Trojaner-Board - Bundespolizei ? Internet gesperrt, Malwarebytes zeigt infizierte Dateien und Registrierung

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Bundespolizei ? Internet gesperrt, Malwarebytes zeigt infizierte Dateien und Registrierung (https://www.trojaner-board.de/111862-bundespolizei-internet-gesperrt-malwarebytes-zeigt-infizierte-dateien-registrierung.html)

Bundespolizei ? Internet gesperrt, Malwarebytes zeigt infizierte Dateien und Registrierung

Hallo Trojaner Board,

wir haben im Haushalt einen PC der von mehreren Personen benutzt wird. Letzten Donnerstag schien es irgendwie Probleme mit der Internetverbindung zu geben und meine Mitbewohner meinten, dass es eine Art Meldung gab (Bundespolizei :confused:) das der PC nun gesperrt sei.
Nach einem Vollscan mit Malwarebytes war die Internetverbindung wieder vorhanden, allerdings scheint der PC noch nicht sauber zu sein... :(

Ich hoffe ihr könnt helfen, vielen Dank schon mal.

Hier die Logfiles:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 912021502

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

15.03.2012 17:46:46
mbam-log-2012-03-15 (17-46-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 309335
Laufzeit: 48 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
d:\dokumente und einstellungen\*****\lokale einstellungen\Temp\wpbt0.dll (Exploit.Drop) -> Delete on reboot.
d:\dokumente und einstellungen\*****\startmenü\programme\autostart\wpbt0.dll.lnk (Trojan.Agent) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 912031603

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

16.03.2012 16:38:32
mbam-log-2012-03-16 (16-38-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 316544
Laufzeit: 50 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
d:\dokumente und einstellungen\*****\lokale einstellungen\Temp\temporary internet files\Content.IE5\RHJY0BM4\about[1].exe (Trojan.Ransom.BP) -> Quarantined and deleted successfully.

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hi,

ich habe den ESET Online-Scanner wie beschrieben ausgeführt.
Hier das Log File :

# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=99e0a3894cd54e4996f9e064f8a65067
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-21 12:31:51
# local_time=2012-03-21 01:31:51 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 34289637 34289637 0 0
# compatibility_mode=1797 16775145 100 94 419915 107844267 424443 0
# compatibility_mode=2048 16777215 100 0 197268521 197268521 0 0
# compatibility_mode=8192 67108863 100 0 3945 3945 0 0
# scanned=135170
# found=0
# cleaned=0
# scan_time=4167

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

So, hier der OTL Log.OTL Logfile:

Code:

OTL logfile created on: 21.03.2012 16:27:19 - Run 2

OTL by OldTimer - Version 3.2.21.0     Folder = D:\Dokumente und Einstellungen\David\Eigene Dateien\Downloads

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1.023,00 Mb Total Physical Memory | 571,00 Mb Available Physical Memory | 56,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 67,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 29,99 Gb Total Space | 2,34 Gb Free Space | 7,80% Space Free | Partition Type: NTFS

Drive D: | 198,98 Gb Total Space | 127,11 Gb Free Space | 63,88% Space Free | Partition Type: NTFS

 

Computer Name: SN112093730310 | User Name: | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - D:\Dokumente und Einstellungen\David\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()

PRC - C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)

PRC - c:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de)

PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatchTray.exe ()

PRC - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions)

PRC - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions)

PRC - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\CPSHelpRunner.exe (Sonic Solutions)

PRC - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()

PRC - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()

PRC - C:\Programme\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)

PRC - C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLService.exe (Cyberlink)

PRC - C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

PRC - C:\APPS\Softex\OmniPass\OPXPApp.exe ()

PRC - C:\APPS\Softex\OmniPass\OmniServ.exe (Softex Inc.)

PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)

PRC - c:\APPS\HIDSERVICE\HidService.exe ()

PRC - C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)

 

 
 ========== Modules (SafeList) ==========

 

MOD - D:\Dokumente und Einstellungen\David\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) --  File not found

SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()

SRV - (NIHardwareService) -- C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (MZCCntrl) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

SRV - (RoxLiveShare) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe (Sonic Solutions)

SRV - (RoxMediaDB) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions)

SRV - (RoxWatch) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions)

SRV - (RoxUPnPRenderer) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe (Sonic Solutions)

SRV - (RoxUpnpServer) -- C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe (Sonic Solutions)

SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()

SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()

SRV - (CyberLink Media Library Service) -- C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

SRV - (omniserv) -- C:\APPS\Softex\OmniPass\OmniServ.exe (Softex Inc.)

SRV - (GenericHidService) -- c:\APPS\HIDSERVICE\HidService.exe ()

SRV - (IDriverT) -- c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (a2djavs) -- C:\WINDOWS\system32\drivers\a2djavs.sys (Native Instruments GmbH)

DRV - (a2djusb) -- C:\WINDOWS\system32\drivers\a2djusb.sys (Native Instruments GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (MIINPazX) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

DRV - (MACNDIS5) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys (Marmiko IT-Solutions GmbH)

DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)

DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)

DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)

DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)

DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)

DRV - (MicNgTun) -- C:\WINDOWS\system32\drivers\MicNgTun.sys (Micronas GmbH)

DRV - (MicNgCap) -- C:\WINDOWS\system32\drivers\MicNgCap.sys (Micronas GmbH)

DRV - (MicNgBas) -- C:\WINDOWS\system32\drivers\MicNgBas.sys (Micronas GmbH)

DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)

DRV - (AVMUNET) -- C:\WINDOWS\system32\drivers\avmunet.sys (AVM GmbH)

DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)

DRV - (HSFHWCD2) -- C:\WINDOWS\system32\drivers\HSFHWCD2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation                           )

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

DRV - (DFE528TX) -- C:\WINDOWS\system32\drivers\DLKRTL.SYS (D-Link Corporation               )

DRV - (Asapi) -- C:\WINDOWS\System32\drivers\asapi.sys (VOB Computersysteme GmbH)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de

IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll (ICQ)

 

 

IE - HKU\.DEFAULT\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll (ICQ)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll (ICQ)

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll (ICQ)

IE - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.15 14:05:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.03.15 14:05:27 | 000,000,000 | ---D | M]

 

[2010.02.22 10:41:00 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Extensions

[2012.03.21 12:22:37 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions

[2011.12.29 14:50:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.05.04 13:15:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.03.19 16:59:44 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-1.xml

[2011.12.23 13:51:49 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-10.xml

[2012.02.07 09:36:09 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-11.xml

[2012.02.23 18:46:02 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-12.xml

[2012.03.15 14:06:02 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-13.xml

[2011.03.28 11:38:12 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-2.xml

[2011.05.02 15:26:44 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-3.xml

[2011.06.23 11:29:34 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-4.xml

[2011.08.22 13:31:43 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-5.xml

[2011.09.06 11:02:30 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-6.xml

[2011.09.13 12:30:28 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-7.xml

[2011.09.29 17:27:04 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-8.xml

[2011.11.10 18:26:43 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-9.xml

[2011.02.20 10:21:20 | 000,000,168 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin.gif

[2011.02.20 10:21:20 | 000,000,618 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin.src

[2011.03.10 13:23:09 | 000,001,056 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin.xml

[2010.02.22 10:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.03.10 18:41:33 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.03.10 18:41:33 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.03.10 18:41:33 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.03.10 18:41:33 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.03.10 18:41:33 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.03.01 16:07:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll (ICQ)

O3 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll (ICQ)

O4 - HKLM..\Run: [ATICCC] c:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)

O4 - HKLM..\Run: [PCMService] C:\Programme\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RoxWatchTray] C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatchTray.exe ()

O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)

O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)

O4 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006..\Run: [ICQ] C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O4 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)

O4 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &ICQ Toolbar Search - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)

O8 - Extra context menu item: Free YouTube to MP3 Converter - D:\Dokumente und Einstellungen\David\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found

O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found

O15 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)

O15 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\..Trusted Domains: fritz.box ([]* in Lokales Intranet)

O15 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\..Trusted Ranges: Range1 ([*] in Lokales Intranet)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} hxxp://dfgfile.com/online_games/DinerDash/DinerDash.1.0.0.58.cab (CPlayFirstDinerDashControl Object)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\OPXPGina: DllName - C:\Apps\Softex\OmniPass\opxpgina.dll - C:\APPS\Softex\OmniPass\OPXPGina.dll ()

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: D:\Dokumente und Einstellungen\David\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: D:\Dokumente und Einstellungen\David\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: AppMgmt -  File not found

NetSvcs: HidServ -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - StartUpFolder: D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Sonic CinePlayer Quick Launch.lnk - C:\Programme\Gemeinsame Dateien\Sonic Shared\CineTray.exe - (Sonic Solutions)

MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

MsConfig - StartUpReg: MMTray - hkey= - key= - C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)

MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig - StartUpReg: OmniPass - hkey= - key= - C:\APPS\Softex\OmniPass\scureapp.exe ()

MsConfig - StartUpReg: PHIME2002A - hkey= - key= -  File not found

MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= -  File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Computer, Inc.)

MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - C:\Programme\Roxio\WinOnCD 8\Drag to Disc\DrgToDsc.exe (Sonic Solutions)

MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

 

SafeBootMin: AppMgmt -  File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: AppMgmt -  File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp -  File not found

Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\CYBERL~1\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM File not found

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.ffds - C:\Programme\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.wmv3 - C:\Programme\Combined Community Codec Pack\Filters\wmv9vcm.dll (Microsoft Corporation)

Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: wave3 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

 

CREATERESTOREPOINT

Error starting restore point: System Restore is disabled.

Error closing restore point: System Restore is disabled.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.21 12:16:55 | 000,000,000 | ---D | C] -- C:\Programme\ESET
 

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.21 11:58:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.03.21 11:58:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.03.21 11:58:09 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.16 14:57:37 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
 

 
 ========== Files Created - No Company Name ==========

 

[2010.02.26 14:12:07 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2008.08.28 09:26:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008.03.09 17:43:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini

[2008.02.29 18:23:03 | 000,000,117 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008.02.29 18:22:13 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini

[2008.01.23 10:08:39 | 000,000,305 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html

[2007.11.23 21:30:57 | 000,005,188 | ---- | C] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\froggy_scorebox

[2007.11.23 21:30:57 | 000,000,912 | ---- | C] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\pl_accounts.pl_acc

[2007.11.23 21:30:57 | 000,000,556 | ---- | C] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Troll.options

[2007.06.06 20:35:01 | 000,000,464 | ---- | C] () -- C:\WINDOWS\atlashi.ini

[2007.05.06 15:09:52 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ExtRes.dll

[2007.02.19 13:25:29 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2007.02.19 13:25:29 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2007.02.19 13:25:29 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2006.08.24 20:03:21 | 000,000,005 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DragToDiscUserNameF.txt

[2006.07.22 14:15:47 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2SODBC.DLL

[2006.07.22 14:15:47 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL

[2006.07.22 14:15:47 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2CTDAO.DLL

[2006.07.22 14:15:47 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL

[2006.06.28 15:55:54 | 000,000,562 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2006.05.30 12:13:09 | 000,016,864 | ---- | C] () -- D:\Dokumente und Einstellungen\David\Lokale Einstellungen\Anwendungsdaten\rx_audio.Cache

[2006.04.09 18:38:00 | 000,000,640 | ---- | C] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\wklnhst.dat

[2006.03.04 20:39:29 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\KERNELH2.DLL

[2006.01.04 13:55:20 | 000,009,141 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini

[2006.01.03 00:14:07 | 000,190,464 | ---- | C] () -- D:\Dokumente und Einstellungen\David\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006.01.02 21:28:16 | 000,000,138 | ---- | C] () -- D:\Dokumente und Einstellungen\David\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2005.12.20 09:02:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005.12.20 08:41:39 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll

[2005.12.20 08:40:38 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005.12.20 08:35:54 | 000,000,410 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI

[2005.12.20 08:33:05 | 000,007,513 | ---- | C] () -- C:\WINDOWS\HDReg.ini

[2005.12.20 08:21:08 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2005.10.27 10:29:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005.10.21 15:28:56 | 000,005,968 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005.10.19 15:56:36 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2005.10.19 15:56:36 | 000,831,488 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2005.10.19 15:56:36 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2005.10.19 15:56:36 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll

[2005.10.11 00:16:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2004.11.30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll

[2004.08.11 19:13:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004.08.11 18:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2003.10.02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll

[2003.10.02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll

[2003.03.20 13:02:19 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll

[2003.03.20 13:02:19 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

[2003.03.20 13:02:19 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2003.03.20 13:02:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2003.03.20 13:02:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

 
 ========== LOP Check ==========

 

[2006.03.01 09:55:33 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ableton

[2008.04.25 18:30:45 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Astar Games

[2007.12.07 17:06:45 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Christmasville

[2007.11.10 15:36:25 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fugazo

[2010.11.04 12:19:19 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ

[2007.11.23 19:06:32 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Legacy Interactive

[2010.04.12 11:51:49 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Native Instruments

[2007.11.03 21:00:32 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Oberon Games

[2005.12.20 08:34:23 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2

[2006.05.01 11:49:25 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle

[2008.01.18 19:37:05 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlayFirst

[2006.02.26 19:49:21 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Propellerhead Software

[2007.11.30 18:30:54 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sandlot Games

[2008.08.25 07:29:09 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online

[2008.01.03 11:50:08 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

[2005.12.20 08:32:34 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint

[2008.01.31 18:53:29 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom

[2010.04.13 12:18:37 | 000,000,000 | -H-D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}

[2010.02.26 14:54:26 | 000,000,000 | -H-D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

[2010.04.13 12:20:05 | 000,000,000 | -H-D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}

[2010.05.04 10:39:50 | 000,000,000 | -H-D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C50F95A0-0BCB-41D8-AB22-E8C0FEF70AB7}

[2010.04.13 12:18:15 | 000,000,000 | -H-D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}

[2010.06.08 15:34:53 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Ableton

[2011.12.20 13:23:09 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\DVDVideoSoft

[2011.12.20 13:22:37 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\DVDVideoSoftIEHelpers

[2008.01.31 17:46:05 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Gamelab

[2007.12.22 18:16:27 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Home Sweet Home

[2012.03.15 12:53:38 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\ICQ

[2006.01.08 19:28:08 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\ICQLite

[2009.04.08 12:24:39 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Inkscape

[2007.11.23 21:32:21 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Jane s Hotel

[2006.07.22 18:00:49 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Leadertech

[2010.04.12 11:07:00 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\MSNInstaller

[2007.12.22 19:43:53 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\MysteryStudio

[2008.02.07 17:56:42 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Oberon Games

[2006.01.03 00:13:21 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\OD2

[2008.01.18 19:37:04 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\PlayFirst

[2006.02.26 19:49:32 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Propellerhead Software

[2008.08.25 07:29:50 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\T-Online

[2006.04.09 18:38:01 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Template

[2008.04.25 17:23:07 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Total Eclipse

[2008.01.10 20:35:09 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Zylom

[2012.03.16 14:57:37 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2008.04.25 17:23:06 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Adobe

[2006.03.23 19:06:54 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\AdobeUM

[2010.02.26 14:12:45 |

[2005.12.20 08:26:00 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\ATI

[2006.03.23 10:45:40 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\CyberLink

[2011.12.20 13:23:09 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\DVDVideoSoft

[2011.12.20 13:22:37 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\DVDVideoSoftIEHelpers

[2008.01.31 17:46:05 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Gamelab

[2007.03.18 15:24:23 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Google

[2006.01.05 21:21:20 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Help

[2007.12.22 18:16:27 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Home Sweet Home

[2012.03.15 12:53:38 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\ICQ

[2006.01.08 19:28:08 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\ICQLite

[2008.01.10 20:35:09 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Identities

[2009.04.08 12:24:39 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Inkscape

[2007.11.23 21:32:21 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Jane s Hotel

[2006.07.22 18:00:49 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Leadertech

[2009.03.18 12:53:28 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Macromedia

[2011.02.23 13:38:58 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Malwarebytes

[2011.02.18 16:28:45 | 000,000,000 | --SD | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Microsoft

[2010.02.22 10:41:00 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla

[2010.04.12 11:07:00 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\MSNInstaller

[2007.12.22 19:43:53 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\MysteryStudio

[2008.02.07 17:56:42 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Oberon Games

[2006.01.03 00:13:21 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\OD2

[2008.01.18 19:37:04 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\PlayFirst

[2006.02.26 19:49:32 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Propellerhead Software

[2005.12.20 08:35:43 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Real

[2006.01.03 20:36:02 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Roxio

[2011.12.19 18:14:25 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Skype

[2010.01.14 11:48:53 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\skypePM

[2006.07.22 18:01:25 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Sonic

[2006.01.02 23:13:33 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Sun

[2011.03.04 15:59:26 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\SUPERAntiSpyware.com

[2008.08.25 07:29:50 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\T-Online

[2006.04.09 18:38:01 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Template

[2008.04.25 17:23:07 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Total Eclipse

[2011.02.04 12:41:38 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\U3

[2006.04.24 21:06:50 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\vlc

[2005.12.20 08:32:35 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\You've Got Pictures Screensaver

[2008.01.10 20:35:09 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Zylom

 
 < %APPDATA%\*.exe /s >

[2011.02.18 16:28:45 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys

[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\agp440.sys

[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\DRIVERS\embdsav\WINDOWS\system32\drivers\AGP440.SYS

[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS

[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys

[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\atapi.sys

[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\DRIVERS\embdsav\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\eventlog.dll

[2004.08.04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\DRIVERS\embdsav\WINDOWS\system32\eventlog.dll

[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\netlogon.dll

[2004.08.04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\DRIVERS\embdsav\WINDOWS\system32\netlogon.dll

[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll

[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2004.08.04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\DRIVERS\embdsav\WINDOWS\system32\scecli.dll

[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\scecli.dll

[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\ERDNT\cache\user32.dll

[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\dllcache\user32.dll

[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\user32.dll

[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll

[2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll

[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\user32.dll

[2004.08.04 01:56:48 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\DRIVERS\embdsav\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\userinit.exe

[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\ERDNT\cache\userinit.exe

[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ERDNT\cache\winlogon.exe

[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe

[2004.08.31 12:04:02 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=ED9430F0BC57A33F5E4D746BF7A477E5 -- C:\DRIVERS\embdsav\WINDOWS\system32\winlogon.exe

[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2001.08.17 13:56:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\DRIVERS\embdsav\WINDOWS\system32\drivers\ws2ifsl.sys

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2004.08.11 18:55:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2004.08.11 18:55:48 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2004.08.11 18:55:48 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 76 bytes -> D:\Dokumente und Einstellungen\David\Eigene Dateien\VirtualDJ:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> D:\Dokumente und Einstellungen\David\Eigene Dateien\vim:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> D:\Dokumente und Einstellungen\David\Eigene Dateien\Sachen vom Stick:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> D:\Dokumente und Einstellungen\David\Eigene Dateien\Neuheitendjsets13.04.06:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> D:\Dokumente und Einstellungen\David\Eigene Dateien\Native Instruments:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> D:\Dokumente und Einstellungen\David\Eigene Dateien\Meine empfangenen Dateien:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> D:\Dokumente und Einstellungen\David\Eigene Dateien\ICQ:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> D:\Dokumente und Einstellungen\David\Eigene Dateien\ICQ Lite:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> D:\Dokumente und Einstellungen\David\Eigene Dateien\herbert:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> D:\Dokumente und Einstellungen\David\Eigene Dateien\DVDVideoSoft:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> D:\Dokumente und Einstellungen\David\Eigene Dateien\Downloads:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> D:\Dokumente und Einstellungen\David\Eigene Dateien\djsets23.08.05:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> D:\Dokumente und Einstellungen\David\Eigene Dateien\Der Vorleser:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> D:\Dokumente und Einstellungen\David\Desktop\AOL Gespeicherte Ablage:Roxio EMC Stream
 
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de

IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll (ICQ)

IE - HKU\.DEFAULT\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll (ICQ)

IE - HKU\S-1-5-18\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll (ICQ)

IE - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

IE - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll (ICQ)

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

[2011.12.29 14:50:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.05.04 13:15:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.03.19 16:59:44 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-1.xml

[2011.12.23 13:51:49 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-10.xml

[2012.02.07 09:36:09 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-11.xml

[2012.02.23 18:46:02 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-12.xml

[2012.03.15 14:06:02 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-13.xml

[2011.03.28 11:38:12 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-2.xml

[2011.05.02 15:26:44 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-3.xml

[2011.06.23 11:29:34 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-4.xml

[2011.08.22 13:31:43 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-5.xml

[2011.09.06 11:02:30 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-6.xml

[2011.09.13 12:30:28 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-7.xml

[2011.09.29 17:27:04 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-8.xml

[2011.11.10 18:26:43 | 000,000,950 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-9.xml

[2011.02.20 10:21:20 | 000,000,168 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin.gif

[2011.02.20 10:21:20 | 000,000,618 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin.src

[2011.03.10 13:23:09 | 000,001,056 | ---- | M] () -- D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin.xml

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll (ICQ)

O3 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll (ICQ)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &ICQ Toolbar Search - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)

O32 - HKLM CDRom: AutoRun - 1

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danke für die flotte Hilfe :daumenhoc

All processes killed
========== OTL ==========
No active process named ICQ Service.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll moved successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll not found.
HKU\S-1-5-21-1077657381-3574764726-2148158213-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1077657381-3574764726-2148158213-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1077657381-3574764726-2148158213-1006\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome scheduled to be moved on reboot.
Folder move failed. D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} scheduled to be moved on reboot.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-1.xml moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-10.xml moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-11.xml moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-12.xml moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-13.xml moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-2.xml moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-3.xml moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-4.xml moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-5.xml moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-6.xml moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-7.xml moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-8.xml moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin-9.xml moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin.gif moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin.src moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Programme\Java\jre1.5.0_06\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1077657381-3574764726-2148158213-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\1011041219\ICQToolBar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1077657381-3574764726-2148158213-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1077657381-3574764726-2148158213-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1077657381-3574764726-2148158213-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1077657381-3574764726-2148158213-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&ICQ Toolbar Search\ deleted successfully.
C:\Programme\ICQToolbar\toolbaru.dll moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 155396937 bytes
->Temporary Internet Files folder emptied: 930338 bytes
->Java cache emptied: 9489312 bytes
->FireFox cache emptied: 48318263 bytes
->Flash cache emptied: 2111 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7433883 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 211,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.21.0 log created on 03212012_183620

Files\Folders moved on Reboot...
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.

Registry entries deleted on Reboot...

Die Logs sind in CODE-Tags zu posten!!

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hier die TDSS Log-file:

Code:

14:34:55.0875 2512        TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00

14:34:57.0109 2512        ============================================================

14:34:57.0109 2512        Current date / time: 2012/03/23 14:34:57.0109

14:34:57.0109 2512        SystemInfo:

14:34:57.0109 2512        

14:34:57.0109 2512        OS Version: 5.1.2600 ServicePack: 2.0

14:34:57.0109 2512        Product type: Workstation

14:34:57.0109 2512        ComputerName: SN112093730310

14:34:57.0109 2512        UserName: David

14:34:57.0109 2512        Windows directory: C:\WINDOWS

14:34:57.0109 2512        System windows directory: C:\WINDOWS

14:34:57.0109 2512        Processor architecture: Intel x86

14:34:57.0109 2512        Number of processors: 2

14:34:57.0109 2512        Page size: 0x1000

14:34:57.0109 2512        Boot type: Normal boot

14:34:57.0109 2512        ============================================================

14:34:59.0609 2512        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

14:34:59.0781 2512        \Device\Harddisk0\DR0:

14:34:59.0781 2512        MBR used

14:34:59.0781 2512        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x7D047E, BlocksNum 0x3BFB18B

14:34:59.0781 2512        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x43CB609, BlocksNum 0x18DF50B7

14:35:00.0078 2512        Initialize success

14:35:00.0078 2512        ============================================================

14:35:46.0921 0300        ============================================================

14:35:46.0921 0300        Scan started

14:35:46.0921 0300        Mode: Manual; SigCheck; TDLFS; 

14:35:46.0921 0300        ============================================================

14:35:47.0265 0300        a2djavs         (2307eca25fa851a6f5c0bebe959d8fe9) C:\WINDOWS\system32\Drivers\a2djavs.sys

14:35:49.0093 0300        a2djavs - ok

14:35:49.0156 0300        a2djusb         (560a268c1e3e6953ba91e9ef8e347bd4) C:\WINDOWS\system32\Drivers\a2djusb.sys

14:35:49.0187 0300        a2djusb - ok

14:35:49.0187 0300        Abiosdsk - ok

14:35:49.0234 0300        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

14:35:50.0078 0300        abp480n5 - ok

14:35:50.0156 0300        ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys

14:35:50.0312 0300        ACPI - ok

14:35:50.0343 0300        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

14:35:50.0484 0300        ACPIEC - ok

14:35:50.0531 0300        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

14:35:50.0687 0300        adpu160m - ok

14:35:50.0718 0300        aec             (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

14:35:51.0093 0300        aec - ok

14:35:51.0125 0300        AFD             (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

14:35:51.0156 0300        AFD - ok

14:35:51.0187 0300        agp440          (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys

14:35:51.0328 0300        agp440 - ok

14:35:51.0343 0300        agpCPQ          (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

14:35:51.0500 0300        agpCPQ - ok

14:35:51.0515 0300        Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

14:35:51.0593 0300        Aha154x - ok

14:35:51.0609 0300        aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

14:35:51.0750 0300        aic78u2 - ok

14:35:51.0765 0300        aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

14:35:51.0906 0300        aic78xx - ok

14:35:51.0937 0300        Alerter         (1aab6c5f8376357cb9b16c38c42c4076) C:\WINDOWS\system32\alrsvc.dll

14:35:52.0062 0300        Alerter - ok

14:35:52.0078 0300        ALG             (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe

14:35:52.0140 0300        ALG - ok

14:35:52.0187 0300        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

14:35:52.0312 0300        AliIde - ok

14:35:52.0328 0300        alim1541        (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys

14:35:52.0453 0300        alim1541 - ok

14:35:52.0468 0300        amdagp          (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys

14:35:52.0609 0300        amdagp - ok

14:35:52.0625 0300        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

14:35:52.0703 0300        amsint - ok

14:35:52.0781 0300        AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Programme\Avira\AntiVir Desktop\sched.exe

14:35:52.0796 0300        AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning

14:35:52.0796 0300        AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1)

14:35:52.0812 0300        AntiVirService  (b8720a787c1223492e6f319465e996ce) C:\Programme\Avira\AntiVir Desktop\avguard.exe

14:35:52.0828 0300        AntiVirService ( UnsignedFile.Multi.Generic ) - warning

14:35:52.0828 0300        AntiVirService - detected UnsignedFile.Multi.Generic (1)

14:35:52.0875 0300        Arp1394         (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

14:35:53.0000 0300        Arp1394 - ok

14:35:53.0031 0300        Asapi           (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys

14:35:53.0031 0300        Asapi ( UnsignedFile.Multi.Generic ) - warning

14:35:53.0031 0300        Asapi - detected UnsignedFile.Multi.Generic (1)

14:35:53.0062 0300        asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

14:35:53.0203 0300        asc - ok

14:35:53.0218 0300        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

14:35:53.0281 0300        asc3350p - ok

14:35:53.0296 0300        asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

14:35:53.0421 0300        asc3550 - ok

14:35:53.0531 0300        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

14:35:53.0546 0300        aspnet_state - ok

14:35:53.0578 0300        AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

14:35:53.0718 0300        AsyncMac - ok

14:35:53.0734 0300        atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

14:35:53.0859 0300        atapi - ok

14:35:53.0875 0300        Atdisk - ok

14:35:53.0921 0300        Ati HotKey Poller (29ce0b7e8190d7ae278f94bbc43f496e) C:\WINDOWS\system32\Ati2evxx.exe

14:35:53.0968 0300        Ati HotKey Poller - ok

14:35:54.0031 0300        ATI Smart       (a29acfade93ce143eba4320bcca1f8b4) C:\WINDOWS\system32\ati2sgag.exe

14:35:54.0062 0300        ATI Smart ( UnsignedFile.Multi.Generic ) - warning

14:35:54.0062 0300        ATI Smart - detected UnsignedFile.Multi.Generic (1)

14:35:54.0125 0300        ati2mtag        (bf278c2d512ef0d2748cdac641bb9649) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

14:35:54.0203 0300        ati2mtag - ok

14:35:54.0234 0300        Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

14:35:54.0375 0300        Atmarpc - ok

14:35:54.0421 0300        AudioSrv        (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll

14:35:54.0562 0300        AudioSrv - ok

14:35:54.0578 0300        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

14:35:54.0734 0300        audstub - ok

14:35:54.0781 0300        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys

14:35:54.0812 0300        avgio - ok

14:35:54.0843 0300        avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

14:35:54.0843 0300        avgntflt - ok

14:35:54.0875 0300        avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys

14:35:54.0890 0300        avipbb - ok

14:35:54.0921 0300        AVMUNET         (077b3692f4376d1539755761feef659a) C:\WINDOWS\system32\DRIVERS\avmunet.sys

14:35:54.0953 0300        AVMUNET - ok

14:35:55.0000 0300        BDFsDrv - ok

14:35:55.0000 0300        BDRsDrv - ok

14:35:55.0031 0300        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

14:35:55.0171 0300        Beep - ok

14:35:55.0203 0300        BITS            (3a5e54a9ab96ef2d273b58136fb58efe) C:\WINDOWS\system32\qmgr.dll

14:35:55.0359 0300        BITS - ok

14:35:55.0390 0300        Browser         (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll

14:35:55.0515 0300        Browser - ok

14:35:55.0515 0300        catchme - ok

14:35:55.0546 0300        cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

14:35:55.0671 0300        cbidf - ok

14:35:55.0671 0300        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

14:35:55.0796 0300        cbidf2k - ok

14:35:55.0828 0300        CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

14:35:55.0968 0300        CCDECODE - ok

14:35:55.0984 0300        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

14:35:56.0046 0300        cd20xrnt - ok

14:35:56.0078 0300        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

14:35:56.0187 0300        Cdaudio - ok

14:35:56.0203 0300        Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

14:35:56.0375 0300        Cdfs - ok

14:35:56.0421 0300        Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

14:35:56.0609 0300        Cdrom - ok

14:35:56.0656 0300        cdudf_xp        (950cad751d2c4a964ef3a303d0b42540) C:\WINDOWS\system32\drivers\cdudf_xp.sys

14:35:56.0687 0300        cdudf_xp ( UnsignedFile.Multi.Generic ) - warning

14:35:56.0687 0300        cdudf_xp - detected UnsignedFile.Multi.Generic (1)

14:35:56.0687 0300        Changer - ok

14:35:56.0718 0300        CiSvc           (234d52c63c67a8cf4af9becce43bfb4a) C:\WINDOWS\system32\cisvc.exe

14:35:56.0859 0300        CiSvc - ok

14:35:56.0937 0300        CLCapSvc        (982d46b31c4b6f5931b8932ac0c7c5f8) C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

14:35:56.0968 0300        CLCapSvc ( UnsignedFile.Multi.Generic ) - warning

14:35:56.0968 0300        CLCapSvc - detected UnsignedFile.Multi.Generic (1)

14:35:57.0015 0300        ClipSrv         (0461868578d29dc18fb1c79933c5158a) C:\WINDOWS\system32\clipsrv.exe

14:35:57.0156 0300        ClipSrv - ok

14:35:57.0234 0300        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:35:57.0250 0300        clr_optimization_v2.0.50727_32 - ok

14:35:57.0359 0300        CLSched         (ac6f2f2001c75dd0dd5b748edff298c9) C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

14:35:57.0390 0300        CLSched ( UnsignedFile.Multi.Generic ) - warning

14:35:57.0390 0300        CLSched - detected UnsignedFile.Multi.Generic (1)

14:35:57.0437 0300        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys

14:35:57.0562 0300        CmdIde - ok

14:35:57.0578 0300        COMSysApp - ok

14:35:57.0593 0300        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

14:35:57.0734 0300        Cpqarray - ok

14:35:57.0781 0300        CryptSvc        (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll

14:35:57.0906 0300        CryptSvc - ok

14:35:57.0968 0300        CyberLink Media Library Service (5b417ed5b49d5a65355a81a2a5fbc1e0) C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

14:35:57.0984 0300        CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning

14:35:57.0984 0300        CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1)

14:35:58.0031 0300        dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

14:35:58.0171 0300        dac2w2k - ok

14:35:58.0187 0300        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

14:35:58.0312 0300        dac960nt - ok

14:35:58.0359 0300        DcomLaunch      (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\system32\rpcss.dll

14:35:58.0468 0300        DcomLaunch - ok

14:35:58.0515 0300        DFE528TX        (5e575ab625ed64c1b20517713201b3ee) C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS

14:35:58.0546 0300        DFE528TX - ok

14:35:58.0578 0300        Dhcp            (7c4d218f9017725589adacab82beb0f8) C:\WINDOWS\System32\dhcpcsvc.dll

14:35:59.0062 0300        Dhcp - ok

14:35:59.0093 0300        Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

14:35:59.0312 0300        Disk - ok

14:35:59.0328 0300        dmadmin - ok

14:35:59.0375 0300        dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys

14:35:59.0546 0300        dmboot - ok

14:35:59.0593 0300        dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys

14:35:59.0765 0300        dmio - ok

14:35:59.0781 0300        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

14:35:59.0921 0300        dmload - ok

14:35:59.0953 0300        dmserver        (fa2d9d1a9f6b5a88d01e1685ce2378ba) C:\WINDOWS\System32\dmserver.dll

14:36:00.0078 0300        dmserver - ok

14:36:00.0109 0300        DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

14:36:00.0250 0300        DMusic - ok

14:36:00.0281 0300        Dnscache        (d20c5b5f0d8ac53ffec17ff9b1658a6e) C:\WINDOWS\System32\dnsrslvr.dll

14:36:00.0843 0300        Dnscache - ok

14:36:00.0968 0300        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

14:36:01.0125 0300        dpti2o - ok

14:36:01.0171 0300        drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

14:36:01.0343 0300        drmkaud - ok

14:36:01.0375 0300        drvmcdb         (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\drivers\drvmcdb.sys

14:36:01.0390 0300        drvmcdb ( UnsignedFile.Multi.Generic ) - warning

14:36:01.0390 0300        drvmcdb - detected UnsignedFile.Multi.Generic (1)

14:36:01.0421 0300        dvd_2K          (59c5c4e5fc942917401fdcff3d44882b) C:\WINDOWS\system32\drivers\dvd_2K.sys

14:36:01.0437 0300        dvd_2K ( UnsignedFile.Multi.Generic ) - warning

14:36:01.0437 0300        dvd_2K - detected UnsignedFile.Multi.Generic (1)

14:36:01.0484 0300        ERSvc           (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll

14:36:01.0609 0300        ERSvc - ok

14:36:01.0640 0300        Eventlog        (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe

14:36:01.0703 0300        Eventlog - ok

14:36:01.0734 0300        EventSystem     (d68ed3908c7a0db446111d34ac40dc18) C:\WINDOWS\system32\es.dll

14:36:01.0781 0300        EventSystem - ok

14:36:01.0812 0300        Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

14:36:01.0937 0300        Fastfat - ok

14:36:01.0984 0300        FastUserSwitchingCompatibility (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll

14:36:02.0359 0300        FastUserSwitchingCompatibility - ok

14:36:02.0390 0300        Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

14:36:02.0531 0300        Fdc - ok

14:36:02.0578 0300        FILESpy - ok

14:36:02.0593 0300        Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys

14:36:02.0734 0300        Fips - ok

14:36:02.0765 0300        Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

14:36:02.0875 0300        Flpydisk - ok

14:36:02.0921 0300        FltMgr          (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

14:36:03.0312 0300        FltMgr - ok

14:36:03.0593 0300        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

14:36:03.0593 0300        FontCache3.0.0.0 - ok

14:36:03.0640 0300        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

14:36:03.0765 0300        Fs_Rec - ok

14:36:03.0812 0300        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

14:36:03.0937 0300        Ftdisk - ok

14:36:03.0984 0300        GenericHidService (69202c049779ae09470370f163363f13) c:\APPS\HIDSERVICE\HIDSERVICE.exe

14:36:04.0000 0300        GenericHidService ( UnsignedFile.Multi.Generic ) - warning

14:36:04.0000 0300        GenericHidService - detected UnsignedFile.Multi.Generic (1)

14:36:04.0015 0300        Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

14:36:04.0140 0300        Gpc - ok

14:36:04.0234 0300        gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

14:36:04.0250 0300        gusvc - ok

14:36:04.0281 0300        HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys

14:36:04.0296 0300        HdAudAddService - ok

14:36:04.0328 0300        HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

14:36:04.0343 0300        HDAudBus - ok

14:36:04.0375 0300        helpsvc         (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

14:36:04.0500 0300        helpsvc - ok

14:36:04.0515 0300        HidServ - ok

14:36:04.0562 0300        HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

14:36:04.0687 0300        HidUsb - ok

14:36:04.0734 0300        hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

14:36:04.0859 0300        hpn - ok

14:36:05.0218 0300        HSFHWCD2        (ef9e6555ef2014edea8ec13ff7ff93ea) C:\WINDOWS\system32\DRIVERS\HSFHWCD2.sys

14:36:05.0312 0300        HSFHWCD2 - ok

14:36:05.0468 0300        HSF_DP          (ee84e96658adea5980bdf2b84d53e9b0) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

14:36:05.0640 0300        HSF_DP - ok

14:36:05.0843 0300        HTTP            (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

14:36:05.0890 0300        HTTP - ok

14:36:05.0937 0300        HTTPFilter      (9ec7e866bbdbf3ecc0e67f4e0a838eb2) C:\WINDOWS\System32\w3ssl.dll

14:36:06.0109 0300        HTTPFilter - ok

14:36:06.0281 0300        i2omgmt         (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys

14:36:06.0453 0300        i2omgmt - ok

14:36:06.0578 0300        i2omp           (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys

14:36:06.0703 0300        i2omp - ok

14:36:06.0734 0300        i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

14:36:06.0875 0300        i8042prt - ok

14:36:06.0937 0300        ICQ Service     (b1a28fa1afde10b95ff9354b15701d70) C:\Programme\ICQ6Toolbar\ICQ Service.exe

14:36:06.0953 0300        ICQ Service - ok

14:36:07.0015 0300        IDriverT        (6f95324909b502e2651442c1548ab12f) c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

14:36:07.0031 0300        IDriverT ( UnsignedFile.Multi.Generic ) - warning

14:36:07.0031 0300        IDriverT - detected UnsignedFile.Multi.Generic (1)

14:36:07.0187 0300        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:36:07.0234 0300        idsvc - ok

14:36:07.0390 0300        Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

14:36:07.0546 0300        Imapi - ok

14:36:07.0593 0300        ImapiService    (57d7267a9ed91ecaf4336b08c9628fca) C:\WINDOWS\system32\imapi.exe

14:36:07.0718 0300        ImapiService - ok

14:36:07.0765 0300        ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

14:36:07.0890 0300        ini910u - ok

14:36:08.0015 0300        IntcAzAudAddService (41ef008d7b089ce6f5f2e4a61d5638e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys

14:36:08.0359 0300        IntcAzAudAddService - ok

14:36:08.0437 0300        IntelIde        (d63c33f65f6ebc732116403d88883b2d) C:\WINDOWS\system32\DRIVERS\intelide.sys

14:36:08.0578 0300        IntelIde - ok

14:36:08.0593 0300        intelppm        (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys

14:36:08.0718 0300        intelppm - ok

14:36:08.0734 0300        Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

14:36:08.0859 0300        Ip6Fw - ok

14:36:08.0875 0300        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

14:36:08.0984 0300        IpFilterDriver - ok

14:36:09.0000 0300        IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

14:36:09.0125 0300        IpInIp - ok

14:36:09.0171 0300        IpNat           (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

14:36:09.0546 0300        IpNat - ok

14:36:09.0578 0300        IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

14:36:09.0703 0300        IPSec - ok

14:36:09.0734 0300        IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

14:36:09.0812 0300        IRENUM - ok

14:36:09.0843 0300        isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys

14:36:09.0968 0300        isapnp - ok

14:36:10.0000 0300        Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

14:36:10.0125 0300        Kbdclass - ok

14:36:10.0156 0300        kmixer          (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

14:36:10.0562 0300        kmixer - ok

14:36:10.0593 0300        KSecDD          (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

14:36:10.0671 0300        KSecDD - ok

14:36:10.0906 0300        lanmanserver    (2865fa4ed4471929881c053a6e5a85f6) C:\WINDOWS\System32\srvsvc.dll

14:36:11.0406 0300        lanmanserver - ok

14:36:11.0468 0300        lanmanworkstation (f716a6f5babb6da60c0532510ab52245) C:\WINDOWS\System32\wkssvc.dll

14:36:11.0515 0300        lanmanworkstation - ok

14:36:11.0609 0300        Lavasoft Ad-Aware Service (6df2be94d712753fb8d87495469b5262) C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

14:36:11.0687 0300        Lavasoft Ad-Aware Service - ok

14:36:11.0750 0300        Lbd             (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

14:36:11.0765 0300        Lbd - ok

14:36:12.0031 0300        lbrtfdc - ok

14:36:12.0093 0300        LmHosts         (4c25fadd7fe1d5bd779b20d3d0eb8d7c) C:\WINDOWS\System32\lmhsvc.dll

14:36:12.0218 0300        LmHosts - ok

14:36:12.0296 0300        MACNDIS5        (e949d673842858d458f7e6bcd46a2a5d) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS

14:36:12.0312 0300        MACNDIS5 ( UnsignedFile.Multi.Generic ) - warning

14:36:12.0312 0300        MACNDIS5 - detected UnsignedFile.Multi.Generic (1)

14:36:12.0343 0300        mdmxsdk         (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

14:36:12.0390 0300        mdmxsdk - ok

14:36:12.0421 0300        Messenger       (e5215ab942c5ac5f7eb0e54871d7a27c) C:\WINDOWS\System32\msgsvc.dll

14:36:12.0562 0300        Messenger - ok

14:36:12.0593 0300        MicNgBas        (d93b1dc33da8594faae299da3d8b1d5a) C:\WINDOWS\system32\drivers\MicNgBas.sys

14:36:12.0625 0300        MicNgBas - ok

14:36:12.0640 0300        MicNgCap        (16f0ef8e5322f6452f49e61eb795f5c3) C:\WINDOWS\system32\drivers\MicNgCap.sys

14:36:12.0656 0300        MicNgCap - ok

14:36:12.0671 0300        MicNgTun        (72c27c7d81ab88b30e060c99c93516ee) C:\WINDOWS\system32\drivers\MicNgTun.sys

14:36:12.0703 0300        MicNgTun - ok

14:36:12.0750 0300        MIINPazX        (5e5024d9e2351db2563b30912b4c4146) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS

14:36:12.0765 0300        MIINPazX ( UnsignedFile.Multi.Generic ) - warning

14:36:12.0765 0300        MIINPazX - detected UnsignedFile.Multi.Generic (1)

14:36:12.0796 0300        mmc_2K          (e89ff6ff46172d7f2435b287600e9cf9) C:\WINDOWS\system32\drivers\mmc_2K.sys

14:36:12.0812 0300        mmc_2K ( UnsignedFile.Multi.Generic ) - warning

14:36:12.0812 0300        mmc_2K - detected UnsignedFile.Multi.Generic (1)

14:36:12.0828 0300        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

14:36:13.0000 0300        mnmdd - ok

14:36:13.0031 0300        mnmsrvc         (bb2470d20405b272ea47ca5e18f1c58e) C:\WINDOWS\system32\mnmsrvc.exe

14:36:13.0156 0300        mnmsrvc - ok

14:36:13.0187 0300        Modem           (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys

14:36:13.0312 0300        Modem - ok

14:36:13.0343 0300        MODEMCSA        (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

14:36:13.0468 0300        MODEMCSA - ok

14:36:13.0500 0300        Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys

14:36:13.0625 0300        Mouclass - ok

14:36:13.0656 0300        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

14:36:13.0781 0300        mouhid - ok

14:36:13.0796 0300        MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

14:36:13.0921 0300        MountMgr - ok

14:36:13.0953 0300        MPE             (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys

14:36:14.0093 0300        MPE - ok

14:36:14.0109 0300        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

14:36:14.0234 0300        mraid35x - ok

14:36:14.0265 0300        MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

14:36:14.0656 0300        MRxDAV - ok

14:36:14.0703 0300        MRxSmb          (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

14:36:14.0750 0300        MRxSmb - ok

14:36:14.0781 0300        MSDTC           (d059f9c7752ef461476e83180daa5c62) C:\WINDOWS\system32\msdtc.exe

14:36:14.0906 0300        MSDTC - ok

14:36:14.0937 0300        Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

14:36:15.0062 0300        Msfs - ok

14:36:15.0078 0300        MSIServer - ok

14:36:15.0125 0300        MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

14:36:15.0234 0300        MSKSSRV - ok

14:36:15.0265 0300        MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

14:36:15.0390 0300        MSPCLOCK - ok

14:36:15.0406 0300        MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

14:36:15.0531 0300        MSPQM - ok

14:36:15.0562 0300        mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

14:36:15.0703 0300        mssmbios - ok

14:36:15.0718 0300        MSTEE           (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

14:36:15.0875 0300        MSTEE - ok

14:36:15.0984 0300        MTOnlPktAlyX    (493138c4f4119e938427da02486f09cb) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS

14:36:15.0984 0300        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning

14:36:15.0984 0300        MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1)

14:36:16.0031 0300        Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

14:36:16.0156 0300        Mup - ok

14:36:16.0187 0300        MxlW2k          (19dd5c581eef70134ccef87d626f4417) C:\WINDOWS\system32\drivers\MxlW2k.sys

14:36:16.0203 0300        MxlW2k ( UnsignedFile.Multi.Generic ) - warning

14:36:16.0203 0300        MxlW2k - detected UnsignedFile.Multi.Generic (1)

14:36:16.0265 0300        MZCCntrl        (5f9ba398f88fc8928ea6dbd5d144cfca) C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe

14:36:16.0265 0300        MZCCntrl ( UnsignedFile.Multi.Generic ) - warning

14:36:16.0265 0300        MZCCntrl - detected UnsignedFile.Multi.Generic (1)

14:36:16.0312 0300        NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

14:36:16.0421 0300        NABTSFEC - ok

14:36:16.0453 0300        NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

14:36:16.0593 0300        NDIS - ok

14:36:16.0609 0300        NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

14:36:16.0734 0300        NdisIP - ok

14:36:16.0765 0300        NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

14:36:16.0875 0300        NdisTapi - ok

14:36:16.0906 0300        Ndisuio         (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

14:36:17.0015 0300        Ndisuio - ok

14:36:17.0031 0300        NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

14:36:17.0156 0300        NdisWan - ok

14:36:17.0171 0300        NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

14:36:17.0296 0300        NDProxy - ok

14:36:17.0328 0300        NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

14:36:17.0453 0300        NetBIOS - ok

14:36:17.0468 0300        NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

14:36:17.0593 0300        NetBT - ok

14:36:17.0625 0300        NetDDE          (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe

14:36:17.0781 0300        NetDDE - ok

14:36:17.0796 0300        NetDDEdsdm      (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe

14:36:17.0921 0300        NetDDEdsdm - ok

14:36:17.0953 0300        Netlogon        (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe

14:36:18.0078 0300        Netlogon - ok

14:36:18.0109 0300        Netman          (1e5218fbe323c375b488318950e10fb4) C:\WINDOWS\System32\netman.dll

14:36:18.0500 0300        Netman - ok

14:36:18.0609 0300        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:36:18.0625 0300        NetTcpPortSharing - ok

14:36:18.0656 0300        NIC1394         (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

14:36:18.0781 0300        NIC1394 - ok

14:36:18.0937 0300        NIHardwareService (f035afd5c9f4ec4a7f9b503d3b5c609e) C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe

14:36:19.0125 0300        NIHardwareService ( UnsignedFile.Multi.Generic ) - warning

14:36:19.0125 0300        NIHardwareService - detected UnsignedFile.Multi.Generic (1)

14:36:19.0187 0300        Nla             (774274c487493452df3b0126dbe7ff3b) C:\WINDOWS\System32\mswsock.dll

14:36:19.0296 0300        Nla - ok

14:36:19.0328 0300        nm              (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys

14:36:19.0453 0300        nm - ok

14:36:19.0468 0300        Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

14:36:19.0609 0300        Npfs - ok

14:36:19.0640 0300        Ntfs            (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

14:36:20.0046 0300        Ntfs - ok

14:36:20.0078 0300        NtLmSsp         (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe

14:36:20.0187 0300        NtLmSsp - ok

14:36:20.0218 0300        NtmsSvc         (428aa946a8d9f32dbb4260c8e6e13377) C:\WINDOWS\system32\ntmssvc.dll

14:36:20.0375 0300        NtmsSvc - ok

14:36:20.0390 0300        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

14:36:20.0515 0300        Null - ok

14:36:20.0546 0300        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

14:36:20.0656 0300        NwlnkFlt - ok

14:36:20.0687 0300        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

14:36:20.0796 0300        NwlnkFwd - ok

14:36:20.0843 0300        ohci1394        (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

14:36:20.0968 0300        ohci1394 - ok

14:36:21.0046 0300        omniserv        (053178fd2676d1a010e18303111be157) C:\Apps\Softex\OmniPass\Omniserv.exe

14:36:21.0046 0300        omniserv ( UnsignedFile.Multi.Generic ) - warning

14:36:21.0046 0300        omniserv - detected UnsignedFile.Multi.Generic (1)

14:36:21.0109 0300        ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

14:36:21.0125 0300        ose - ok

14:36:21.0156 0300        Parport         (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys

14:36:21.0281 0300        Parport - ok

14:36:21.0296 0300        PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

14:36:21.0421 0300        PartMgr - ok

14:36:21.0437 0300        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

14:36:21.0578 0300        ParVdm - ok

14:36:21.0578 0300        PCI             (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys

14:36:21.0703 0300        PCI - ok

14:36:21.0718 0300        PCIDump - ok

14:36:21.0734 0300        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

14:36:21.0859 0300        PCIIde - ok

14:36:21.0875 0300        Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys

14:36:22.0015 0300        Pcmcia - ok

14:36:22.0015 0300        PDCOMP - ok

14:36:22.0031 0300        PDFRAME - ok

14:36:22.0046 0300        PDRELI - ok

14:36:22.0062 0300        PDRFRAME - ok

14:36:22.0078 0300        perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

14:36:22.0203 0300        perc2 - ok

14:36:22.0203 0300        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

14:36:22.0328 0300        perc2hib - ok

14:36:22.0390 0300        PlugPlay        (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe

14:36:22.0453 0300        PlugPlay - ok

14:36:22.0484 0300        PolicyAgent     (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe

14:36:22.0593 0300        PolicyAgent - ok

14:36:22.0609 0300        PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

14:36:22.0734 0300        PptpMiniport - ok

14:36:22.0750 0300        Processor       (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys

14:36:22.0875 0300        Processor - ok

14:36:22.0890 0300        ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe

14:36:23.0015 0300        ProtectedStorage - ok

14:36:23.0031 0300        PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

14:36:23.0156 0300        PSched - ok

14:36:23.0171 0300        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

14:36:23.0296 0300        Ptilink - ok

14:36:23.0328 0300        pwd_2k          (2ee02cfa70d35fbd61339fb26bc03a99) C:\WINDOWS\system32\drivers\pwd_2k.sys

14:36:23.0343 0300        pwd_2k ( UnsignedFile.Multi.Generic ) - warning

14:36:23.0343 0300        pwd_2k - detected UnsignedFile.Multi.Generic (1)

14:36:23.0375 0300        PxHelp20        (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys

14:36:23.0390 0300        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

14:36:23.0390 0300        PxHelp20 - detected UnsignedFile.Multi.Generic (1)

14:36:23.0406 0300        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

14:36:23.0531 0300        ql1080 - ok

14:36:23.0578 0300        Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

14:36:23.0703 0300        Ql10wnt - ok

14:36:23.0718 0300        ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

14:36:23.0843 0300        ql12160 - ok

14:36:23.0859 0300        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

14:36:23.0968 0300        ql1240 - ok

14:36:23.0984 0300        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

14:36:24.0109 0300        ql1280 - ok

14:36:24.0125 0300        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

14:36:24.0250 0300        RasAcd - ok

14:36:24.0281 0300        RasAuto         (e3c6e87c1f84584a773d7c3dd205dbff) C:\WINDOWS\System32\rasauto.dll

14:36:24.0406 0300        RasAuto - ok

14:36:24.0421 0300        Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

14:36:24.0546 0300        Rasl2tp - ok

14:36:24.0578 0300        RasMan          (3af4cab244f0db9aa8c157aa320cfb32) C:\WINDOWS\System32\rasmans.dll

14:36:24.0593 0300        RasMan ( UnsignedFile.Multi.Generic ) - warning

14:36:24.0593 0300        RasMan - detected UnsignedFile.Multi.Generic (1)

14:36:24.0593 0300        RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

14:36:24.0734 0300        RasPppoe - ok

14:36:24.0750 0300        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

14:36:24.0875 0300        Raspti - ok

14:36:24.0906 0300        Rdbss           (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

14:36:25.0296 0300        Rdbss - ok

14:36:25.0312 0300        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

14:36:25.0437 0300        RDPCDD - ok

14:36:25.0468 0300        rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

14:36:25.0609 0300        rdpdr - ok

14:36:25.0656 0300        RDPWD           (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

14:36:26.0046 0300        RDPWD - ok

14:36:26.0078 0300        RDSessMgr       (aec159942df64a9890072d7bb1797762) C:\WINDOWS\system32\sessmgr.exe

14:36:26.0218 0300        RDSessMgr - ok

14:36:26.0250 0300        redbook         (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys

14:36:26.0359 0300        redbook - ok

14:36:26.0421 0300        REGSpy - ok

14:36:26.0468 0300        RemoteAccess    (eba80cdf25e02084857957e820004934) C:\WINDOWS\System32\mprdim.dll

14:36:26.0593 0300        RemoteAccess - ok

14:36:26.0671 0300        RoxLiveShare    (74057e362fe7291ac5ce0427b8233b54) C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe

14:36:26.0703 0300        RoxLiveShare ( UnsignedFile.Multi.Generic ) - warning

14:36:26.0703 0300        RoxLiveShare - detected UnsignedFile.Multi.Generic (1)

14:36:26.0734 0300        RoxMediaDB      (9121627cb84e5815d90e4546eac8eb4d) C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe

14:36:26.0796 0300        RoxMediaDB ( UnsignedFile.Multi.Generic ) - warning

14:36:26.0796 0300        RoxMediaDB - detected UnsignedFile.Multi.Generic (1)

14:36:26.0828 0300        RoxUPnPRenderer (87be7dfbea24296688a967040785b9d5) C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe

14:36:26.0843 0300        RoxUPnPRenderer ( UnsignedFile.Multi.Generic ) - warning

14:36:26.0843 0300        RoxUPnPRenderer - detected UnsignedFile.Multi.Generic (1)

14:36:26.0890 0300        RoxUpnpServer   (ee57e062de46c8fd7fc4c2efe18040f5) C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe

14:36:26.0906 0300        RoxUpnpServer ( UnsignedFile.Multi.Generic ) - warning

14:36:26.0906 0300        RoxUpnpServer - detected UnsignedFile.Multi.Generic (1)

14:36:26.0937 0300        RoxWatch        (d0fd4a43304e478f2e36d47a47d47fc3) C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe

14:36:26.0953 0300        RoxWatch ( UnsignedFile.Multi.Generic ) - warning

14:36:26.0953 0300        RoxWatch - detected UnsignedFile.Multi.Generic (1)

14:36:27.0015 0300        RpcLocator      (da23f9f3f1b1871120f980a6879581ac) C:\WINDOWS\system32\locator.exe

14:36:27.0125 0300        RpcLocator - ok

14:36:27.0187 0300        RpcSs           (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\System32\rpcss.dll

14:36:27.0265 0300        RpcSs - ok

14:36:27.0328 0300        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

14:36:27.0453 0300        RSVP - ok

14:36:27.0484 0300        RTL8023         (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys

14:36:27.0531 0300        RTL8023 - ok

14:36:27.0546 0300        RxFilter        (40af180d92f6bd764a5c8df0ba33f10d) C:\WINDOWS\system32\DRIVERS\RxFilter.sys

14:36:27.0562 0300        RxFilter ( UnsignedFile.Multi.Generic ) - warning

14:36:27.0562 0300        RxFilter - detected UnsignedFile.Multi.Generic (1)

14:36:27.0593 0300        SamSs           (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe

14:36:27.0718 0300        SamSs - ok

14:36:27.0765 0300        SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS

14:36:27.0781 0300        SASDIFSV - ok

14:36:27.0796 0300        SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS

14:36:27.0796 0300        SASKUTIL - ok

14:36:27.0843 0300        SCardSvr        (b4cf7b42de6cfa6fde7d6af4daa55f57) C:\WINDOWS\System32\SCardSvr.exe

14:36:28.0000 0300        SCardSvr - ok

14:36:28.0046 0300        Schedule        (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll

14:36:28.0171 0300        Schedule - ok

14:36:28.0218 0300        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

14:36:28.0609 0300        Secdrv - ok

14:36:28.0656 0300        seclogon        (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll

14:36:28.0781 0300        seclogon - ok

14:36:28.0796 0300        SENS            (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll

14:36:28.0921 0300        SENS - ok

14:36:28.0968 0300        Serenum         (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

14:36:29.0093 0300        Serenum - ok

14:36:29.0109 0300        Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys

14:36:29.0234 0300        Serial - ok

14:36:29.0281 0300        sfdrv01         (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys

14:36:29.0296 0300        sfdrv01 ( UnsignedFile.Multi.Generic ) - warning

14:36:29.0296 0300        sfdrv01 - detected UnsignedFile.Multi.Generic (1)

14:36:29.0296 0300        sfhlp02         (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys

14:36:29.0312 0300        sfhlp02 ( UnsignedFile.Multi.Generic ) - warning

14:36:29.0312 0300        sfhlp02 - detected UnsignedFile.Multi.Generic (1)

14:36:29.0328 0300        Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

14:36:29.0453 0300        Sfloppy - ok

14:36:29.0468 0300        sfsync02        (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOWS\system32\drivers\sfsync02.sys

14:36:29.0500 0300        sfsync02 ( UnsignedFile.Multi.Generic ) - warning

14:36:29.0500 0300        sfsync02 - detected UnsignedFile.Multi.Generic (1)

14:36:29.0515 0300        SharedAccess    (0d6f71d7414cd3aeaf44a0673a88720f) C:\WINDOWS\System32\ipnathlp.dll

14:36:29.0906 0300        SharedAccess - ok

14:36:29.0953 0300        ShellHWDetection (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll

14:36:30.0328 0300        ShellHWDetection - ok

14:36:30.0375 0300        Simbad - ok

14:36:30.0406 0300        sisagp          (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys

14:36:30.0546 0300        sisagp - ok

14:36:30.0578 0300        SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

14:36:30.0703 0300        SLIP - ok

14:36:30.0718 0300        Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

14:36:30.0796 0300        Sparrow - ok

14:36:30.0828 0300        splitter        (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

14:36:31.0203 0300        splitter - ok

14:36:31.0265 0300        Spooler         (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe

14:36:31.0656 0300        Spooler - ok

14:36:31.0671 0300        sptd - ok

14:36:31.0703 0300        sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys

14:36:31.0796 0300        sr - ok

14:36:31.0828 0300        srservice       (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\system32\srsvc.dll

14:36:31.0953 0300        srservice - ok

14:36:31.0984 0300        Srv             (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

14:36:32.0031 0300        Srv - ok

14:36:32.0062 0300        SSDPSRV         (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll

14:36:32.0140 0300        SSDPSRV - ok

14:36:32.0171 0300        ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

14:36:32.0171 0300        ssmdrv - ok

14:36:32.0203 0300        stisvc          (25e9b30af1fa1b9af1853577f39ff20b) C:\WINDOWS\system32\wiaservc.dll

14:36:32.0593 0300        stisvc - ok

14:36:32.0640 0300        streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

14:36:32.0781 0300        streamip - ok

14:36:32.0796 0300        swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

14:36:32.0921 0300        swenum - ok

14:36:32.0953 0300        swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

14:36:33.0078 0300        swmidi - ok

14:36:33.0093 0300        SwPrv - ok

14:36:33.0125 0300        symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

14:36:33.0250 0300        symc810 - ok

14:36:33.0265 0300        symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

14:36:33.0390 0300        symc8xx - ok

14:36:33.0406 0300        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

14:36:33.0531 0300        sym_hi - ok

14:36:33.0546 0300        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

14:36:33.0656 0300        sym_u3 - ok

14:36:33.0687 0300        sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

14:36:33.0812 0300        sysaudio - ok

14:36:33.0843 0300        SysmonLog       (6d0c43df9d3a7c5a9b4f94772cbd5ddc) C:\WINDOWS\system32\smlogsvc.exe

14:36:33.0984 0300        SysmonLog - ok

14:36:34.0031 0300        TapiSrv         (427d7eb3b453347082c8f4b370065d60) C:\WINDOWS\System32\tapisrv.dll

14:36:34.0421 0300        TapiSrv - ok

14:36:34.0484 0300        Tcpip           (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

14:36:34.0546 0300        Tcpip - ok

14:36:34.0578 0300        TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

14:36:34.0734 0300        TDPIPE - ok

14:36:34.0750 0300        TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

14:36:34.0875 0300        TDTCP - ok

14:36:34.0906 0300        TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

14:36:35.0015 0300        TermDD - ok

14:36:35.0062 0300        TermService     (1850bc10de5dcccede063fc2d0f2ceda) C:\WINDOWS\System32\termsrv.dll

14:36:35.0203 0300        TermService - ok

14:36:35.0234 0300        Themes          (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll

14:36:35.0625 0300        Themes - ok

14:36:35.0671 0300        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys

14:36:35.0781 0300        TosIde - ok

14:36:35.0812 0300        TrkWks          (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll

14:36:35.0937 0300        TrkWks - ok

14:36:35.0968 0300        Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

14:36:36.0093 0300        Udfs - ok

14:36:36.0093 0300        ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

14:36:36.0171 0300        ultra - ok

14:36:36.0203 0300        Update          (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

14:36:36.0593 0300        Update - ok

14:36:36.0640 0300        upnphost        (855790c1baced245a6b210af430ed17b) C:\WINDOWS\System32\upnphost.dll

14:36:37.0031 0300        upnphost - ok

14:36:37.0078 0300        UPS             (a99f867e76cfdaa28ee305b93f70e84f) C:\WINDOWS\System32\ups.exe

14:36:37.0203 0300        UPS - ok

14:36:37.0234 0300        usbaudio        (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

14:36:37.0359 0300        usbaudio - ok

14:36:37.0375 0300        usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

14:36:37.0500 0300        usbccgp - ok

14:36:37.0531 0300        usbehci         (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:36:37.0656 0300        usbehci - ok

14:36:37.0671 0300        usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:36:37.0796 0300        usbhub - ok

14:36:37.0812 0300        usbohci         (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys

14:36:37.0937 0300        usbohci - ok

14:36:37.0968 0300        USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:36:38.0109 0300        USBSTOR - ok

14:36:38.0140 0300        usbuhci         (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

14:36:38.0265 0300        usbuhci - ok

14:36:38.0281 0300        VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

14:36:38.0406 0300        VgaSave - ok

14:36:38.0421 0300        viaagp          (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys

14:36:38.0546 0300        viaagp - ok

14:36:38.0562 0300        ViaIde          (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys

14:36:38.0703 0300        ViaIde - ok

14:36:38.0703 0300        VolSnap         (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys

14:36:38.0843 0300        VolSnap - ok

14:36:38.0890 0300        VSS             (6635ecbf0d8090dc3a452d0d072b5d5b) C:\WINDOWS\System32\vssvc.exe

14:36:38.0968 0300        VSS - ok

14:36:39.0000 0300        W32Time         (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\system32\w32time.dll

14:36:39.0125 0300        W32Time - ok

14:36:39.0140 0300        Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:36:39.0281 0300        Wanarp - ok

14:36:39.0296 0300        wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

14:36:39.0328 0300        wanatw - ok

14:36:39.0328 0300        WDICA - ok

14:36:39.0359 0300        wdmaud          (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

14:36:39.0750 0300        wdmaud - ok

14:36:39.0781 0300        WebClient       (879ecb9a5f14a03960b84edb7207a051) C:\WINDOWS\System32\webclnt.dll

14:36:40.0171 0300        WebClient - ok

14:36:40.0218 0300        winachsf        (6a20da7762188e16e7359aa4060a3ade) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

14:36:40.0296 0300        winachsf - ok

14:36:40.0375 0300        winmgmt         (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll

14:36:40.0500 0300        winmgmt - ok

14:36:40.0546 0300        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

14:36:40.0609 0300        WmdmPmSN - ok

14:36:40.0640 0300        WmiApSrv        (042a78fcd1adfb0fba9865d55c6f5cc1) C:\WINDOWS\system32\wbem\wmiapsrv.exe

14:36:40.0765 0300        WmiApSrv - ok

14:36:40.0843 0300        WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe

14:36:40.0890 0300        WMPNetworkSvc - ok

14:36:40.0984 0300        wscsvc          (bd3561aae748150cf51c2ca876449ea7) C:\WINDOWS\system32\wscsvc.dll

14:36:41.0125 0300        wscsvc - ok

14:36:41.0156 0300        WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

14:36:41.0281 0300        WSTCODEC - ok

14:36:41.0312 0300        wuauserv        (1eddd5c0ecf3fa6edfd8a25b2b4e7df6) C:\WINDOWS\system32\wuauserv.dll

14:36:41.0437 0300        wuauserv - ok

14:36:41.0468 0300        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

14:36:41.0500 0300        WudfPf - ok

14:36:41.0515 0300        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

14:36:41.0562 0300        WudfRd - ok

14:36:41.0593 0300        WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

14:36:41.0609 0300        WudfSvc - ok

14:36:41.0656 0300        WZCSVC          (ae83ada96575dacf533c2bcb1fc163dc) C:\WINDOWS\System32\wzcsvc.dll

14:36:41.0781 0300        WZCSVC - ok

14:36:41.0812 0300        xmlprov         (8302de1c64618d72346dd0034dbc5d9b) C:\WINDOWS\System32\xmlprov.dll

14:36:41.0937 0300        xmlprov - ok

14:36:41.0984 0300        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

14:36:42.0187 0300        \Device\Harddisk0\DR0 - ok

14:36:42.0187 0300        Boot (0x1200)   (9f0f9dd987aeaadf7b290e54290973a2) \Device\Harddisk0\DR0\Partition0

14:36:42.0187 0300        \Device\Harddisk0\DR0\Partition0 - ok

14:36:42.0218 0300        Boot (0x1200)   (ee3962dc41b0a17ae1d9e4b6cebb0355) \Device\Harddisk0\DR0\Partition1

14:36:42.0218 0300        \Device\Harddisk0\DR0\Partition1 - ok

14:36:42.0218 0300        ============================================================

14:36:42.0218 0300        Scan finished

14:36:42.0218 0300        ============================================================

14:36:42.0343 3444        Detected object count: 32

14:36:42.0343 3444        Actual detected object count: 32

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hi, hier das Combofix Log:

[code]

Combofix Logfile:

Code:

ComboFix 12-03-26.02 - David 26.03.2012  17:53:21.2.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.2.1252.49.1031.18.1023.436 [GMT 2:00]

ausgeführt von:: d:\dokumente und einstellungen\David\Eigene Dateien\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\IsUn0407.exe

c:\windows\iun6002.exe

c:\windows\unin0407.exe

d:\dokume~1\David\LOKALE~1\Temp\tmp4.tmp

d:\dokumente und einstellungen\All Users\Anwendungsdaten\DragToDiscUserNameF.txt

d:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

d:\dokumente und einstellungen\David\Lokale Einstellungen\Temp\tmp4.tmp

d:\dokumente und einstellungen\David\WINDOWS

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-26 bis 2012-03-26  ))))))))))))))))))))))))))))))

.

.

2012-03-26 16:04 . 2012-03-26 16:04        1078502        ----a-w-        c:\windows\system32\PerfStringBackup.TMP

2012-03-26 15:46 . 2012-03-26 15:47        --------        d-----w-        C:\cofi

2012-03-21 11:16 . 2012-03-21 11:16        --------        d-----w-        c:\programme\ESET

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-25 13:57 . 2012-01-25 13:57        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"InfoCockpit"="c:\programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-07-30 176128]

"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-18 2423752]

"ICQ"="c:\programme\ICQ7.2\ICQ.exe" [2011-01-05 133432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="c:\programme\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]

"PCMService"="c:\programme\CyberLink\PowerCinema\PCMService.exe" [2005-08-23 139264]

"RoxWatchTray"="c:\programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-10-11 163840]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"MMTray"="c:\programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-06-03 90112]

"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2005-12-20 98304]

"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2005-12-20 180269]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

"InfoCockpit"="c:\programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-07-30 176128]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21        548352        ----a-w-        c:\programme\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

2005-08-12 16:01        49152        ----a-w-        c:\apps\Softex\OmniPass\OPXPGina.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKLM\~\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Sonic CinePlayer Quick Launch.lnk]

path=d:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Sonic CinePlayer Quick Launch.lnk

backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 16:43        69632        ----a-w-        c:\windows\Alcmtr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-04 13:00        208952        ----a-w-        c:\windows\ime\IMJP8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

2002-06-03 18:20        90112        ----a-w-        c:\programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2010-04-16 21:12        3872080        ----a-w-        c:\programme\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]

2005-08-12 17:05        1859584        ----a-w-        c:\apps\Softex\OmniPass\scureapp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-04 13:00        455168        ----a-w-        c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-04 13:00        455168        ----a-w-        c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2005-12-20 07:32        98304        ----a-w-        c:\programme\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

2005-10-10 23:54        1687552        ----a-w-        c:\programme\Roxio\WinOnCD 8\Drag to Disc\DrgToDsc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2005-12-20 07:35        180269        ----a-w-        c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%ProgramFiles%\\AOL 9.0\\aol.exe"=

"%ProgramFiles%\\Ahead\\SIPPS\\SIPPS.exe"=

"%ProgramFiles%\\sipgate X-Lite\\sipgateXLite.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Messenger\\msmsgs.exe"=

"c:\\Programme\\Roxio\\WinOnCD 8\\Digital Home\\RoxUpnpServer.exe"=

"c:\\Programme\\T-Online\\T-Online_Software_6\\Basis-Software\\Basis2\\profilemgr.exe"=

"c:\\Programme\\ICQ7.2\\ICQ.exe"=

"c:\\Programme\\ICQ7.2\\aolload.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26.02.2010 15:57 64288]

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [30.04.2006 21:45 11264]

R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 20:25 12872]

R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 20:41 67656]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [26.02.2010 15:25 108289]

R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [16.07.2009 12:02 247096]

R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [26.08.2008 10:16 61440]

R2 NIHardwareService;NIHardwareService;c:\programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe [08.12.2009 20:26 3616768]

R3 DFE528TX;D-Link DFE-528TX PCI Adapter;c:\windows\system32\drivers\DLKRTL.SYS [29.02.2008 19:19 45568]

R3 MicNgBas;Cinergy Dual T PCIe Base Driver;c:\windows\system32\drivers\MicNgBas.sys [20.12.2005 09:19 44544]

R3 MicNgCap;Cinergy Dual T PCIe Capture Driver;c:\windows\system32\drivers\MicNgCap.sys [20.12.2005 09:19 49792]

R3 MicNgTun;Cinergy Dual T PCIe Tuner Driver;c:\windows\system32\drivers\MicNgTun.sys [20.12.2005 09:19 103424]

S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [04.02.2010 17:52 1355968]

S3 a2djavs;a2djavs;c:\windows\system32\drivers\a2djavs.sys [04.05.2010 11:39 35216]

S3 a2djusb;a2djusb;c:\windows\system32\drivers\a2djusb.sys [04.05.2010 11:41 226576]

S3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\drivers\avmunet.sys [17.01.2006 14:44 15104]

S3 FILESpy;FILESpy;\??\c:\programme\Softwin\BitDefender8\filespy.sys --> c:\programme\Softwin\BitDefender8\filespy.sys [?]

S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [02.01.2006 22:33 201728]

S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [26.08.2008 10:16 17280]

S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [26.08.2008 10:16 17152]

S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [26.08.2008 10:15 17536]

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

tapisrv        REG_MULTI_SZ           Tapisrv

.

Inhalt des "geplante Tasks" Ordners

.

2012-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 12:58]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://start.icq.com/

mLocal Page = 

mStart Page = 

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

uInternet Settings,ProxyOverride = <local>

IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://dfgfile.com/online_games/DinerDash/DinerDash.1.0.0.58.cab

FF - ProfilePath - d:\dokumente und einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\d52wzkdt.default\

FF - prefs.js: browser.search.selectedEngine - 

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Bertelsmann Discovery 2000 OEM1 - c:\windows\IsUn0407.exe

AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe

AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe

AddRemove-MUSICMATCH Jukebox - c:\windows\IsUn0407.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-03-26 18:02

Windows 5.1.2600 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  MMTray = c:\programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?????w???gx???V??gx???SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp??????? ?w?????????????\?wp ?w???????w???g???????????g?RY??QY????????gz???2???????????8???? @??%X??%X?????????????????x?Y???????Q????? 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"7040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(680)

c:\programme\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\Ati2evxx.dll

c:\apps\Softex\OmniPass\opxpgina.dll

.

- - - - - - - > 'explorer.exe'(3284)

c:\windows\system32\WPDShServiceObj.dll

c:\programme\Roxio\WinOnCD 8\Drag to Disc\Shellex.dll

c:\programme\Roxio\WinOnCD 8\Drag to Disc\Shellex.LOC

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

c:\programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

c:\programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLService.exe

c:\apps\HIDSERVICE\HIDSERVICE.exe

c:\apps\Softex\OmniPass\Omniserv.exe

c:\programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe

c:\programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe

c:\programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

c:\apps\Softex\OmniPass\OPXPApp.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\RTHDCPL.EXE

c:\programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE

c:\programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\kernel.exe

c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\sc_watch.exe

c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE

c:\progra~1\T-Online\T-ONLI~1\Notifier\Notifier.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-03-26  18:10:16 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-03-26 16:10

ComboFix2.txt  2011-03-01 15:16

.

Vor Suchlauf: 2.495.758.336 Bytes frei

Nach Suchlauf: 2.513.252.352 Bytes frei

.

- - End Of File - - F7804E1976D0F3AEAC63661A29E13AD1

--- --- ---

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Hier mal das GMER Log

[code]

GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-03-27 15:11:02

Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250823AS rev.3.03

Running: khdmwdx0.exe; Driver: D:\DOKUME~1\David\LOKALE~1\Temp\pfrdrkob.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT    F7CF927E                                                                                                   ZwCreateKey

SSDT    F7CF9274                                                                                                   ZwCreateThread

SSDT    F7CF9283                                                                                                   ZwDeleteKey

SSDT    F7CF928D                                                                                                   ZwDeleteValueKey

SSDT    F7CF9292                                                                                                   ZwLoadKey

SSDT    F7CF9260                                                                                                   ZwOpenProcess

SSDT    F7CF9265                                                                                                   ZwOpenThread

SSDT    F7CF929C                                                                                                   ZwReplaceKey

SSDT    F7CF9297                                                                                                   ZwRestoreKey

SSDT    F7CF9288                                                                                                   ZwSetValueKey

SSDT    \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)  ZwTerminateProcess [0xEE03E620]
 

---- Devices - GMER 1.0.15 ----
 

Device  \Driver\USBSTOR \Device\000000a6                                                                           sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\USBSTOR \Device\000000a7                                                                           sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\USBSTOR \Device\000000a8                                                                           sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\USBSTOR \Device\000000a9                                                                           sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\USBSTOR \Device\000000aa                                                                           sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
 

---- Registry - GMER 1.0.15 ----
 

Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)       

Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                            0

Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                         0x55 0x02 0x1E 0x2B ...

Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)       

Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                            0

Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                         0x55 0x02 0x1E 0x2B ...

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                           

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                        0

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                     0x55 0x02 0x1E 0x2B ...

Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)       

Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                            0

Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                         0x55 0x02 0x1E 0x2B ...
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Osam

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 15:32:11 on 27.03.2012
 

OS: Windows XP Home Edition Service Pack 2 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 6.00.2900.2180
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe  (File found, but it contains no detailed information)
 

[Common]

-----( %SystemRoot%\Tasks )-----

"Ad-Aware Update (Weekly).job" - "Lavasoft                                                              " - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl

"Bdeadmin.cpl" - ? - C:\WINDOWS\system32\Bdeadmin.cpl

"CMDVDPak.cpl" - "Sonic Solutions" - C:\WINDOWS\system32\CMDVDPak.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl

"jpicpl32.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\jpicpl32.cpl

"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl

"scurecpl.cpl" - "Softex, Inc" - C:\WINDOWS\system32\scurecpl.cpl

"SETUPPC.CPL" - "NEC Computers International" - C:\WINDOWS\system32\SETUPPC.CPL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"a2djavs" (a2djavs) - "Native Instruments GmbH" - C:\WINDOWS\System32\Drivers\a2djavs.sys

"a2djusb" (a2djusb) - "Native Instruments GmbH" - C:\WINDOWS\System32\Drivers\a2djusb.sys

"Asapi" (Asapi) - "VOB Computersysteme GmbH" - C:\WINDOWS\system32\drivers\Asapi.sys

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"BDFsDrv" (BDFsDrv) - ? - C:\Programme\Softwin\BitDefender8\bdfsdrv.sys  (File not found)

"BDRsDrv" (BDRsDrv) - ? - C:\Programme\Softwin\BitDefender8\bdrsdrv.sys  (File not found)

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"cdudf_xp" (cdudf_xp) - "Sonic Solutions" - C:\WINDOWS\system32\drivers\cdudf_xp.sys

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"drvmcdb" (drvmcdb) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvmcdb.sys

"dvd_2K" (dvd_2K) - "Sonic Solutions" - C:\WINDOWS\system32\drivers\dvd_2K.sys

"FILESpy" (FILESpy) - ? - C:\Programme\Softwin\BitDefender8\filespy.sys  (File not found)

"Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS

"MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS

"mmc_2K" (mmc_2K) - "Sonic Solutions" - C:\WINDOWS\system32\drivers\mmc_2K.sys

"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS

"MxlW2k" (MxlW2k) - "MusicMatch, Inc." - C:\WINDOWS\system32\drivers\MxlW2k.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"pfrdrkob" (pfrdrkob) - ? - D:\DOKUME~1\David\LOKALE~1\Temp\pfrdrkob.sys  (Hidden registry entry, rootkit activity | File not found)

"pwd_2k" (pwd_2k) - "Sonic Solutions" - C:\WINDOWS\system32\drivers\pwd_2k.sys

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"REGSpy" (REGSpy) - ? - C:\Programme\Softwin\BitDefender8\regspy.sys  (File not found)

"RxFilter" (RxFilter) - "Sonic Solutions" - C:\WINDOWS\System32\DRIVERS\RxFilter.sys

"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS

"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS

"sptd" (sptd) - ? - C:\WINDOWS\System32\Drivers\sptd.sys  (File not found)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys

"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys

"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll

{D653647D-D607-4DF6-A5B8-48D2BA195F7B} "BitDefender Antivirus v8" - ? -   (File not found | COM-object registry key not found)

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -   (File not found | COM-object registry key not found)

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{CCFE56EE-C7DE-44EE-A160-4553A5A912C9} "OmniPass Shell Extension" - ? -   (File not found | COM-object registry key not found)

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll

{5E44E225-A408-11CF-B581-008029601108} "Roxio DragToDisc Shell Extension" - "Sonic Solutions" - C:\Programme\Roxio\WinOnCD 8\Drag to Disc\Shellex.dll

{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} "RXDCExtShlExt extension" - ? - C:\Programme\Roxio\WinOnCD 8\Virtual Drive\DC_ShellExt.dll  (File found, but it contains no detailed information)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - c:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll

{D0CE97A0-415B-42E9-B251-34393AF2D5F6} "Softex OmniPass Encrypted File" - "Softex Inc." - C:\Apps\Softex\OmniPass\opfolderext.dll

{D5B1944E-DB4E-482E-B3F1-DB05827F0978} "Softex OmniPass Encrypted Folder" - "Softex Inc." - C:\Apps\Softex\OmniPass\opfolderext.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} "CPlayFirstDinerDashControl Object" - "PlayFirst, Inc." - C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58.dll / hxxp://dfgfile.com/online_games/DinerDash/DinerDash.1.0.0.58.cab

{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.5.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\avsniff.dll / hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

{31435657-9980-0010-8000-00AA00389B71} "{31435657-9980-0010-8000-00AA00389B71}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll

"ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe  (File not found)

"ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - D:\Dokumente und Einstellungen\David\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"ICQ" - "ICQ, LLC." - "C:\Programme\ICQ7.2\ICQ.exe" silent loginmode=4

"InfoCockpit" - "Deutsche Telekom AG, T-Com" - C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash

"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"ATICCC" - "ATI Technologies Inc." - "c:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"MMTray" - "MUSICMATCH, Inc." - C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

"PCMService" - "CyberLink Corp." - "C:\Programme\CyberLink\PowerCinema\PCMService.exe"

"QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime

"RoxWatchTray" - ? - "C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

"CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

"Generic Service for HID Keyboard Input Collections" (GenericHidService) - ? - c:\APPS\HIDSERVICE\HIDSERVICE.exe  (File found, but it contains no detailed information)

"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

"ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

"LiveShare P2P Server" (RoxLiveShare) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe

"NIHardwareService" (NIHardwareService) - "Native Instruments GmbH" - C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"RAS-Verbindungsverwaltung" (RasMan) - "Microsoft Corporation" - C:\WINDOWS\System32\rasmans.dll

"Roxio Hard Drive Watcher" (RoxWatch) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe

"RoxMediaDB" (RoxMediaDB) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe

"RoxUpnpRenderer" (RoxUPnPRenderer) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe

"RoxUpnpServer" (RoxUpnpServer) - "Sonic Solutions" - C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe

"Softex OmniPass Service" (omniserv) - "Softex Inc." - C:\Apps\Softex\OmniPass\Omniserv.exe

"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL

"OPXPGina" - ? - C:\Apps\Softex\OmniPass\opxpgina.dll  (File found, but it contains no detailed information)
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR kommt jetzt ;)

Code:



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-03-27 16:18:22

-----------------------------

16:18:22.421    OS Version: Windows 5.1.2600 Service Pack 2

16:18:22.421    Number of processors: 2 586 0x409

16:18:22.421    ComputerName: SN112093730310  UserName: David

16:18:23.312    Initialize success

16:18:32.812    AVAST engine defs: 12032701

16:18:35.531    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

16:18:35.531    Disk 0 Vendor: ST3250823AS 3.03 Size: 238475MB BusType: 3

16:18:35.546    Disk 0 MBR read successfully

16:18:35.546    Disk 0 MBR scan

16:18:35.593    Disk 0 Windows XP default MBR code

16:18:35.609    Disk 0 Partition 1 00     17 Hidd HPFS/NTFS NTFS         4000 MB offset 63

16:18:35.625    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        30710 MB offset 8193150

16:18:35.640    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       203754 MB offset 71087625

16:18:35.656    Disk 0 scanning sectors +488376000

16:18:35.750    Disk 0 scanning C:\WINDOWS\system32\drivers

16:18:43.843    Service scanning

16:18:59.218    Modules scanning

16:19:05.546    Disk 0 trace - called modules:

16:19:05.578    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS 

16:19:05.593    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8737bab8]

16:19:05.593    3 CLASSPNP.SYS[f76ac05b] -> nt!IofCallDriver -> \Device\00000099[0x8738a1e0]

16:19:05.609    5 ACPI.sys[f74b1620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87389940]

16:19:05.609    \Driver\atapi[0x8738ac28] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xf75fc8b4]

16:19:05.734    AVAST engine scan C:\WINDOWS

16:19:14.093    AVAST engine scan C:\WINDOWS\system32

16:21:55.375    AVAST engine scan C:\WINDOWS\system32\drivers

16:22:12.328    AVAST engine scan D:\Dokumente und Einstellungen\David

16:27:57.203    File: D:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temp\_av4_\data\aswar0.dll  **INFECTED** Win32:Malware-gen

16:27:57.671    File: D:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temp\_av4_\data\updldr0.bin  **INFECTED** Win32:Malware-gen

16:28:23.390    AVAST engine scan D:\Dokumente und Einstellungen\All Users

16:30:55.656    Scan finished successfully

16:38:18.062    Disk 0 MBR has been saved successfully to "D:\Dokumente und Einstellungen\David\Desktop\MBR.dat"

16:38:18.078    The log file has been saved successfully to "D:\Dokumente und Einstellungen\David\Desktop\aswMBR.txt"
 
 

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-03-27 16:18:22

-----------------------------

16:18:22.421    OS Version: Windows 5.1.2600 Service Pack 2

16:18:22.421    Number of processors: 2 586 0x409

16:18:22.421    ComputerName: SN112093730310  UserName: David

16:18:23.312    Initialize success

16:18:32.812    AVAST engine defs: 12032701

16:18:35.531    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

16:18:35.531    Disk 0 Vendor: ST3250823AS 3.03 Size: 238475MB BusType: 3

16:18:35.546    Disk 0 MBR read successfully

16:18:35.546    Disk 0 MBR scan

16:18:35.593    Disk 0 Windows XP default MBR code

16:18:35.609    Disk 0 Partition 1 00     17 Hidd HPFS/NTFS NTFS         4000 MB offset 63

16:18:35.625    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        30710 MB offset 8193150

16:18:35.640    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       203754 MB offset 71087625

16:18:35.656    Disk 0 scanning sectors +488376000

16:18:35.750    Disk 0 scanning C:\WINDOWS\system32\drivers

16:18:43.843    Service scanning

16:18:59.218    Modules scanning

16:19:05.546    Disk 0 trace - called modules:

16:19:05.578    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS 

16:19:05.593    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8737bab8]

16:19:05.593    3 CLASSPNP.SYS[f76ac05b] -> nt!IofCallDriver -> \Device\00000099[0x8738a1e0]

16:19:05.609    5 ACPI.sys[f74b1620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87389940]

16:19:05.609    \Driver\atapi[0x8738ac28] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xf75fc8b4]

16:19:05.734    AVAST engine scan C:\WINDOWS

16:19:14.093    AVAST engine scan C:\WINDOWS\system32

16:21:55.375    AVAST engine scan C:\WINDOWS\system32\drivers

16:22:12.328    AVAST engine scan D:\Dokumente und Einstellungen\David

16:27:57.203    File: D:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temp\_av4_\data\aswar0.dll  **INFECTED** Win32:Malware-gen

16:27:57.671    File: D:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temp\_av4_\data\updldr0.bin  **INFECTED** Win32:Malware-gen

16:28:23.390    AVAST engine scan D:\Dokumente und Einstellungen\All Users

16:30:55.656    Scan finished successfully

16:38:18.062    Disk 0 MBR has been saved successfully to "D:\Dokumente und Einstellungen\David\Desktop\MBR.dat"

16:38:18.078    The log file has been saved successfully to "D:\Dokumente und Einstellungen\David\Desktop\aswMBR.txt"

16:39:22.265    Disk 0 MBR has been saved successfully to "D:\Dokumente und Einstellungen\David\Desktop\MBR.dat"

16:39:22.281    The log file has been saved successfully to "D:\Dokumente und Einstellungen\David\Desktop\aswMBR.txt"