:32:35.0156 3852        TPHKDRV        (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
20:32:35.0203 3852        TPHKDRV - ok
20:32:35.0218 3852        TPPWRIF        (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
20:32:35.0234 3852        TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
20:32:35.0234 3852        TPPWRIF - detected UnsignedFile.Multi.Generic (1)
20:32:35.0265 3852        TSMAPIP        (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
20:32:35.0296 3852        TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
20:32:35.0296 3852        TSMAPIP - detected UnsignedFile.Multi.Generic (1)
20:32:35.0328 3852        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:32:35.0421 3852        Udfs - ok
20:32:35.0437 3852        ultra - ok
20:32:35.0484 3852        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:32:35.0593 3852        Update - ok
20:32:35.0625 3852        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:32:35.0734 3852        usbccgp - ok
20:32:35.0765 3852        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:32:35.0859 3852        usbehci - ok
20:32:35.0906 3852        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:32:36.0000 3852        usbhub - ok
20:32:36.0031 3852        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:32:36.0125 3852        usbprint - ok
20:32:36.0171 3852        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:32:36.0281 3852        usbscan - ok
20:32:36.0312 3852        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:32:36.0421 3852        USBSTOR - ok
20:32:36.0453 3852        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:32:36.0531 3852        usbuhci - ok
20:32:36.0578 3852        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:32:36.0671 3852        usbvideo - ok
20:32:36.0703 3852        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:32:36.0812 3852        VgaSave - ok
20:32:36.0812 3852        ViaIde - ok
20:32:36.0859 3852        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
20:32:36.0953 3852        VolSnap - ok
20:32:36.0984 3852        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:32:37.0078 3852        Wanarp - ok
20:32:37.0125 3852        Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:32:37.0156 3852        Wdf01000 - ok
20:32:37.0171 3852        WDICA - ok
20:32:37.0218 3852        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:32:37.0312 3852        wdmaud - ok
20:32:37.0375 3852        winachsf        (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:32:37.0453 3852        winachsf - ok
20:32:37.0515 3852        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:32:37.0609 3852        WSTCODEC - ok
20:32:37.0656 3852        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:32:37.0703 3852        WudfPf - ok
20:32:37.0718 3852        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:32:37.0750 3852        WudfRd - ok
20:32:37.0781 3852        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
20:32:38.0078 3852        \Device\Harddisk0\DR0 - ok
20:32:38.0093 3852        MBR (0x1B8)    (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR3
20:32:41.0203 3852        \Device\Harddisk1\DR3 - ok
20:32:41.0203 3852        Boot (0x1200)  (2ecedd3006911d8e2d97a2b8ade08b90) \Device\Harddisk0\DR0\Partition0
20:32:41.0203 3852        \Device\Harddisk0\DR0\Partition0 - ok
20:32:41.0250 3852        Boot (0x1200)  (32da913e2f2823f2e648bad1c5c175b7) \Device\Harddisk0\DR0\Partition1
20:32:41.0250 3852        \Device\Harddisk0\DR0\Partition1 - ok
20:32:41.0250 3852        Boot (0x1200)  (2a7f7f3ab16d00011196441a6e383663) \Device\Harddisk1\DR3\Partition0
20:32:41.0250 3852        \Device\Harddisk1\DR3\Partition0 - ok
20:32:41.0250 3852        ============================================================
20:32:41.0250 3852        Scan finished
20:32:41.0250 3852        ============================================================
20:32:41.0359 4312        Detected object count: 4
20:32:41.0359 4312        Actual detected object count: 4
20:33:13.0828 4312        ANC ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:13.0828 4312        ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:33:13.0828 4312        IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:13.0828 4312        IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:33:13.0828 4312        TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:13.0828 4312        TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:33:13.0828 4312        TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:13.0828 4312        TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 28.02.2012 22:33
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

rudi_ruessel 28.02.2012 23:07
Hm, ComboFix ist durchgelaufen, hat sogar mal was gefunden und es dann auch noch entfernt. Bis hier hin mal "Daumen hoch". Dann hat es sich neugestaret, also den Rechner und nun hüpft die DOS-Box ständig über den Bildschirm und scheint in einer Schleife zu hängen...also die Geschichte sieht irgendwie endlos aus...als ob es ständig neue Fenster aufmacht. Soll das so sein?

cosinus 28.02.2012 23:36
Ist das immer noch? :wtf:

rudi_ruessel 28.02.2012 23:41
Diese ständig springenden Fenster lagen an den fehlenden Zugriffsrechten. Man kann zwar ComboFix in einem eingeschränkten Benutzerkonto mit "Ausführen als..." starten, jedoch wenn man sich mit dem eingeschränkten Konto nach dem Neustart des ComboFix wieder anmeldet, kommt das Programm damit nicht zurecht. Meldet man sich mit einem Konto mit Admin-Rechten an, funktioniert alles wie es soll und das Log wird erstellt. So zumindest bei mir unter Win XP SP3......zur Info halt.

Das ComboFix-Log:
Code:
ComboFix 12-02-27.02 - Install 28.02.2012  22:49:31.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2013.893 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\User\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\User\4.0
c:\dokumente und einstellungen\User\Anwendungsdaten\Adobe\plugs
c:\dokumente und einstellungen\User\Anwendungsdaten\Adobe\shed
c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Skype
c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Skype\{D103C4BA-F905-437A-8049-DB24763BBE36}\Skype.msi
c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-28 bis 2012-02-28  ))))))))))))))))))))))))))))))
.
.
2012-02-26 20:58 . 2012-02-26 20:58        --------        d-----w-        c:\programme\7-Zip
2012-02-26 15:01 . 2012-02-26 15:01        --------        d-----w-        c:\programme\ESET
2012-02-25 23:11 . 2012-02-25 23:11        --------        d-----w-        c:\programme\Gemeinsame Dateien\Java
2012-02-25 23:10 . 2012-02-25 23:10        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 23:10 . 2012-02-25 23:10        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2012-02-25 23:10 . 2012-02-25 23:10        --------        d-----w-        c:\programme\Java
2012-02-25 23:05 . 2012-02-25 23:05        626688        ----a-w-        c:\programme\Mozilla Firefox\msvcr80.dll
2012-02-25 23:05 . 2012-02-25 23:05        548864        ----a-w-        c:\programme\Mozilla Firefox\msvcp80.dll
2012-02-25 23:05 . 2012-02-25 23:05        479232        ----a-w-        c:\programme\Mozilla Firefox\msvcm80.dll
2012-02-25 23:05 . 2012-02-25 23:05        45016        ----a-w-        c:\programme\Mozilla Firefox\mozutils.dll
2012-02-25 22:21 . 2012-02-25 22:21        --------        d-----w-        c:\dokumente und einstellungen\User\Anwendungsdaten\Malwarebytes
2012-02-25 21:24 . 2012-02-25 21:24        --------        d-----w-        c:\dokumente und einstellungen\Install\Anwendungsdaten\Malwarebytes
2012-02-25 21:24 . 2012-02-25 21:24        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-02-25 21:24 . 2012-02-25 21:44        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-02-25 21:24 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-25 20:55 . 2012-02-25 20:55        --------        d-----w-        c:\dokumente und einstellungen\User\Anwendungsdaten\Avaya
2012-02-25 20:16 . 2012-02-25 20:16        --------        d-----w-        c:\dokumente und einstellungen\User\DoctorWeb
2012-02-25 18:56 . 2012-02-26 20:01        --------        d-----w-        c:\dokumente und einstellungen\Administrator
2012-02-15 07:58 . 2012-01-11 19:06        3072        -c----w-        c:\windows\system32\dllcache\iacenc.dll
2012-02-15 07:58 . 2012-01-11 19:06        3072        ------w-        c:\windows\system32\iacenc.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 23:10 . 2010-08-05 09:30        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-02-25 20:53 . 2011-12-01 15:56        1324        ----a-w-        c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\d3d9caps.tmp
2012-01-12 17:20 . 2006-02-28 12:00        1860096        ----a-w-        c:\windows\system32\win32k.sys
2011-12-17 19:43 . 2006-02-28 12:00        916992        ----a-w-        c:\windows\system32\wininet.dll
2011-12-17 19:43 . 2006-02-28 12:00        43520        ------w-        c:\windows\system32\licmgr10.dll
2011-12-17 19:43 . 2006-02-28 12:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2006-02-28 12:00        385024        ------w-        c:\windows\system32\html.iec
2012-02-25 23:05 . 2011-08-12 12:57        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-05-11 15:38        154216        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}]
2011-07-07 17:25        1588840        ----a-w-        c:\programme\WEB.DE Toolbar\IE\uitb.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C424171E-592A-415a-9EB1-DFD6D95D3530}"= "c:\programme\WEB.DE Toolbar\IE\uitb.dll" [2011-07-07 1588840]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
[HKEY_CLASSES_ROOT\uitb.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]
[HKEY_CLASSES_ROOT\uitb.Toolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C424171E-592A-415A-9EB1-DFD6D95D3530}"= "c:\programme\WEB.DE Toolbar\IE\uitb.dll" [2011-07-07 1588840]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
[HKEY_CLASSES_ROOT\uitb.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]
[HKEY_CLASSES_ROOT\uitb.Toolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"1und1Dispatcher"="c:\programme\1und1Softwareaktualisierung\SchedDispatcher.exe" [2011-06-08 223600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2008-06-13 3073336]
"ccApp"="c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-04 141848]
"LCONTROL"="c:\programme\Lenovo\ATK Hotkey\LCONTROL.exe" [2008-03-19 77824]
"LFKA"="c:\programme\Lenovo\ATK Hotkey\LFKA.exe" [2008-04-15 315392]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-07-11 569344]
"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"TpShocks"="TpShocks.exe" [2009-07-08 337184]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-10-23 421888]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2010-04-22 128296]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"EZEJTRAY"="c:\progra~1\ThinkPad\UTILIT~1\EZEJTRAY.EXE" [2008-10-08 227904]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-03 62240]
"PSQLLauncher"="c:\programme\ThinkVantage Fingerprint Software\launcher.exe" [2009-05-21 55048]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"ArcSoft Connection Service"="c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"HP Software Update"="c:\programme\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\User\Startmenü\Programme\Autostart\
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-8 607584]
HP Digital Imaging Monitor.lnk - c:\programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Kodak EasyShare Software.lnk - c:\programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-05-21 15:54        100104        ----a-w-        c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2009-05-21 19:48        34080        ----a-w-        c:\programme\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Intel\\WiMAX\\Bin\\AppSrv.exe"=
"c:\\Programme\\Intel\\WiMAX\\Bin\\DMAgent.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Programme\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Spiele\\Age of Empires\\Empires.exe"=
"d:\\Spiele\\Age of Empires\\EMPIRESX.EXE"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programme\\Hewlett-Packard\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Programme\\Hewlett-Packard\\Digital Imaging\\{59C83C08-63F4-4AEC-81D6-392C5E23B843}\\setup\\hpznui01.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [29.06.2009 13:51 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [12.05.2008 18:04 13480]
R2 BPPROT;Intel(R) WiMAX Link Protocol Driver;c:\windows\system32\drivers\bpprot.sys [01.02.2009 18:39 18560]
R2 DMAgent;Intel(R) PROSet/Wireless WiMAX Red Bend Device Management Service;c:\programme\Intel\WiMAX\Bin\DMAgent.exe [05.02.2009 14:36 348160]
R2 LFKAS;Service of LFKA;c:\programme\Lenovo\ATK Hotkey\LFKAS.exe [21.11.2009 15:50 208896]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [25.02.2012 22:24 652360]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [21.11.2009 15:54 53248]
R2 smihlp;SMI Helper Driver (smihlp);c:\programme\ThinkVantage Fingerprint Software\smihlp.sys [13.03.2009 14:47 12560]
R2 WiMAXAppSrv;Intel(R) PROSet/Wireless WiMAX Service;c:\programme\Intel\WiMAX\Bin\AppSrv.exe [05.02.2009 14:36 2379776]
R3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\drivers\bpenum.sys [01.02.2009 18:39 163840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25.02.2012 08:08 106104]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [21.11.2009 15:47 108032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25.02.2012 22:24 20464]
S0 282D0911F;282D0911F;c:\windows\system32\drivers\282D0911F.sys --> c:\windows\system32\drivers\282D0911F.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S3 BBSvc;Bing Bar Update Service;c:\programme\Microsoft\BingBar\BBSvc.EXE [28.02.2011 17:44 183560]
S3 EraserUtilDrv11113;EraserUtilDrv11113;\??\c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv11113.sys --> c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [?]
S3 esihdrv;esihdrv;\??\c:\temp\esihdrv.sys --> c:\temp\esihdrv.sys [?]
S3 PORTMON;PORTMON;\??\e:\tools\Sysiternals\PORTMSYS.SYS --> e:\tools\Sysiternals\PORTMSYS.SYS [?]
S3 SavRoam;SAVRoam;c:\programme\Symantec\SAV\SavRoam.exe [29.11.2007 17:12 120616]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28.02.2006 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM        REG_MULTI_SZ          WINRM
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
HPService        REG_MULTI_SZ          HPSLPSVC
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-28 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-11-21 00:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://go.web.de/br/ie8_startpage
uInternet Settings,ProxyOverride = <local>
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\programme\WEB.DE Toolbar\IE\uitb.dll
FF - ProfilePath - c:\dokumente und einstellungen\Install\Anwendungsdaten\Mozilla\Firefox\Profiles\zl7dyfbw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-ACNotify - ACNotify.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-28 23:22
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\vrlogon.dll
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\qlbase.dll
c:\programme\ThinkVantage Fingerprint Software\ps2css.dll
c:\programme\Lenovo\HOTKEY\tphklock.dll
.
- - - - - - - > 'lsass.exe'(1068)
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'explorer.exe'(824)
c:\programme\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\programme\Lenovo\Client Security Solution\tvtpwm_interface.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programme\Intel\WiFi\bin\S24EvMon.exe
c:\programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
c:\programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
c:\programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\programme\Lenovo\ATK Hotkey\GFNEXSrv.exe
c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\Symantec\SAV\DefWatch.exe
c:\programme\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\IoctlSvc.exe
c:\programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
c:\programme\Microsoft\BingBar\SeaPort.EXE
c:\programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\igfxsrvc.exe
c:\programme\Lenovo\HOTKEY\TPONSCR.exe
c:\programme\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\programme\Lenovo\Client Security Solution\password_manager.exe
c:\programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
c:\programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
c:\programme\OpenOffice\OpenOffice.org 3\program\soffice.exe
c:\programme\OpenOffice\OpenOffice.org 3\program\soffice.bin
c:\programme\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\programme\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\programme\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-28  23:32:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-28 22:32
.
Vor Suchlauf: 7 Verzeichnis(se), 17.585.197.056 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 18.503.979.008 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 99FA34C5F4C17447C3164CD18E5C2EA0

rudi_ruessel 29.02.2012 01:27
Nachdem es schon recht gut aussieht, nun noch folgende Logs zur Review:

Gmer:

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-29 00:50:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500BEVS-08VAT2 rev.14.01A14
Running: iwg67czb.exe; Driver: C:\Temp\kftdapoc.sys


---- System - GMER 1.0.15 ----

SSDT            89BEF248                                                                                    ZwConnectPort
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)  ZwDeleteValueKey [0xA86C7350]
SSDT            89AB48F8                                                                                    ZwQueryValueKey
SSDT            89C4B370                                                                                    ZwResumeThread
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)  ZwSetValueKey [0xA86C7580]

---- User code sections - GMER 1.0.15 ----

.text          C:\Programme\Mozilla Firefox\firefox.exe[5884] ntdll.dll!LdrLoadDll                        7C92632D 5 Bytes  JMP 01215B60 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Programme\Mozilla Firefox\firefox.exe[5884] USER32.dll!GetWindowInfo                    7E37C49C 5 Bytes  JMP 0139802D C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                      SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                    SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                    Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                    Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                  SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                  SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                    fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Osam:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:57:08 on 29.02.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 10.0.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"PMTask.job" - ? - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PWMCPl.cpl" - "Lenovo Group Limited" - C:\WINDOWS\system32\PWMCPl.cpl
"TpShCPL.cpl" - "Lenovo." - C:\WINDOWS\system32\TpShCPL.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\infopnl.cpl
"SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP2.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"282D0911F" (282D0911F) - ? - C:\WINDOWS\System32\drivers\282D0911F.sys  (File not found)
"ANC" (ANC) - "IBM Corp." - C:\WINDOWS\System32\drivers\ANC.SYS
"APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\ApsHM86.sys
"ASMMAP" (ASMMAP) - ? - C:\Programme\Lenovo\ATK Hotkey\ASMMAP.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EraserUtilDrv11113" (EraserUtilDrv11113) - ? - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv11113.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"esihdrv" (esihdrv) - ? - C:\Temp\esihdrv.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"IBMTPCHK" (IBMTPCHK) - ? - C:\WINDOWS\system32\Drivers\IBMBLDID.sys  (File found, but it contains no detailed information)
"kftdapoc" (kftdapoc) - ? - C:\Temp\kftdapoc.sys  (Hidden registry entry, rootkit activity | File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20120224.002\naveng.sys
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20120224.002\navex15.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PORTMON" (PORTMON) - ? - E:\Tools\Sysiternals\PORTMSYS.SYS  (File not found)
"SAVRT" (SAVRT) - "Symantec Corporation" - C:\Programme\Symantec\SAV\savrt.sys
"SAVRTPEL" (SAVRTPEL) - "Symantec Corporation" - C:\Programme\Symantec\SAV\Savrtpel.sys
"Shockprf" (Shockprf) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\Apsx86.sys
"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
"SYMREDRV" (SYMREDRV) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
"SYMTDI" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMTDI.SYS
"TPPWRIF" (TPPWRIF) - ? - C:\WINDOWS\System32\drivers\Tppwrif.sys  (File found, but it contains no detailed information)
"TSMAPIP" (TSMAPIP) - ? - C:\WINDOWS\System32\drivers\TSMAPIP.SYS  (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{8FAF0273-9CA8-4efc-9536-1E35E254D5CD} "WEB.DE NewTab Protocol" - "1und1 Mail und Media GmbH" - C:\Programme\WEB.DE Toolbar\IE\uitb.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\BTNEIG~1.DLL
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{28465D9A-DE2F-4627-B520-29968CC3C372} "FaJo XP File Security Extension" - "FaJo" - C:\Programme\FaJo\XP File Security Extension\FJXPFileSecExt.dll
{B28C18DB-6816-4F31-9630-397683E3C2C3} "Filzip Shell Extension" - ? - C:\Programme\Filzip\fzshext.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\WINDOWS\system32\btncopy.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDA77241-42F6-11d0-85E2-00AA001FE28C} "VpshellEx Class" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "WEB.DE Toolbar" - "1und1 Mail und Media GmbH" - C:\Programme\WEB.DE Toolbar\IE\uitb.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://go.microsoft.com/fwlink/?linkid=39204
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} "ClsidExtension" - "Lenovo Group Limited" - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Programme\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Programme\Microsoft\BingBar\BingExt.dll
<binary data> "WEB.DE Toolbar" - "1und1 Mail und Media GmbH" - C:\Programme\WEB.DE Toolbar\IE\uitb.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Programme\Microsoft\BingBar\BingExt.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Programme\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} "IePasswordManagerHelper Class" - "Lenovo Group Limited" - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{17166733-40EA-4432-A85C-AE672FF0E236} "WEB.DE Konfiguration" - "1&1 Mail & Media GmbH" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll
{BF42D4A8-016E-4fcd-B1EB-837659FD77C6} "WEB.DE Toolbar BHO" - "1und1 Mail und Media GmbH" - C:\Programme\WEB.DE Toolbar\IE\uitb.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"Kodak EasyShare Software.lnk" - "Eastman Kodak Company" - C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe  (Shortcut exists | File exists)
"OpenOffice.org 3.2.lnk" - ? - C:\Programme\OpenOffice\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Programme\OpenOffice\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized
"SkypeM" - ? - C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"ArcSoft Connection Service" - "ArcSoft Inc." - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
"ccApp" - "Symantec Corporation" - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
"cssauth" - "Lenovo Group Limited" - "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent
"EZEJMNAP" - "Lenovo Group Ltd." - C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
"EZEJTRAY" - "Lenovo Group Ltd." - C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJTRAY.EXE
"HP Software Update" - "Hewlett-Packard" - C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
"LCONTROL" - "ATK0101" - "C:\Programme\Lenovo\ATK Hotkey\LCONTROL.exe"
"LFKA" - "Lenovo" - "C:\Programme\Lenovo\ATK Hotkey\LFKA.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
"PSQLLauncher" - "UPEK Inc." - "C:\Programme\ThinkVantage Fingerprint Software\launcher.exe" /startup
"PWRMGRTR" - "Lenovo Group Limited" - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TPFNF7" - "Lenovo Group Limited" - C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r
"TPHOTKEY" - "Lenovo Group Limited" - C:\Programme\Lenovo\HOTKEY\LVOSDSVC.exe
"TpShocks" - "Lenovo." - TpShocks.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Ac Profile Manager Service" (AcPrfMgrSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
"Access Connections Main Service" (AcSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Programme\Microsoft\BingBar\BBSvc.EXE
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Programme\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
"Intel(R) PROSet/Wireless WiFi Service" (S24EventMonitor) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\S24EvMon.exe
"Intel(R) PROSet/Wireless WiMAX Red Bend Device Management Service" (DMAgent) - "Red Bend Ltd." - C:\Programme\Intel\WiMAX\Bin\DMAgent.exe
"Intel(R) PROSet/Wireless WiMAX Service" (WiMAXAppSrv) - "Intel(R) Corporation" - C:\Programme\Intel\WiMAX\Bin\AppSrv.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NBService" (NBService) - "Nero AG" - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS\system32\IoctlSvc.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll
"Power Manager DBC Service" (Power Manager DBC Service) - ? - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
"SAVRoam" (SavRoam) - "symantec" - C:\Programme\Symantec\SAV\SavRoam.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Programme\Microsoft\BingBar\SeaPort.EXE
"Service of LFKA" (LFKAS) - ? - C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe
"Symantec AntiVirus" (Symantec AntiVirus) - "Symantec Corporation " - C:\Programme\Symantec\SAV\Rtvscan.exe
"Symantec AntiVirus Definition Watcher" (DefWatch) - "Symantec Corporation" - C:\Programme\Symantec\SAV\DefWatch.exe
"Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
"Symantec Network Drivers Service" (SNDSrvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
"Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
"Symantec SPBBCSvc" (SPBBCSvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
"ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\WINDOWS\System32\TPHDEXLG.exe
"ThinkVantage Registry Monitor Service" (ThinkVantage Registry Monitor Service) - "Lenovo Group Limited" - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"GinaDLL" - "UPEK Inc." - C:\WINDOWS\system32\vrlogon.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"NavLogon" - "Symantec Corporation" - C:\WINDOWS\system32\NavLogon.dll
"psfus" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll
"tphotkey" - "Lenovo Group Limited" - C:\Programme\Lenovo\HOTKEY\tphklock.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR:

Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-29 01:00:11
-----------------------------
01:00:11.343    OS Version: Windows 5.1.2600 Service Pack 3
01:00:11.343    Number of processors: 2 586 0xF0D
01:00:11.343    ComputerName: PC-MSH  UserName:
01:00:11.671    Initialize success
01:01:55.218    AVAST engine defs: 12022802
01:02:11.171    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:02:11.171    Disk 0 Vendor: WDC_WD2500BEVS-08VAT2 14.01A14 Size: 238475MB BusType: 3
01:02:11.250    Disk 0 MBR read successfully
01:02:11.250    Disk 0 MBR scan
01:02:11.296    Disk 0 Windows XP default MBR code
01:02:11.296    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        40962 MB offset 63
01:02:11.328    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      197510 MB offset 83891430
01:02:11.359    Disk 0 scanning sectors +488392065
01:02:11.531    Disk 0 scanning C:\WINDOWS\system32\drivers
01:02:38.046    Service scanning
01:02:59.062    Modules scanning
01:03:21.984    Disk 0 trace - called modules:
01:03:22.015    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
01:03:22.015    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89da0ab8]
01:03:22.015    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000008a[0x89da69e8]
01:03:22.015    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d6e940]
01:03:22.250    AVAST engine scan C:\WINDOWS
01:03:50.093    AVAST engine scan C:\WINDOWS\system32
01:09:21.515    AVAST engine scan C:\WINDOWS\system32\drivers
01:09:50.578    AVAST engine scan C:\Dokumente und Einstellungen\Matthias und Silke
01:13:21.671    AVAST engine scan C:\Dokumente und Einstellungen\All Users
01:16:06.281    Scan finished successfully
01:16:45.515    Disk 0 MBR has been saved successfully to "E:\mat\MBR.dat"
01:16:45.593    The log file has been saved successfully to "E:\mat\aswMBR.txt"
Hoffe mal alles soweit ok und wie gewünscht.
Warte dann auf grünes Licht vom Chef hier...:)

cosinus 29.02.2012 14:25
Zitat:
"282D0911F" (282D0911F) - ? - C:\WINDOWS\System32\drivers\282D0911F.sys (File not found)
Bitte mit osam deaktivieren und löschen

rudi_ruessel 29.02.2012 18:15
Zitat:
Zitat von cosinus (Beitrag 782559)
Bitte mit osam deaktivieren und löschen
Ok erledigt.
Kann ich das System jetzt wieder als bereinigt ansehen?

cosinus 29.02.2012 18:59
Mach bitte noch zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

rudi_ruessel 01.03.2012 16:31
Mbam:
Code:
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.01.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: PC-MSH [administrator]

Protection: Enabled

01.03.2012 09:01:11
mbam-log-2012-03-01 (09-01-11).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 281521
Time elapsed: 44 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
sasw:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/01/2012 at 02:27 PM

Application Version : 5.0.1144

Core Rules Database Version : 8292
Trace Rules Database Version: 6104

Scan type      : Complete Scan
Total Scan Time : 00:59:55

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 911
Memory threats detected  : 0
Registry items scanned    : 34505
Registry threats detected : 0
File items scanned        : 111277
File threats detected    : 247

Adware.Tracking Cookie
        statse.webtrendslive.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\32RWWW1X.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\32RWWW1X.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\32RWWW1X.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        stats.schulzesteinmann.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .de.at.atwola.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .findfiles.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .tracking.mindshare.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        tracking.mlsat02.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\INSTALL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZL7DYFBW.DEFAULT\COOKIES.SQLITE ]
Ok, hab das alles noch bereinigt. Ich denke mal, es sollte nun alles wieder ok sein bzw. hoff ich mal.

Auf jeden Fall bedanke ich mich schon mal für deine Zeit, Hilfe und Unterstützung und ich wünsch dir und eurem Team weiterhin gutes Gelingen!!!

Gruß
Enrico

cosinus 01.03.2012 20:54
Sieht ok aus, da wurden nur Cookies gefunden. Die können weg.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist das System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

rudi_ruessel 01.03.2012 21:07
Ich habe bis jetzt nichts ungewöhnliches mehr bemerkt und es scheint auch alles ordnungsgemäß zu funktionieren. Ich habe auch mit curports von Nirsoft noch mal die offenen Verbindungen gecheckt und so wie es aussieht, scheint auch niemand mehr nach Hause zu telefonieren, ausser die üblichen Verdächtigen bzw. gewollten Programme.

Ich bedanke mich nochmal recht herzlich!


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:31 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19