Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Hilfe ich habe mehrere IEXPLORER Prozesse und Explorer ist langsam PC ständig überlastet (https://www.trojaner-board.de/115540-hilfe-habe-mehrere-iexplorer-prozesse-explorer-langsam-pc-staendig-ueberlastet.html)

olli74 21.05.2012 21:35
Hilfe ich habe mehrere IEXPLORER Prozesse und Explorer ist langsam PC ständig überlastet
 
Hallo zusammen,

mein PC ist derzeit verdammt langsam im Internet unterwegs. Bei jeder neuen Suche im Web habe ich eine 100 % Auslastung des Systems.
Im Task Manager erscheinen 5 IEXPLORER Prozesse sowie 7 SVChost.exe Proz. und ständig erscheint der Prozess DTUpdate.exe neu. Insgesamt laufen 37 Prozesse. Ständig öffnet sich bei einem neuen Browserfenster Babylon Search.
Nach einem Scan mit Malwarebyte hatte ich 37 infizierte Datein. Im Anhang sind folgende Dateien zu finden. LOG von Malwarebytes und gezippte Logs von defogger DDS GMER. ungezippte von Malwarebytes und Hijackthis.
Die Viren habe ich alle nach fund durch und in MBAm gelöscht.

Vielleicht kann mir jemand hier bitte helfen meinen Rechner wieder auf Vordermann zu bringen.

Ich danke euch schon mal im Voraus.
P.S.: ist meine erste richtige Infektion.
Software XP virenscanner AVAST tägliches update:-)

Grüsse Oliver

cosinus 22.05.2012 13:57
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

olli74 24.05.2012 06:01
Hallo Cosinus,

Danke schon mal für Deine Anweisungen ich habe diese wie o.a. durchgeführt.
hier das log von MBAM:

Code:
  Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.23.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
olli :: ZWOCKEL-YJLBCL5 [Administrator]

23.05.2012 19:30:04
mbam-log-2012-05-23 (19-30-04).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 292579
Laufzeit: 1 Stunde(n), 52 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\I WANT THIS (PUP.GamesPlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Daten: cf4a3a30dcccc82a7755e5f35ad4cdfd -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\I Want This|HelperRunningVersion (PUP.GamesPlayLab) -> Daten: 149 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Programme\I Want This (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 8
D:\SoftonicDownloader_fuer_exact-audio-copy.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\I Want This\I Want This.ini (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\I Want This\fb.js (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\I Want This\I Want This.ico (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\I Want This\jquery.js (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\I Want This\json.js (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
anbei die log Datei von Eset:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2d4c51b2f8f6414aa8ed36e7550cbcc3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-23 10:34:22
# local_time=2012-05-24 12:34:22 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 58961440 58961440 0 0
# compatibility_mode=8192 67108863 100 0 352 352 0 0
# scanned=105684
# found=6
# cleaned=0
# scan_time=10253
C:\Dokumente und Einstellungen\olli\Desktop\Olli\PDFCreator-1_2_3_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\RECYCLER\S-1-5-21-823518204-2052111302-725345543-1004\Dc1\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\RECYCLER\S-1-5-21-823518204-2052111302-725345543-1004\Dc37\MyBabylonTB.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\RECYCLER\S-1-5-21-823518204-2052111302-725345543-1004\Dc44\MyBabylonTB.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\WINDOWS\win2.bat        Win32/Agent.CWS trojan (unable to clean)        00000000000000000000000000000000        I


So jetzt muss ich auf die Arbeit nachdem ich heute Nacht schon bis 1.00 Uhr gesessen habe.:killpc:

Schon mal Danke im Voraus an alle Spezialisten für Eure Mühe.
einen schönen Tag wünsche ich bis heute abend.:rolleyes:
Gruss Oliver

olli74 24.05.2012 06:05
Sorry doppelpost

cosinus 24.05.2012 21:12
Zitat:
D:\SoftonicDownloader_fuer_exact-audio-copy.exe
Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

olli74 25.05.2012 17:40
Hallo Cosinus,

anbei ist der neueste LOG von OTL, ich hoffe Ihr Profis könnt damit was anfangen.

Code:
OTL Extras logfile created on: 25.05.2012 17:41:53 - Run 1
OTL by OldTimer - Version 3.2.42.3    Folder = C:\Dokumente und Einstellungen\olli\Desktop\Virenprogramme
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 81,53% Memory free
2,60 Gb Paging File | 2,41 Gb Available in Paging File | 92,58% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14,65 Gb Total Space | 2,38 Gb Free Space | 16,27% Space Free | Partition Type: NTFS
Drive D: | 59,87 Gb Total Space | 20,51 Gb Free Space | 34,25% Space Free | Partition Type: NTFS
 
Computer Name: ZWOCKEL-YJLBCL5 | User Name: olli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-823518204-2052111302-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Dokumente und Einstellungen\olli\Desktop\onlinefotoservice\CEWE FOTOSCHAU.exe" -d "%1"
Directory [Digital Photo Professional] -- D:\Programme\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Dokumente und Einstellungen\olli\Desktop\onlinefotoservice\OnlineFotoservice.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\T-Online\T-Online_Software_6\Internet-Telefon\Phone.exe" = C:\Programme\T-Online\T-Online_Software_6\Internet-Telefon\Phone.exe:*:Enabled:Internet-Telefon
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2FDC2A3-77C8-4F65-9484-4AE6A9EA0B62}" = pdfforge Toolbar v5.7
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A858BE-A665-4C0D-BC5F-C37E534B7669}" = PC Connectivity Solution
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"avast" = avast! Free Antivirus
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"C-Media Audio" = C-Media Audio
"DefaultTab" = DefaultTab
"DPP" = Canon Utilities Digital Photo Professional 3.9
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OnlineFotoservice" = OnlineFotoservice
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"Power Tab Editor 1.7" = Power Tab Editor 1.7
"SiS7002" = USB EHCI Driver
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Setup-Start von Microsoft Works 2004
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 19.07.2009 04:09:23 | Computer Name = ZWOCKEL-YJLBCL5 | Source = avast! | ID = 33554522
Description =
 
Error - 06.11.2009 03:24:33 | Computer Name = ZWOCKEL-YJLBCL5 | Source = avast! | ID = 33554522
Description =
 
[ Application Events ]
Error - 30.03.2012 15:47:41 | Computer Name = ZWOCKEL-YJLBCL5 | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich 1993019161.
 
Error - 03.04.2012 02:10:32 | Computer Name = ZWOCKEL-YJLBCL5 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul msxml3.dll, Version 8.100.1052.0, Fehleradresse 0x000a1425.
 
Error - 04.04.2012 08:39:08 | Computer Name = ZWOCKEL-YJLBCL5 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mail.exe, Version 6.5.0.2, fehlgeschlagenes
 Modul mail.exe, Version 6.5.0.2, Fehleradresse 0x00256cfb.
 
Error - 04.04.2012 08:39:17 | Computer Name = ZWOCKEL-YJLBCL5 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
 Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.
 
Error - 12.04.2012 14:47:45 | Computer Name = ZWOCKEL-YJLBCL5 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul msxml3.dll, Version 8.100.1052.0, Fehleradresse 0x000a1425.
 
Error - 29.04.2012 05:30:04 | Computer Name = ZWOCKEL-YJLBCL5 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung nero.exe, Version 5.5.9.9, fehlgeschlagenes
 Modul nero.exe, Version 5.5.9.9, Fehleradresse 0x000518d1.
 
Error - 21.05.2012 09:04:21 | Computer Name = ZWOCKEL-YJLBCL5 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul msxml3.dll, Version 8.100.1052.0, Fehleradresse 0x000a1425.
 
Error - 21.05.2012 09:11:07 | Computer Name = ZWOCKEL-YJLBCL5 | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich 1993019161.
 
Error - 22.05.2012 17:01:21 | Computer Name = ZWOCKEL-YJLBCL5 | Source = MZCCntrl | ID = 114
Description = The zero config could not be stopped on initial start.
 
Error - 22.05.2012 17:01:31 | Computer Name = ZWOCKEL-YJLBCL5 | Source = MZCCntrl | ID = 114
Description = The zero config could not be stopped on initial start.
 
[ System Events ]
Error - 15.05.2012 01:38:10 | Computer Name = ZWOCKEL-YJLBCL5 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
  %%126
 
Error - 15.05.2012 01:38:11 | Computer Name = ZWOCKEL-YJLBCL5 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
  %%126
 
Error - 21.05.2012 15:38:02 | Computer Name = ZWOCKEL-YJLBCL5 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 21.05.2012 15:38:06 | Computer Name = ZWOCKEL-YJLBCL5 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 21.05.2012 15:43:20 | Computer Name = ZWOCKEL-YJLBCL5 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 21.05.2012 15:44:39 | Computer Name = ZWOCKEL-YJLBCL5 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 22.05.2012 07:49:56 | Computer Name = ZWOCKEL-YJLBCL5 | Source = DCOM | ID = 10010
Description = Der Server "{E225E692-4B47-4777-9BED-4FD7FE257F0E}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 22.05.2012 17:02:28 | Computer Name = ZWOCKEL-YJLBCL5 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst WZCSVC.
 
Error - 23.05.2012 15:26:37 | Computer Name = ZWOCKEL-YJLBCL5 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 23.05.2012 15:27:56 | Computer Name = ZWOCKEL-YJLBCL5 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  PCIIde
 
 
< End of report >
jetzt noch das OTL Log
Code:
TL logfile created on: 25.05.2012 17:41:53 - Run 1
OTL by OldTimer - Version 3.2.42.3    Folder = C:\Dokumente und Einstellungen\olli\Desktop\Virenprogramme
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 81,53% Memory free
2,60 Gb Paging File | 2,41 Gb Available in Paging File | 92,58% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14,65 Gb Total Space | 2,38 Gb Free Space | 16,27% Space Free | Partition Type: NTFS
Drive D: | 59,87 Gb Total Space | 20,51 Gb Free Space | 34,25% Space Free | Partition Type: NTFS
 
Computer Name: ZWOCKEL-YJLBCL5 | User Name: olli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.16 18:25:46 | 000,992,648 | ---- | M] (Spigot, Inc.) -- C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.05.16 18:16:50 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2012.05.12 14:48:26 | 000,114,240 | ---- | M] (TODO: <Company name>) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012.05.07 21:17:26 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\olli\Desktop\Virenprogramme\OTL.exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
PRC - [2003.06.17 18:14:40 | 000,050,688 | ---- | M] (Microsoft® Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.25 10:42:12 | 001,762,304 | ---- | M] () -- C:\Programme\Alwil Software\Avast5\defs\12052500\algo.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2007.08.21 14:32:44 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.16 18:16:50 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.05.12 14:48:26 | 000,114,240 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.09.23 17:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Adapter | Disabled | Unknown] -- C:\Programme\Reserve Speicher\MMsMpEng.exe -- (WinDefend)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\olli\LOKALE~1\Temp\kwwalpgr.sys -- (kwwalpgr)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.03.07 02:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.03.07 02:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.03.07 01:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.07.15 23:16:10 | 000,005,311 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- c:\huadio.tmp -- (autorun)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.10.09 14:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2002.08.20 11:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002.07.30 10:46:28 | 000,005,760 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\siside.sys -- (SiSide)
DRV - [2002.07.10 17:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002.05.28 10:21:10 | 000,048,896 | R--- | M] (Windows (R) 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2001.08.17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 13:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [2000.10.25 14:27:24 | 000,003,000 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\SetupNT.sys -- (SetupNT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-823518204-2052111302-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-823518204-2052111302-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-823518204-2052111302-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-823518204-2052111302-725345543-1004\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-823518204-2052111302-725345543-1004\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-823518204-2052111302-725345543-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-823518204-2052111302-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-823518204-2052111302-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE337
IE - HKU\S-1-5-21-823518204-2052111302-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: D:\Programme\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
 
[2009.12.29 11:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2002.08.29 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-823518204-2052111302-725345543-1004\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] "C:\Windows\svschost-xx.exe" /min File not found
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\svschost-xx.exe /auto File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [Windows Defender] "C:\Programme\Windows-Defender\svschost-xx.exe" /min File not found
O4 - HKU\S-1-5-21-823518204-2052111302-725345543-1004..\Run: [BD] "C:\Windows\svschost-xx.exe" /min File not found
O4 - HKU\S-1-5-21-823518204-2052111302-725345543-1004..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-823518204-2052111302-725345543-1004..\Run: [UpData]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-2052111302-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247694087031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247694076281 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} https://shop.aldisued-fotos-druck.de/shop/aurigma/ImageUploader6.cab (Image Uploader Control)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{602BF78B-AA1B-4875-A282-18BD73AC73DF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\olli\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\olli\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.15 23:09:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.23 21:37:41 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.05.23 19:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012.05.22 13:19:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012.05.21 22:00:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.05.21 22:00:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\7-Zip
[2012.05.21 22:00:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\Neuer Ordner
[2012.05.20 13:56:23 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\olli\Startmenü\Programme\Verwaltung
[2012.05.19 13:05:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Search Settings
[2012.05.19 13:04:52 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2012.05.19 13:04:51 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot
[2012.05.19 13:04:51 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar
[2012.05.14 21:07:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.05.14 21:07:01 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.05.14 21:07:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.05.12 14:48:22 | 000,000,000 | ---D | C] -- C:\Programme\Free Offers from Freeze.com
[2012.05.12 14:48:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab
[2012.05.08 21:12:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012.05.07 22:58:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Desktop\Virenprogramme
[2012.05.07 22:57:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Desktop\Gartenideen
[2012.05.07 21:45:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Malwarebytes
[2012.05.07 21:45:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.05.06 13:29:49 | 000,000,000 | ---D | C] -- C:\Programme\VS Revo Group
[2012.05.06 13:24:33 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2012.05.04 06:51:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\Canon Utilities
[2012.05.04 06:46:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\CANON INC
[2011.12.07 23:18:58 | 017,010,016 | ---- | C] (Microsoft Corporation) -- C:\Programme\IE8-WindowsXP-x86-DEU.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.25 17:35:19 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.25 17:34:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.05.25 06:55:15 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.23 21:33:01 | 000,448,824 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.05.23 21:33:01 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.23 21:33:01 | 000,080,520 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.05.23 21:33:01 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.21 23:38:55 | 000,037,938 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\wklnhst.dat
[2012.05.21 22:39:46 | 000,002,495 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Desktop\Microsoft Word.lnk
[2012.05.21 22:34:59 | 000,006,868 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\Gmer 21052012.zip
[2012.05.21 22:27:52 | 000,000,394 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\defogger_disable.zip
[2012.05.21 22:05:14 | 001,511,478 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\Eigene Dateien.zip
[2012.05.21 21:59:53 | 001,110,476 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Desktop\7z920.exe
[2012.05.20 14:11:48 | 000,013,738 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.05.16 14:48:39 | 001,807,853 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Desktop\April-Mai 2012 135.jpg
[2012.05.10 13:39:11 | 000,066,048 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Desktop\CD-Etiketten-Vorlage_116mm_Dario.dot
[2012.05.08 20:34:45 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\defogger_reenable
[2012.05.02 21:48:05 | 000,039,936 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.02 13:46:34 | 000,232,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.01 14:48:56 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.22 13:45:28 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.22 13:45:27 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.21 22:34:59 | 000,006,868 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\Gmer 21052012.zip
[2012.05.21 22:27:52 | 000,000,394 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\defogger_disable.zip
[2012.05.21 22:05:06 | 001,511,478 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\Eigene Dateien.zip
[2012.05.21 21:59:42 | 001,110,476 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Desktop\7z920.exe
[2012.05.18 13:05:55 | 001,807,853 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Desktop\April-Mai 2012 135.jpg
[2012.05.10 13:39:11 | 000,066,048 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Desktop\CD-Etiketten-Vorlage_116mm_Dario.dot
[2012.05.08 20:34:45 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\defogger_reenable
[2012.05.04 06:52:27 | 000,150,728 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.05.01 14:23:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.05.01 14:23:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012.03.07 22:14:08 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011.12.13 22:35:29 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
 
========== LOP Check ==========
 
[2010.07.10 16:14:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2012.03.07 22:13:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2009.07.18 20:35:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010.10.01 14:37:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010.10.01 17:21:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010.10.01 14:24:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaMusic
[2010.11.11 16:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.01.01 13:31:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Smart Soft
[2009.07.15 23:28:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2011.11.27 22:59:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2010.10.24 14:30:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2012.03.07 22:13:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Babylon
[2011.11.27 14:44:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Canon
[2009.07.23 14:27:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\CD-LabelPrint
[2012.03.07 22:16:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly
[2012.05.12 14:48:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab
[2011.01.09 10:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Desktopicon
[2012.01.22 17:14:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVDVideoSoft
[2012.01.22 17:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.12.15 01:02:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\EAC
[2011.03.03 07:49:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Nokia
[2010.10.01 13:33:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\PC Suite
[2011.12.13 22:37:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\pdfforge
[2012.05.19 13:05:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Search Settings
[2010.01.01 13:31:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Smart PDF Converter
[2009.07.15 23:28:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\T-Online
[2009.12.29 15:18:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Toolbars
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*.  >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s  >
 
< %APPDATA%\*.  >
[2011.12.15 01:01:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\AccurateRip
[2012.05.22 13:47:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Adobe
[2012.03.07 22:13:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Babylon
[2011.11.27 14:44:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Canon
[2012.05.04 06:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\CANON INC
[2009.07.23 14:27:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\CD-LabelPrint
[2012.03.07 22:16:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly
[2012.05.12 14:48:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab
[2011.01.09 10:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Desktopicon
[2012.01.22 17:14:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVDVideoSoft
[2012.01.22 17:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.12.15 01:02:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\EAC
[2009.07.24 21:29:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Google
[2009.12.29 10:39:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Help
[2009.07.15 23:15:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Identities
[2009.08.03 08:10:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Macromedia
[2012.05.07 21:45:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Malwarebytes
[2011.06.27 06:58:35 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft
[2011.03.03 07:49:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Nokia
[2010.10.01 13:33:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\PC Suite
[2011.12.13 22:37:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\pdfforge
[2012.05.19 13:05:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Search Settings
[2010.01.01 13:31:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Smart PDF Converter
[2009.07.15 23:28:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\T-Online
[2009.12.29 15:18:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Toolbars
[2011.11.27 14:45:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\ZoomBrowser EX
 
< %APPDATA%\*.exe /s  >
[2012.02.21 05:27:46 | 000,091,128 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly\KeepMeUpdated.exe
[2012.02.21 05:27:46 | 000,091,128 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly\64\KeepMeUpdated.exe
[2012.05.12 14:48:43 | 000,120,976 | ---- | M] (Search Results LLC.) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabStart.exe
[2012.05.12 14:48:26 | 000,114,240 | ---- | M] (TODO: <Company name>) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe
[2012.05.12 14:48:25 | 000,165,952 | ---- | M] (Search Results, LLC) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\uninstalldt.exe
[2010.02.02 07:33:12 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
 
< %SYSTEMDRIVE%\*.exe  >
 
< MD5 for: AGP440.SYS  >
[2009.07.16 22:06:33 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.07.17 18:37:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.07.16 22:06:33 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009.07.17 18:37:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 14:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2009.07.16 22:06:33 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.07.17 18:37:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.07.16 22:06:33 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009.07.17 18:37:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002.08.29 14:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 09:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 09:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 09:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 09:57:36 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 09:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 09:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2002.08.29 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2002.08.29 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles  >
 
< %systemroot%\System32\config\*.sav  >
[2009.07.16 00:55:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.07.16 00:55:48 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.07.16 00:55:48 | 000,393,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s  >
 
< %systemroot%\system32\*.dll /lockedfiles  >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >
So dann viel Spass mit meinen Logs.

Gruss Oliver

cosinus 25.05.2012 23:14
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\olli\LOKALE~1\Temp\kwwalpgr.sys -- (kwwalpgr)
IE - HKU\S-1-5-21-823518204-2052111302-725345543-1004\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-823518204-2052111302-725345543-1004\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-823518204-2052111302-725345543-1004\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\svschost-xx.exe /auto File not found
O4 - HKLM..\Run: [Windows Defender] "C:\Programme\Windows-Defender\svschost-xx.exe" /min File not found
O4 - HKU\S-1-5-21-823518204-2052111302-725345543-1004..\Run: [BD] "C:\Windows\svschost-xx.exe" /min File not found
O4 - HKU\S-1-5-21-823518204-2052111302-725345543-1004..\Run: [UpData]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-2052111302-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.15 23:09:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2012.05.19 13:04:52 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2012.05.19 13:04:51 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot
[2012.05.19 13:04:51 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar
[2012.05.12 14:48:22 | 000,000,000 | ---D | C] -- C:\Programme\Free Offers from Freeze.com
[2012.03.07 22:13:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2011.11.27 22:59:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2011.12.13 22:37:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\pdfforge
[2009.12.29 15:18:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Toolbars
[2012.05.19 13:05:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Search Settings
:Files
C:\WINDOWS\PCHealth\HelpCtr\Binaries\svschost-xx.exe
C:\Programme\Gemeinsame Dateien\Spigot
C:\Programme\Application Updater
C:\Programme\PDFCreator\Toolbar
C:\WINDOWS\win2.bat
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

olli74 26.05.2012 06:37
Hallo Arne,
Scan durchgeführt anbei das LOG.

Code:
All processes killed
========== OTL ==========
Service kwwalpgr stopped successfully!
Service kwwalpgr deleted successfully!
File C:\DOKUME~1\olli\LOKALE~1\Temp\kwwalpgr.sys not found.
Registry value HKEY_USERS\S-1-5-21-823518204-2052111302-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-823518204-2052111302-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\5.7\pdfforgeToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\5.7\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\5.7\pdfforgeToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-823518204-2052111302-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSConfig deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender deleted successfully.
Registry value HKEY_USERS\S-1-5-21-823518204-2052111302-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\BD deleted successfully.
Registry value HKEY_USERS\S-1-5-21-823518204-2052111302-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\UpData deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-823518204-2052111302-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\Programme\Application Updater folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Res folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Lang folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot folder moved successfully.
C:\Programme\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Programme\pdfforge Toolbar\Res folder moved successfully.
C:\Programme\pdfforge Toolbar\IE\5.7 folder moved successfully.
C:\Programme\pdfforge Toolbar\IE folder moved successfully.
C:\Programme\pdfforge Toolbar folder moved successfully.
C:\Programme\Free Offers from Freeze.com folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp\hps130987973_1064_SafeRegion10 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp\hps130987973_1064_SafeRegion1 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp\hps130987973_1064_SafeRegion folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp folder moved successfully.
C:\Dokumente und Einstellungen\olli\Anwendungsdaten\pdfforge\temp folder moved successfully.
C:\Dokumente und Einstellungen\olli\Anwendungsdaten\pdfforge\res folder moved successfully.
C:\Dokumente und Einstellungen\olli\Anwendungsdaten\pdfforge\Images2PDF folder moved successfully.
C:\Dokumente und Einstellungen\olli\Anwendungsdaten\pdfforge folder moved successfully.
C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Toolbars folder moved successfully.
C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Search Settings\temp folder moved successfully.
C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Search Settings\res folder moved successfully.
C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Search Settings folder moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\PCHealth\HelpCtr\Binaries\svschost-xx.exe not found.
File\Folder C:\Programme\Gemeinsame Dateien\Spigot not found.
File\Folder C:\Programme\Application Updater not found.
C:\Programme\PDFCreator\Toolbar folder moved successfully.
C:\WINDOWS\win2.bat moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33728 bytes
 
User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 6764254 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: olli
->Temp folder emptied: 728076 bytes
->Temporary Internet Files folder emptied: 74555638 bytes
->Google Chrome cache emptied: 4788592 bytes
->Flash cache emptied: 123071 bytes
 
%systemdrive% .tmp files removed: 5311 bytes
%systemroot% .tmp files removed: 1139177 bytes
%systemroot%\System32 .tmp files removed: 2954 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25648131 bytes
RecycleBin emptied: 602866501 bytes
 
Total Files Cleaned = 684,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
 
User: LocalService
 
User: NetworkService
 
User: olli
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.3 log created on 05262012_071617

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Derzeit sind es noch zwei iexplorer Prozesse die Laufen.

anbei die laufenden Prozesse:
Code:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 07:36:25, on 26.05.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly\Complitly.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Windows\svschost-xx.exe" /min
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SearchSettings] "C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247694087031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247694076281
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - hxxp://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - https://shop.aldisued-fotos-druck.de/shop/aurigma/ImageUploader6.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Application Updater - Unknown owner - C:\Programme\Application Updater\ApplicationUpdater.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DefaultTabUpdate - TODO: <Company name> - C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7764 bytes
gruss Oliver

cosinus 26.05.2012 14:34
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

olli74 28.05.2012 09:21
Hallo Cosinus,

anbei das Log von TDSS Killer

Code:
0:15:29.0956 1556        TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
10:15:30.0159 1556        ============================================================
10:15:30.0159 1556        Current date / time: 2012/05/28 10:15:30.0159
10:15:30.0159 1556        SystemInfo:
10:15:30.0159 1556       
10:15:30.0159 1556        OS Version: 5.1.2600 ServicePack: 3.0
10:15:30.0159 1556        Product type: Workstation
10:15:30.0159 1556        ComputerName: ZWOCKEL-YJLBCL5
10:15:30.0159 1556        UserName: olli
10:15:30.0159 1556        Windows directory: C:\WINDOWS
10:15:30.0159 1556        System windows directory: C:\WINDOWS
10:15:30.0159 1556        Processor architecture: Intel x86
10:15:30.0159 1556        Number of processors: 1
10:15:30.0159 1556        Page size: 0x1000
10:15:30.0159 1556        Boot type: Normal boot
10:15:30.0159 1556        ============================================================
10:15:32.0205 1556        Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:15:32.0221 1556        ============================================================
10:15:32.0221 1556        \Device\Harddisk0\DR0:
10:15:32.0221 1556        MBR partitions:
10:15:32.0221 1556        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D4EFFA
10:15:32.0237 1556        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4F078, BlocksNum 0x77BF449
10:15:32.0237 1556        ============================================================
10:15:32.0284 1556        D: <-> \Device\Harddisk0\DR0\Partition1
10:15:32.0330 1556        C: <-> \Device\Harddisk0\DR0\Partition0
10:15:32.0346 1556        ============================================================
10:15:32.0346 1556        Initialize success
10:15:32.0346 1556        ============================================================
10:15:48.0483 2252        ============================================================
10:15:48.0483 2252        Scan started
10:15:48.0483 2252        Mode: Manual; SigCheck; TDLFS;
10:15:48.0483 2252        ============================================================
10:15:49.0467 2252        Aavmker4        (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
10:15:49.0764 2252        Aavmker4 - ok
10:15:49.0779 2252        Abiosdsk - ok
10:15:49.0795 2252        abp480n5 - ok
10:15:49.0920 2252        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:15:51.0341 2252        ACPI - ok
10:15:51.0388 2252        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:15:51.0591 2252        ACPIEC - ok
10:15:51.0623 2252        adpu160m - ok
10:15:51.0716 2252        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:15:51.0951 2252        aec - ok
10:15:52.0044 2252        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:15:52.0122 2252        AFD - ok
10:15:52.0122 2252        Aha154x - ok
10:15:52.0810 2252        aic78u2 - ok
10:15:52.0825 2252        aic78xx - ok
10:15:52.0872 2252        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
10:15:53.0122 2252        Alerter - ok
10:15:53.0169 2252        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
10:15:53.0278 2252        ALG - ok
10:15:53.0294 2252        AliIde - ok
10:15:53.0310 2252        amsint - ok
10:15:53.0357 2252        Application Updater - ok
10:15:53.0372 2252        AppMgmt - ok
10:15:53.0403 2252        asc - ok
10:15:53.0419 2252        asc3350p - ok
10:15:53.0435 2252        asc3550 - ok
10:15:53.0606 2252        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:15:53.0638 2252        aspnet_state - ok
10:15:53.0685 2252        aswFsBlk        (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
10:15:53.0716 2252        aswFsBlk - ok
10:15:53.0794 2252        aswMon2        (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
10:15:53.0825 2252        aswMon2 - ok
10:15:53.0856 2252        aswRdr          (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
10:15:53.0888 2252        aswRdr - ok
10:15:54.0184 2252        aswSnx          (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
10:15:54.0403 2252        aswSnx - ok
10:15:54.0559 2252        aswSP          (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
10:15:54.0684 2252        aswSP - ok
10:15:54.0731 2252        aswTdi          (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
10:15:54.0762 2252        aswTdi - ok
10:15:54.0809 2252        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:15:55.0028 2252        AsyncMac - ok
10:15:55.0091 2252        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:15:55.0325 2252        atapi - ok
10:15:55.0340 2252        Atdisk - ok
10:15:55.0387 2252        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:15:55.0684 2252        Atmarpc - ok
10:15:55.0731 2252        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
10:15:55.0981 2252        AudioSrv - ok
10:15:56.0012 2252        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:15:56.0246 2252        audstub - ok
10:15:56.0262 2252        autorun - ok
10:15:56.0371 2252        avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Programme\Alwil Software\Avast5\AvastSvc.exe
10:15:56.0403 2252        avast! Antivirus - ok
10:15:56.0450 2252        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:15:56.0699 2252        Beep - ok
10:15:56.0903 2252        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
10:15:57.0387 2252        BITS - ok
10:15:57.0465 2252        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
10:15:57.0793 2252        Browser - ok
10:15:57.0824 2252        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:15:58.0074 2252        cbidf2k - ok
10:15:58.0090 2252        cd20xrnt - ok
10:15:58.0152 2252        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:15:58.0387 2252        Cdaudio - ok
10:15:58.0449 2252        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:15:58.0730 2252        Cdfs - ok
10:15:58.0777 2252        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:15:59.0027 2252        Cdrom - ok
10:15:59.0043 2252        Changer - ok
10:15:59.0090 2252        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
10:15:59.0324 2252        CiSvc - ok
10:15:59.0355 2252        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
10:15:59.0636 2252        ClipSrv - ok
10:15:59.0746 2252        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:15:59.0792 2252        clr_optimization_v2.0.50727_32 - ok
10:15:59.0808 2252        CmdIde - ok
10:16:00.0011 2252        cmuda          (d1f108e47757e356ee45611bc35e7f09) C:\WINDOWS\system32\drivers\cmuda.sys
10:16:00.0246 2252        cmuda ( UnsignedFile.Multi.Generic ) - warning
10:16:00.0246 2252        cmuda - detected UnsignedFile.Multi.Generic (1)
10:16:00.0261 2252        COMSysApp - ok
10:16:00.0292 2252        Cpqarray - ok
10:16:00.0370 2252        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
10:16:00.0667 2252        CryptSvc - ok
10:16:00.0683 2252        dac2w2k - ok
10:16:00.0699 2252        dac960nt - ok
10:16:00.0948 2252        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
10:16:01.0230 2252        DcomLaunch - ok
10:16:01.0355 2252        DefaultTabUpdate (100174983eec21c2e2211318db635d26) C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe
10:16:01.0417 2252        DefaultTabUpdate - ok
10:16:01.0511 2252        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
10:16:01.0808 2252        Dhcp - ok
10:16:01.0854 2252        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:16:02.0104 2252        Disk - ok
10:16:02.0120 2252        dmadmin - ok
10:16:02.0464 2252        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
10:16:03.0198 2252        dmboot - ok
10:16:03.0292 2252        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
10:16:03.0604 2252        dmio - ok
10:16:03.0651 2252        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:16:03.0885 2252        dmload - ok
10:16:03.0932 2252        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
10:16:04.0182 2252        dmserver - ok
10:16:04.0229 2252        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:16:04.0448 2252        DMusic - ok
10:16:04.0510 2252        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
10:16:04.0604 2252        Dnscache - ok
10:16:04.0713 2252        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
10:16:04.0979 2252        Dot3svc - ok
10:16:05.0010 2252        dpti2o - ok
10:16:05.0041 2252        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:16:05.0291 2252        drmkaud - ok
10:16:05.0338 2252        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
10:16:05.0635 2252        EapHost - ok
10:16:05.0666 2252        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
10:16:05.0932 2252        ERSvc - ok
10:16:06.0010 2252        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
10:16:06.0119 2252        Eventlog - ok
10:16:06.0260 2252        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
10:16:06.0385 2252        EventSystem - ok
10:16:06.0463 2252        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:16:06.0775 2252        Fastfat - ok
10:16:06.0853 2252        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:16:06.0978 2252        FastUserSwitchingCompatibility - ok
10:16:07.0009 2252        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:16:07.0275 2252        Fdc - ok
10:16:07.0322 2252        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
10:16:07.0541 2252        Fips - ok
10:16:07.0556 2252        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:16:07.0884 2252        Flpydisk - ok
10:16:07.0978 2252        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:16:08.0228 2252        FltMgr - ok
10:16:08.0369 2252        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:16:08.0400 2252        FontCache3.0.0.0 - ok
10:16:08.0447 2252        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:16:08.0681 2252        Fs_Rec - ok
10:16:08.0759 2252        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:16:09.0009 2252        Ftdisk - ok
10:16:09.0025 2252        gameenum        (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
10:16:09.0259 2252        gameenum - ok
10:16:09.0353 2252        getPlusHelper  (fd7e9aba274df75e08320420b8e9a1d5) C:\Programme\NOS\bin\getPlus_Helper.dll
10:16:09.0400 2252        getPlusHelper - ok
10:16:09.0462 2252        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:16:09.0728 2252        Gpc - ok
10:16:09.0774 2252        grmnusb        (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
10:16:09.0790 2252        grmnusb ( UnsignedFile.Multi.Generic ) - warning
10:16:09.0790 2252        grmnusb - detected UnsignedFile.Multi.Generic (1)
10:16:09.0931 2252        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
10:16:10.0009 2252        gupdate - ok
10:16:10.0024 2252        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
10:16:10.0056 2252        gupdatem - ok
10:16:10.0149 2252        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
10:16:10.0243 2252        gusvc - ok
10:16:10.0337 2252        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:16:10.0602 2252        helpsvc - ok
10:16:10.0634 2252        HidServ - ok
10:16:10.0680 2252        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
10:16:10.0915 2252        hkmsvc - ok
10:16:10.0930 2252        hpn - ok
10:16:11.0071 2252        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:16:11.0196 2252        HTTP - ok
10:16:11.0227 2252        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
10:16:11.0524 2252        HTTPFilter - ok
10:16:11.0540 2252        i2omgmt - ok
10:16:11.0555 2252        i2omp - ok
10:16:11.0618 2252        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:16:11.0836 2252        i8042prt - ok
10:16:12.0164 2252        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:16:12.0758 2252        idsvc - ok
10:16:12.0805 2252        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:16:13.0055 2252        Imapi - ok
10:16:13.0149 2252        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\System32\imapi.exe
10:16:13.0430 2252        ImapiService - ok
10:16:13.0461 2252        ini910u - ok
10:16:13.0492 2252        IntelIde - ok
10:16:13.0539 2252        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:16:13.0820 2252        intelppm - ok
10:16:13.0852 2252        ip6fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:16:14.0086 2252        ip6fw - ok
10:16:14.0133 2252        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:16:14.0367 2252        IpFilterDriver - ok
10:16:14.0398 2252        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:16:14.0633 2252        IpInIp - ok
10:16:14.0742 2252        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:16:14.0992 2252        IpNat - ok
10:16:15.0070 2252        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:16:15.0289 2252        IPSec - ok
10:16:15.0320 2252        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:16:15.0429 2252        IRENUM - ok
10:16:15.0492 2252        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:16:15.0742 2252        isapnp - ok
10:16:15.0789 2252        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:16:16.0023 2252        Kbdclass - ok
10:16:16.0117 2252        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:16:16.0382 2252        kmixer - ok
10:16:16.0460 2252        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:16:16.0507 2252        KSecDD - ok
10:16:16.0617 2252        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
10:16:16.0710 2252        lanmanserver - ok
10:16:16.0804 2252        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
10:16:16.0898 2252        lanmanworkstation - ok
10:16:16.0913 2252        lbrtfdc - ok
10:16:16.0991 2252        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
10:16:17.0241 2252        LmHosts - ok
10:16:17.0319 2252        MACNDIS5        (e949d673842858d458f7e6bcd46a2a5d) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
10:16:17.0351 2252        MACNDIS5 ( UnsignedFile.Multi.Generic ) - warning
10:16:17.0351 2252        MACNDIS5 - detected UnsignedFile.Multi.Generic (1)
10:16:17.0413 2252        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
10:16:17.0726 2252        Messenger - ok
10:16:17.0757 2252        MIINPazX        (5e5024d9e2351db2563b30912b4c4146) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
10:16:17.0772 2252        MIINPazX ( UnsignedFile.Multi.Generic ) - warning
10:16:17.0772 2252        MIINPazX - detected UnsignedFile.Multi.Generic (1)
10:16:17.0835 2252        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:16:18.0038 2252        mnmdd - ok
10:16:18.0069 2252        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
10:16:18.0335 2252        mnmsrvc - ok
10:16:18.0397 2252        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
10:16:18.0663 2252        Modem - ok
10:16:18.0694 2252        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:16:18.0913 2252        Mouclass - ok
10:16:18.0960 2252        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:16:19.0178 2252        MountMgr - ok
10:16:19.0178 2252        mraid35x - ok
10:16:19.0303 2252        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:16:19.0600 2252        MRxDAV - ok
10:16:19.0834 2252        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:16:20.0131 2252        MRxSmb - ok
10:16:20.0194 2252        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
10:16:20.0428 2252        MSDTC - ok
10:16:20.0491 2252        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:16:20.0741 2252        Msfs - ok
10:16:20.0756 2252        MSIServer - ok
10:16:20.0803 2252        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:16:21.0006 2252        MSKSSRV - ok
10:16:21.0022 2252        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:16:21.0256 2252        MSPCLOCK - ok
10:16:21.0287 2252        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:16:21.0522 2252        MSPQM - ok
10:16:21.0600 2252        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:16:21.0818 2252        mssmbios - ok
10:16:21.0865 2252        ms_mpu401      (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
10:16:22.0084 2252        ms_mpu401 - ok
10:16:22.0162 2252        MTOnlPktAlyX    (493138c4f4119e938427da02486f09cb) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
10:16:22.0178 2252        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning
10:16:22.0178 2252        MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1)
10:16:22.0271 2252        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:16:22.0334 2252        Mup - ok
10:16:22.0381 2252        MZCCntrl        (5f9ba398f88fc8928ea6dbd5d144cfca) C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
10:16:22.0412 2252        MZCCntrl ( UnsignedFile.Multi.Generic ) - warning
10:16:22.0412 2252        MZCCntrl - detected UnsignedFile.Multi.Generic (1)
10:16:22.0537 2252        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
10:16:22.0896 2252        napagent - ok
10:16:23.0021 2252        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:16:23.0271 2252        NDIS - ok
10:16:23.0318 2252        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:16:23.0365 2252        NdisTapi - ok
10:16:23.0396 2252        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:16:23.0662 2252        Ndisuio - ok
10:16:23.0724 2252        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:16:23.0974 2252        NdisWan - ok
10:16:24.0037 2252        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:16:24.0083 2252        NDProxy - ok
10:16:24.0130 2252        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:16:24.0365 2252        NetBIOS - ok
10:16:24.0474 2252        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:16:24.0771 2252        NetBT - ok
10:16:24.0833 2252        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
10:16:25.0099 2252        NetDDE - ok
10:16:25.0114 2252        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
10:16:25.0349 2252        NetDDEdsdm - ok
10:16:25.0396 2252        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
10:16:25.0661 2252        Netlogon - ok
10:16:25.0771 2252        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
10:16:26.0067 2252        Netman - ok
10:16:26.0192 2252        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:16:26.0255 2252        NetTcpPortSharing - ok
10:16:26.0395 2252        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
10:16:26.0520 2252        Nla - ok
10:16:26.0567 2252        nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
10:16:26.0817 2252        nm - ok
10:16:26.0864 2252        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:16:27.0083 2252        Npfs - ok
10:16:27.0333 2252        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:16:27.0864 2252        Ntfs - ok
10:16:27.0879 2252        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
10:16:28.0114 2252        NtLmSsp - ok
10:16:28.0270 2252        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
10:16:28.0739 2252        NtmsSvc - ok
10:16:28.0770 2252        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:16:28.0973 2252        Null - ok
10:16:29.0535 2252        nv              (5d701fca6f7db7a8a7d21f80a84d291a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:16:29.0973 2252        nv - ok
10:16:30.0035 2252        NVSvc          (26712cf8be48bc767854927435c0b6a9) C:\WINDOWS\System32\nvsvc32.exe
10:16:30.0113 2252        NVSvc - ok
10:16:30.0144 2252        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:16:30.0379 2252        NwlnkFlt - ok
10:16:30.0410 2252        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:16:30.0660 2252        NwlnkFwd - ok
10:16:30.0754 2252        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
10:16:30.0972 2252        Parport - ok
10:16:31.0004 2252        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:16:31.0238 2252        PartMgr - ok
10:16:31.0254 2252        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
10:16:31.0457 2252        ParVdm - ok
10:16:31.0519 2252        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
10:16:31.0644 2252        pccsmcfd - ok
10:16:31.0707 2252        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
10:16:31.0941 2252        PCI - ok
10:16:31.0957 2252        PCIDump - ok
10:16:32.0019 2252        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:16:32.0222 2252        PCIIde - ok
10:16:32.0316 2252        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:16:32.0550 2252        Pcmcia - ok
10:16:32.0566 2252        PDCOMP - ok
10:16:32.0581 2252        PDFRAME - ok
10:16:32.0597 2252        PDRELI - ok
10:16:32.0628 2252        PDRFRAME - ok
10:16:32.0644 2252        perc2 - ok
10:16:32.0659 2252        perc2hib - ok
10:16:32.0800 2252        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
10:16:32.0847 2252        PlugPlay - ok
10:16:32.0909 2252        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
10:16:33.0128 2252        PolicyAgent - ok
10:16:33.0191 2252        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:16:33.0425 2252        PptpMiniport - ok
10:16:33.0456 2252        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
10:16:33.0706 2252        Processor - ok
10:16:33.0706 2252        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:16:33.0956 2252        ProtectedStorage - ok
10:16:34.0019 2252        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:16:34.0237 2252        PSched - ok
10:16:34.0284 2252        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:16:34.0503 2252        Ptilink - ok
10:16:34.0518 2252        ql1080 - ok
10:16:34.0534 2252        Ql10wnt - ok
10:16:34.0550 2252        ql12160 - ok
10:16:34.0581 2252        ql1240 - ok
10:16:34.0597 2252        ql1280 - ok
10:16:34.0643 2252        QV2KUX          (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
10:16:34.0846 2252        QV2KUX - ok
10:16:34.0878 2252        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:16:35.0081 2252        RasAcd - ok
10:16:35.0143 2252        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
10:16:35.0393 2252        RasAuto - ok
10:16:35.0456 2252        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:16:35.0706 2252        Rasl2tp - ok
10:16:35.0799 2252        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
10:16:36.0096 2252        RasMan - ok
10:16:36.0127 2252        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:16:36.0346 2252        RasPppoe - ok
10:16:36.0377 2252        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:16:36.0627 2252        Raspti - ok
10:16:36.0752 2252        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:16:37.0002 2252        Rdbss - ok
10:16:37.0033 2252        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:16:37.0237 2252        RDPCDD - ok
10:16:37.0346 2252        RDPWD          (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
10:16:37.0393 2252        RDPWD - ok
10:16:37.0486 2252        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
10:16:37.0830 2252        RDSessMgr - ok
10:16:37.0877 2252        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:16:38.0096 2252        redbook - ok
10:16:38.0143 2252        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
10:16:38.0392 2252        RemoteAccess - ok
10:16:38.0455 2252        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
10:16:38.0752 2252        RpcLocator - ok
10:16:38.0939 2252        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
10:16:39.0095 2252        RpcSs - ok
10:16:39.0174 2252        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
10:16:39.0439 2252        RSVP - ok
10:16:39.0486 2252        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:16:39.0720 2252        SamSs - ok
10:16:39.0767 2252        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
10:16:40.0048 2252        SCardSvr - ok
10:16:40.0158 2252        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
10:16:40.0454 2252        Schedule - ok
10:16:40.0501 2252        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:16:40.0658 2252        Secdrv - ok
10:16:40.0689 2252        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
10:16:40.0939 2252        seclogon - ok
10:16:40.0986 2252        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
10:16:41.0236 2252        SENS - ok
10:16:41.0282 2252        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:16:41.0517 2252        serenum - ok
10:16:41.0564 2252        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
10:16:41.0782 2252        Serial - ok
10:16:42.0110 2252        ServiceLayer    (2d841b7b7f6dec32162edfcc69d61f42) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
10:16:42.0610 2252        ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
10:16:42.0610 2252        ServiceLayer - detected UnsignedFile.Multi.Generic (1)
10:16:42.0673 2252        SetupNT        (549ea830a5d9edd9cd14311126c2849b) C:\WINDOWS\system32\SetupNT.sys
10:16:42.0751 2252        SetupNT ( UnsignedFile.Multi.Generic ) - warning
10:16:42.0751 2252        SetupNT - detected UnsignedFile.Multi.Generic (1)
10:16:42.0782 2252        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:16:43.0016 2252        Sfloppy - ok
10:16:43.0141 2252        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
10:16:43.0610 2252        SharedAccess - ok
10:16:43.0704 2252        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:16:43.0766 2252        ShellHWDetection - ok
10:16:43.0797 2252        Simbad - ok
10:16:43.0844 2252        sisagp          (497ce69d7222df2758bec383cfd3638f) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:16:43.0891 2252        sisagp - ok
10:16:43.0922 2252        SiSide          (982fd755516012bfd582ef20c6a123ff) C:\WINDOWS\system32\DRIVERS\siside.sys
10:16:43.0969 2252        SiSide - ok
10:16:44.0016 2252        sisidex        (5aed8bf3bf7df795d70146d4af4a2580) C:\WINDOWS\system32\drivers\sisidex.sys
10:16:44.0047 2252        sisidex ( UnsignedFile.Multi.Generic ) - warning
10:16:44.0047 2252        sisidex - detected UnsignedFile.Multi.Generic (1)
10:16:44.0110 2252        SISNIC          (8204c49cde112f7b9c2f15707fe2cc5a) C:\WINDOWS\system32\DRIVERS\sisnic.sys
10:16:44.0157 2252        SISNIC - ok
10:16:44.0188 2252        sisperf        (596d4a7052002d2bd344d8937da6f66d) C:\WINDOWS\system32\drivers\sisperf.sys
10:16:44.0204 2252        sisperf ( UnsignedFile.Multi.Generic ) - warning
10:16:44.0204 2252        sisperf - detected UnsignedFile.Multi.Generic (1)
10:16:44.0219 2252        Sparrow - ok
10:16:44.0266 2252        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:16:44.0469 2252        splitter - ok
10:16:44.0547 2252        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:16:44.0641 2252        Spooler - ok
10:16:44.0688 2252        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
10:16:44.0813 2252        sr - ok
10:16:44.0907 2252        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll
10:16:45.0094 2252        srservice - ok
10:16:45.0281 2252        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:16:45.0516 2252        Srv - ok
10:16:45.0641 2252        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
10:16:45.0766 2252        SSDPSRV - ok
10:16:45.0953 2252        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
10:16:46.0391 2252        stisvc - ok
10:16:46.0437 2252        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:16:46.0703 2252        swenum - ok
10:16:46.0750 2252        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:16:46.0969 2252        swmidi - ok
10:16:46.0984 2252        SwPrv - ok
10:16:47.0015 2252        symc810 - ok
10:16:47.0047 2252        symc8xx - ok
10:16:47.0062 2252        sym_hi - ok
10:16:47.0078 2252        sym_u3 - ok
10:16:47.0140 2252        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:16:47.0375 2252        sysaudio - ok
10:16:47.0422 2252        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
10:16:47.0765 2252        SysmonLog - ok
10:16:47.0906 2252        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
10:16:48.0234 2252        TapiSrv - ok
10:16:48.0406 2252        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:16:48.0656 2252        Tcpip - ok
10:16:48.0718 2252        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:16:48.0999 2252        TDPIPE - ok
10:16:49.0015 2252        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:16:49.0234 2252        TDTCP - ok
10:16:49.0296 2252        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:16:49.0530 2252        TermDD - ok
10:16:49.0718 2252        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
10:16:50.0046 2252        TermService - ok
10:16:50.0155 2252        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:16:50.0202 2252        Themes - ok
10:16:50.0218 2252        TosIde - ok
10:16:50.0280 2252        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
10:16:50.0530 2252        TrkWks - ok
10:16:50.0608 2252        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:16:50.0952 2252        Udfs - ok
10:16:50.0968 2252        ultra - ok
10:16:51.0155 2252        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:16:51.0608 2252        Update - ok
10:16:51.0733 2252        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
10:16:51.0920 2252        upnphost - ok
10:16:51.0952 2252        upperdev - ok
10:16:51.0999 2252        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
10:16:52.0233 2252        UPS - ok
10:16:52.0280 2252        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:16:52.0498 2252        usbaudio - ok
10:16:52.0561 2252        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:16:52.0811 2252        usbccgp - ok
10:16:52.0858 2252        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:16:53.0092 2252        usbehci - ok
10:16:53.0139 2252        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:16:53.0358 2252        usbhub - ok
10:16:53.0404 2252        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:16:53.0654 2252        usbohci - ok
10:16:53.0717 2252        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:16:53.0936 2252        usbprint - ok
10:16:53.0967 2252        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:16:54.0201 2252        usbscan - ok
10:16:54.0279 2252        usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
10:16:54.0498 2252        usbser - ok
10:16:54.0514 2252        UsbserFilt - ok
10:16:54.0560 2252        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:16:54.0795 2252        USBSTOR - ok
10:16:54.0857 2252        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:16:55.0076 2252        VgaSave - ok
10:16:55.0092 2252        ViaIde - ok
10:16:55.0154 2252        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
10:16:55.0373 2252        VolSnap - ok
10:16:55.0482 2252        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
10:16:55.0748 2252        VSS - ok
10:16:55.0841 2252        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\System32\w32time.dll
10:16:56.0138 2252        W32Time - ok
10:16:56.0185 2252        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:16:56.0404 2252        Wanarp - ok
10:16:56.0622 2252        Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:16:56.0888 2252        Wdf01000 - ok
10:16:56.0919 2252        WDICA - ok
10:16:56.0982 2252        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:16:57.0216 2252        wdmaud - ok
10:16:57.0294 2252        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
10:16:57.0560 2252        WebClient - ok
10:16:57.0607 2252        WinDefend - ok
10:16:57.0778 2252        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:16:58.0075 2252        winmgmt - ok
10:16:58.0138 2252        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:16:58.0200 2252        WmdmPmSN - ok
10:16:58.0278 2252        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
10:16:58.0513 2252        WmiApSrv - ok
10:16:58.0841 2252        WMPNetworkSvc  (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
10:16:59.0403 2252        WMPNetworkSvc - ok
10:16:59.0450 2252        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
10:16:59.0762 2252        wscsvc - ok
10:16:59.0809 2252        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
10:17:00.0075 2252        wuauserv - ok
10:17:00.0137 2252        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:17:00.0184 2252        WudfPf - ok
10:17:00.0262 2252        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:17:00.0293 2252        WudfRd - ok
10:17:00.0356 2252        WudfSvc        (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:17:00.0434 2252        WudfSvc - ok
10:17:00.0668 2252        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
10:17:01.0168 2252        WZCSVC - ok
10:17:01.0246 2252        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
10:17:01.0543 2252        xmlprov - ok
10:17:01.0621 2252        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
10:17:02.0449 2252        \Device\Harddisk0\DR0 - ok
10:17:02.0480 2252        Boot (0x1200)  (b21ee64f5905fa4dacca5bf4ae4bf4e8) \Device\Harddisk0\DR0\Partition0
10:17:02.0480 2252        \Device\Harddisk0\DR0\Partition0 - ok
10:17:02.0512 2252        Boot (0x1200)  (e352a9158535064074792b6012a2f566) \Device\Harddisk0\DR0\Partition1
10:17:02.0512 2252        \Device\Harddisk0\DR0\Partition1 - ok
10:17:02.0527 2252        ============================================================
10:17:02.0527 2252        Scan finished
10:17:02.0527 2252        ============================================================
10:17:02.0668 1708        Detected object count: 10
10:17:02.0668 1708        Actual detected object count: 10
10:17:37.0878 1708        cmuda ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:37.0878 1708        cmuda ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:37.0878 1708        grmnusb ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:37.0878 1708        grmnusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:37.0878 1708        MACNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:37.0878 1708        MACNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:37.0878 1708        MIINPazX ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:37.0878 1708        MIINPazX ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:37.0894 1708        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:37.0894 1708        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:37.0894 1708        MZCCntrl ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:37.0894 1708        MZCCntrl ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:37.0894 1708        ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:37.0894 1708        ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:37.0894 1708        SetupNT ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:37.0894 1708        SetupNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:37.0909 1708        sisidex ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:37.0909 1708        sisidex ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:37.0909 1708        sisperf ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:37.0909 1708        sisperf ( UnsignedFile.Multi.Generic ) - User select action: Skip
ist ganz schön verseucht meine Schleuder.

ist bestimmt alles von You tube.

Wenn wir damit fertig sind solltest Du mir eine gescheite Schutzsoftware:headbang: empfehlen.

Gruss Oliver

cosinus 29.05.2012 08:49
Zitat:
ist bestimmt alles von You tube.
Wie kommst du auf so einen Unsinn?! :balla:

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

olli74 29.05.2012 20:45
Hallo Cosinus,

anbei das Log von Combofix.

Code:
ComboFix 12-05-29.01 - olli 29.05.2012  21:19:09.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2047.1676 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\olli\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\olli\Anwendungsdaten\Desktopicon
c:\dokumente und einstellungen\olli\WINDOWS
c:\programme\Complitly
c:\programme\Complitly\chrome\ComplitlyChrome.crx
c:\programme\Complitly\FireFoxExtensionWithFF8Fix.exe
c:\programme\Complitly\FireFoxUninstaller.exe
c:\programme\Complitly\InstTracker.exe
c:\programme\Complitly\support@Complitly.com\chrome.manifest
c:\programme\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\programme\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\programme\Complitly\support@Complitly.com\chrome\content\options.js
c:\programme\Complitly\support@Complitly.com\chrome\content\options.xul
c:\programme\Complitly\support@Complitly.com\chrome\content\utils.js
c:\programme\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\programme\Complitly\support@Complitly.com\install.rdf
c:\programme\Complitly\System.Data.SQLite.dll
c:\programme\Complitly\unins000.dat
c:\programme\Complitly\unins000.exe
c:\windows\IsUn0407.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\wsock33.dll
c:\windows\Windows3.bat
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-28 bis 2012-05-29  ))))))))))))))))))))))))))))))
.
.
2012-05-26 05:16 . 2012-05-26 05:16        --------        d-----w-        C:\_OTL
2012-05-23 19:37 . 2012-05-23 19:37        --------        d-----w-        c:\programme\ESET
2012-05-22 11:19 . 2012-05-22 11:21        --------        d-----w-        c:\windows\system32\Adobe
2012-05-14 19:07 . 2012-05-14 19:07        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-05-14 19:07 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-12 12:48 . 2012-05-12 12:48        --------        d-----w-        c:\dokumente und einstellungen\olli\Anwendungsdaten\DefaultTab
2012-05-08 19:12 . 2012-05-08 19:12        --------        d--h--w-        c:\windows\PIF
2012-05-07 19:45 . 2012-05-07 19:45        --------        d-----w-        c:\dokumente und einstellungen\olli\Anwendungsdaten\Malwarebytes
2012-05-07 19:45 . 2012-05-07 19:45        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-05-06 11:29 . 2012-05-15 05:36        --------        d-----w-        c:\programme\VS Revo Group
2012-05-06 11:24 . 2012-05-06 11:24        --------        d-----w-        c:\programme\Uniblue
2012-05-04 04:46 . 2012-05-04 04:46        --------        d-----w-        c:\dokumente und einstellungen\olli\Anwendungsdaten\CANON INC
2012-05-01 12:23 . 2012-01-11 19:06        3072        -c----w-        c:\windows\system32\dllcache\iacenc.dll
2012-05-01 12:23 . 2012-01-11 19:06        3072        ------w-        c:\windows\system32\iacenc.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 00:15 . 2010-07-10 14:14        41184        ----a-w-        c:\windows\avastSS.scr
2012-03-07 00:15 . 2009-07-16 04:40        201352        ----a-w-        c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-07-15 11:19        612184        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2009-07-16 04:40        337880        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2009-07-16 04:40        35672        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2009-07-16 04:40        53848        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2009-07-16 04:40        95704        ----a-w-        c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2009-07-16 04:40        89048        ----a-w-        c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2009-08-23 12:11        20696        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2009-07-16 04:40        24920        ----a-w-        c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:00 . 2002-08-29 12:00        916992        ----a-w-        c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2002-08-29 12:00        43520        ------w-        c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2002-08-29 12:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2011-12-07 21:19 . 2011-12-07 21:18        17010016        -c--a-w-        c:\programme\IE8-WindowsXP-x86-DEU.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15        123536        ----a-w-        c:\programme\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-05-02 49152]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"nwiz"="nwiz.exe" [2003-05-02 323584]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-17 50688]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [15.07.2011 13:19 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.07.2009 06:40 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.08.2009 14:11 20696]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [15.07.2009 23:32 61440]
S2 Application Updater;Application Updater;"c:\programme\Application Updater\ApplicationUpdater.exe" --> c:\programme\Application Updater\ApplicationUpdater.exe [?]
S2 DefaultTabUpdate;DefaultTabUpdate;c:\dokumente und einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe [12.05.2012 14:48 114240]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [22.05.2012 13:45 136176]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [22.05.2012 13:45 136176]
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [15.07.2009 23:32 17280]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [15.07.2009 23:32 17152]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [15.07.2009 23:32 17536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv        REG_MULTI_SZ          Tapisrv
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-05-22 11:45]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-05-22 11:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\olli\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxps://shop.aldisued-fotos-druck.de/shop/aurigma/ImageUploader6.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-avgnt - c:\windows\svschost-xx.exe
HKLM-Run-SearchSettings - c:\programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe
AddRemove-OnlineFotoservice - c:\dokumente und einstellungen\olli\Desktop\onlinefotoservice\uninstall.exe
AddRemove-SiS7002 - c:\windows\UnSiSUSB.exe PCI\VEN_1039&DEV_7002
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\programme\Complitly\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-29 21:30
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun]
"ImagePath"="\??\c:\huadio.tmp"
.
Zeit der Fertigstellung: 2012-05-29  21:34:13
ComboFix-quarantined-files.txt  2012-05-29 19:34
.
Vor Suchlauf: 3.567.108.096 Bytes frei
Nach Suchlauf: 3.579.777.024 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 4AD23DDB6BD0A59A464E22B2F5CA91CB
Denk bitte an den Tip mit der AV Software.

Neustart wird jetzt durchgeführt.
Gruss Olli

cosinus 30.05.2012 10:17
Zitat:
Denk bitte an den Tip mit der AV Software.
Denk du mal daran, dass ein Virenscanner keinen perfekten Schutz bieten kann!
Später mehr dazu obwohl dieses Thema bzw. die Frage "Welcher Virenscanner" hier schon 20000x gestellt wurde


Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.


Code:
Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun]

File::
c:\huadio.tmp
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

olli74 30.05.2012 20:43
Hallo Cosinus,

anbei das aktuelle Log von Combofix:
[code]
Combofix Logfile:
Code:
ComboFix 12-05-30.04 - olli 30.05.2012  21:21:18.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2047.1671 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\olli\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\olli\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\huadio.tmp"
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-28 bis 2012-05-30  ))))))))))))))))))))))))))))))
.
.
2012-05-26 05:16 . 2012-05-26 05:16        --------        d-----w-        C:\_OTL
2012-05-23 19:37 . 2012-05-23 19:37        --------        d-----w-        c:\programme\ESET
2012-05-22 11:19 . 2012-05-22 11:21        --------        d-----w-        c:\windows\system32\Adobe
2012-05-14 19:07 . 2012-05-14 19:07        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-05-14 19:07 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-12 12:48 . 2012-05-12 12:48        --------        d-----w-        c:\dokumente und einstellungen\olli\Anwendungsdaten\DefaultTab
2012-05-08 19:12 . 2012-05-08 19:12        --------        d--h--w-        c:\windows\PIF
2012-05-07 19:45 . 2012-05-07 19:45        --------        d-----w-        c:\dokumente und einstellungen\olli\Anwendungsdaten\Malwarebytes
2012-05-07 19:45 . 2012-05-07 19:45        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-05-06 11:29 . 2012-05-15 05:36        --------        d-----w-        c:\programme\VS Revo Group
2012-05-06 11:24 . 2012-05-06 11:24        --------        d-----w-        c:\programme\Uniblue
2012-05-04 04:46 . 2012-05-04 04:46        --------        d-----w-        c:\dokumente und einstellungen\olli\Anwendungsdaten\CANON INC
2012-05-01 12:23 . 2012-01-11 19:06        3072        -c----w-        c:\windows\system32\dllcache\iacenc.dll
2012-05-01 12:23 . 2012-01-11 19:06        3072        ------w-        c:\windows\system32\iacenc.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 00:15 . 2010-07-10 14:14        41184        ----a-w-        c:\windows\avastSS.scr
2012-03-07 00:15 . 2009-07-16 04:40        201352        ----a-w-        c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-07-15 11:19        612184        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2009-07-16 04:40        337880        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2009-07-16 04:40        35672        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2009-07-16 04:40        53848        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2009-07-16 04:40        95704        ----a-w-        c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2009-07-16 04:40        89048        ----a-w-        c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2009-08-23 12:11        20696        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2009-07-16 04:40        24920        ----a-w-        c:\windows\system32\drivers\aavmker4.sys
2011-12-07 21:19 . 2011-12-07 21:18        17010016        -c--a-w-        c:\programme\IE8-WindowsXP-x86-DEU.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15        123536        ----a-w-        c:\programme\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-05-02 49152]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"nwiz"="nwiz.exe" [2003-05-02 323584]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-17 50688]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [15.07.2011 13:19 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.07.2009 06:40 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.08.2009 14:11 20696]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [15.07.2009 23:32 61440]
S2 Application Updater;Application Updater;"c:\programme\Application Updater\ApplicationUpdater.exe" --> c:\programme\Application Updater\ApplicationUpdater.exe [?]
S2 DefaultTabUpdate;DefaultTabUpdate;c:\dokumente und einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe [12.05.2012 14:48 114240]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [22.05.2012 13:45 136176]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [22.05.2012 13:45 136176]
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [15.07.2009 23:32 17280]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [15.07.2009 23:32 17152]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [15.07.2009 23:32 17536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv        REG_MULTI_SZ          Tapisrv
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-05-22 11:45]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-05-22 11:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\olli\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxps://shop.aldisued-fotos-druck.de/shop/aurigma/ImageUploader6.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-30 21:33
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun]
"ImagePath"="\??\c:\huadio.tmp"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(1472)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-05-30  21:38:20
ComboFix-quarantined-files.txt  2012-05-30 19:38
ComboFix2.txt  2012-05-29 19:34
.
Vor Suchlauf: 3.431.481.344 Bytes frei
Nach Suchlauf: 3.496.923.136 Bytes frei
.
- - End Of File - - 8AA51C95682CDEA1AE212DA93A7A8516
--- --- ---

Gruss Olli

cosinus 30.05.2012 21:07
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

olli74 31.05.2012 21:06
anbei die gewünschten Logs:
Gmer
[code]
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-31 21:29:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-00DKA0 rev.77.07W77
Running: 58f50cnb.exe; Driver: C:\DOKUME~1\olli\LOKALE~1\Temp\awadiaoc.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwAddBootEntry [0xAEA96DF8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                              ZwAllocateVirtualMemory [0xAF6B0A5A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwAssignProcessToJobObject [0xAEA9785E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwClose [0xAEAC3D5D]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwCreateEvent [0xAEA9C2E4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwCreateEventPair [0xAEA9C330]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwCreateIoCompletion [0xAEA9C422]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwCreateKey [0xAEAC3711]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwCreateMutant [0xAEA9C252]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwCreateSection [0xAEA9C374]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwCreateSemaphore [0xAEA9C29A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwCreateTimer [0xAEA9C3DC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwDeleteBootEntry [0xAEA96E44]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwDeleteKey [0xAEAC4423]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwDeleteValueKey [0xAEAC46D9]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwDuplicateObject [0xAEA999A8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwEnumerateKey [0xAEAC428E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwEnumerateValueKey [0xAEAC40F9]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                              ZwFreeVirtualMemory [0xAF6B0B34]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwLoadDriver [0xAEA96AD6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwModifyBootEntry [0xAEA96E90]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwNotifyChangeKey [0xAEA99D1C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwNotifyChangeMultipleKeys [0xAEA97B02]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwOpenEvent [0xAEA9C30E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwOpenEventPair [0xAEA9C352]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwOpenIoCompletion [0xAEA9C446]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwOpenKey [0xAEAC3A6D]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwOpenMutant [0xAEA9C278]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwOpenProcess [0xAEA99518]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwOpenSection [0xAEA9C3AE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwOpenSemaphore [0xAEA9C2C2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwOpenThread [0xAEA9974C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwOpenTimer [0xAEA9C400]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                              ZwProtectVirtualMemory [0xAF6B0CA0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwQueryKey [0xAEAC3F74]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwQueryObject [0xAEA979CE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwQueryValueKey [0xAEAC3DC6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                              ZwRenameKey [0xAF6BAB68]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwRestoreKey [0xAEAC2D84]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwSetBootEntryOrder [0xAEA96EDC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwSetBootOptions [0xAEA96F28]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwSetSystemInformation [0xAEA96B46]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwSetSystemPowerState [0xAEA96CEA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwSetValueKey [0xAEAC452A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwShutdownSystem [0xAEA96C92]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwSystemDebugControl [0xAEA96D5A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                              ZwTerminateProcess [0xAF6B0D60]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                              ZwVdmControl [0xAEA96F74]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                              ZwWriteVirtualMemory [0xAF6B0BE0]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                              ZwCreateProcessEx [0xAF6C6D92]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                              ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                              ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!_abnormal_termination + F0                                                                                            804E275C 1 Byte  [11]
PAGE            ntoskrnl.exe!ObInsertObject                                                                                                        805650BA 5 Bytes  JMP AF6C574C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC                                                                                        8056BB08 4 Bytes  CALL AEA9819F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntoskrnl.exe!ZwCreateProcessEx                                                                                                    8058124C 7 Bytes  JMP AF6C6D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ObMakeTemporaryObject                                                                                                805A038B 5 Bytes  JMP AF6C3C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text          win32k.sys!EngFreeUserMem + 674                                                                                                    BF8098F2 5 Bytes  JMP AEA9B180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngFreeUserMem + 35D0                                                                                                  BF80C84E 5 Bytes  JMP AEA9B07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngDeleteSurface + 45                                                                                                  BF8138E6 5 Bytes  JMP AEA9B036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3                                                                                          BF81C550 5 Bytes  JMP AEA9A724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngSetLastError + 79A8                                                                                                  BF8240C0 5 Bytes  JMP AEA99F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngCreateBitmap + F9C                                                                                                  BF828A2A 5 Bytes  JMP AEA9B2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngUnmapFontFileFD + 2C50                                                                                              BF831475 5 Bytes  JMP AEA9B4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngUnmapFontFileFD + B68E                                                                                              BF839EB3 5 Bytes  JMP AEA9AF3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!FONTOBJ_pxoGetXform + 84ED                                                                                              BF851745 5 Bytes  JMP AEA99E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!XLATEOBJ_iXlate + F17                                                                                                  BF85BC6A 5 Bytes  JMP AEA9A7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!XLATEOBJ_iXlate + 3581                                                                                                  BF85E2D4 5 Bytes  JMP AEA9A384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!XLATEOBJ_iXlate + 360C                                                                                                  BF85E35F 5 Bytes  JMP AEA9A562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngCreatePalette + 88                                                                                                  BF85F5D2 5 Bytes  JMP AEA99E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngCreatePalette + 5457                                                                                                BF8649A1 5 Bytes  JMP AEA9B0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngGetCurrentCodePage + 4128                                                                                            BF873CF0 5 Bytes  JMP AEA9A51C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngGetLastError + 1606                                                                                                  BF890FA2 5 Bytes  JMP AEA9A7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngGradientFill + 26EE                                                                                                  BF89454D 5 Bytes  JMP AEA9B232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngStretchBltROP + 583                                                                                                  BF895025 5 Bytes  JMP AEA9B450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngCopyBits + 3857                                                                                                      BF89C3CB 5 Bytes  JMP AEA9A70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngCopyBits + 4DEC                                                                                                      BF89D960 5 Bytes  JMP AEA99FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngEraseSurface + A9E0                                                                                                  BF8C1EE0 5 Bytes  JMP AEA9A104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngFillPath + 1517                                                                                                      BF8CA342 5 Bytes  JMP AEA9A1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngFillPath + 1797                                                                                                      BF8CA5C2 5 Bytes  JMP AEA9A2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngDeleteSemaphore + 3B3E                                                                                              BF8EC017 5 Bytes  JMP AEA99D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngDeleteSemaphore + CB3D                                                                                              BF8F5016 5 Bytes  JMP AEA9A73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngCreateClip + 19DF                                                                                                    BF913566 5 Bytes  JMP AEA99F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngCreateClip + 25B3                                                                                                    BF91413A 5 Bytes  JMP AEA9A0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngCreateClip + 4F2C                                                                                                    BF916AB3 5 Bytes  JMP AEA9A67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngPlgBlt + 1940                                                                                                        BF946632 5 Bytes  JMP AEA9B3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!LdrLoadDll                                                                          7C92632D 5 Bytes  JMP 000901F8
.text          C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!RtlDosSearchPath_U + 186                                                            7C926865 1 Byte  [62]
.text          C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!LdrUnloadDll                                                                        7C9271CD 5 Bytes  JMP 000903FC
.text          C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!GetBinaryTypeW + 80                                                              7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\System32\svchost.exe[148] ADVAPI32.dll!SetServiceObjectSecurity                                                        77E06D81 5 Bytes  JMP 002B1014
.text          C:\WINDOWS\System32\svchost.exe[148] ADVAPI32.dll!ChangeServiceConfigA                                                            77E06E69 5 Bytes  JMP 002B0804
.text          C:\WINDOWS\System32\svchost.exe[148] ADVAPI32.dll!ChangeServiceConfigW                                                            77E07001 5 Bytes  JMP 002B0A08
.text          C:\WINDOWS\System32\svchost.exe[148] ADVAPI32.dll!ChangeServiceConfig2A                                                            77E07101 5 Bytes  JMP 002B0C0C
.text          C:\WINDOWS\System32\svchost.exe[148] ADVAPI32.dll!ChangeServiceConfig2W                                                            77E07189 5 Bytes  JMP 002B0E10
.text          C:\WINDOWS\System32\svchost.exe[148] ADVAPI32.dll!CreateServiceA                                                                  77E07211 5 Bytes  JMP 002B01F8
.text          C:\WINDOWS\System32\svchost.exe[148] ADVAPI32.dll!CreateServiceW                                                                  77E073A9 5 Bytes  JMP 002B03FC
.text          C:\WINDOWS\System32\svchost.exe[148] ADVAPI32.dll!DeleteService                                                                    77E074B1 5 Bytes  JMP 002B0600
.text          C:\WINDOWS\System32\svchost.exe[148] USER32.dll!SetWindowsHookExW                                                                  7E37820F 5 Bytes  JMP 002C0804
.text          C:\WINDOWS\System32\svchost.exe[148] USER32.dll!UnhookWindowsHookEx                                                                7E37D5F3 5 Bytes  JMP 002C0A08
.text          C:\WINDOWS\System32\svchost.exe[148] USER32.dll!SetWindowsHookExA                                                                  7E381211 5 Bytes  JMP 002C0600
.text          C:\WINDOWS\System32\svchost.exe[148] USER32.dll!SetWinEventHook                                                                    7E3817F7 5 Bytes  JMP 002C01F8
.text          C:\WINDOWS\System32\svchost.exe[148] USER32.dll!UnhookWinEvent                                                                    7E3818AC 5 Bytes  JMP 002C03FC
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] ntdll.dll!LdrLoadDll                  7C92632D 5 Bytes  JMP 001501F8
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] ntdll.dll!RtlDosSearchPath_U + 186    7C926865 1 Byte  [62]
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] ntdll.dll!LdrUnloadDll                7C9271CD 5 Bytes  JMP 001503FC
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] kernel32.dll!GetBinaryTypeW + 80      7C868D8C 1 Byte  [62]
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] USER32.dll!SetWindowsHookExW          7E37820F 5 Bytes  JMP 00390804
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] USER32.dll!UnhookWindowsHookEx        7E37D5F3 5 Bytes  JMP 00390A08
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] USER32.dll!SetWindowsHookExA          7E381211 5 Bytes  JMP 00390600
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] USER32.dll!SetWinEventHook            7E3817F7 5 Bytes  JMP 003901F8
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] USER32.dll!UnhookWinEvent              7E3818AC 3 Bytes  JMP 003903FC
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] USER32.dll!UnhookWinEvent + 4          7E3818B0 1 Byte  [82]
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] ADVAPI32.dll!SetServiceObjectSecurity  77E06D81 5 Bytes  JMP 003A1014
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] ADVAPI32.dll!ChangeServiceConfigA      77E06E69 5 Bytes  JMP 003A0804
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] ADVAPI32.dll!ChangeServiceConfigW      77E07001 5 Bytes  JMP 003A0A08
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] ADVAPI32.dll!ChangeServiceConfig2A    77E07101 5 Bytes  JMP 003A0C0C
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] ADVAPI32.dll!ChangeServiceConfig2W    77E07189 5 Bytes  JMP 003A0E10
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] ADVAPI32.dll!CreateServiceA            77E07211 5 Bytes  JMP 003A01F8
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] ADVAPI32.dll!CreateServiceW            77E073A9 5 Bytes  JMP 003A03FC
.text          C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe[260] ADVAPI32.dll!DeleteService            77E074B1 5 Bytes  JMP 003A0600
.text          C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[388] ntdll.dll!LdrLoadDll                                              7C92632D 5 Bytes  JMP 001401F8
.text          C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[388] ntdll.dll!RtlDosSearchPath_U + 186                                7C926865 1 Byte  [62]
.text          C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[388] ntdll.dll!LdrUnloadDll                                            7C9271CD 5 Bytes  JMP 001403FC
.text          C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[388] kernel32.dll!GetBinaryTypeW + 80                                  7C868D8C 1 Byte  [62]
.text          C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[388] ADVAPI32.dll!SetServiceObjectSecurity                            77E06D81 5 Bytes  JMP 00381014
.text          C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[388] ADVAPI32.dll!ChangeServiceConfigA                                77E06E69 5 Bytes  JMP 00380804
.text          C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[388] ADVAPI32.dll!ChangeServiceConfigW                                77E07001 5 Bytes  JMP 00380A08
.text          C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[388] ADVAPI32.dll!ChangeServiceConfig2A                                77E07101 5 Bytes  JMP 00380C0C
.text          C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[388] ADVAPI32.dll!ChangeServiceConfig2W                                77E07189 5 Bytes  JMP 00380E10
.text          C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[388] ADVAPI32.dll!CreateServiceA                                      77E07211 5 Bytes  JMP 003801F8
.text          C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[388] ADVAPI32.dll!CreateServiceW                                      77E073A9 5 Bytes  JMP 003803FC
.text          C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[388] ADVAPI32.dll!DeleteService                                        77E074B1 5 Bytes  JMP 00380600
.text          C:\WINDOWS\System32\nvsvc32.exe[436] ntdll.dll!LdrLoadDll                                                                          7C92632D 5 Bytes  JMP 001401F8
.text          C:\WINDOWS\System32\nvsvc32.exe[436] ntdll.dll!RtlDosSearchPath_U + 186                                                            7C926865 1 Byte  [62]
.text          C:\WINDOWS\System32\nvsvc32.exe[436] ntdll.dll!LdrUnloadDll                                                                        7C9271CD 5 Bytes  JMP 001403FC
.text          C:\WINDOWS\System32\nvsvc32.exe[436] kernel32.dll!GetBinaryTypeW + 80                                                              7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\System32\nvsvc32.exe[436] USER32.dll!SetWindowsHookExW                                                                  7E37820F 5 Bytes  JMP 00380804
.text          C:\WINDOWS\System32\nvsvc32.exe[436] USER32.dll!UnhookWindowsHookEx                                                                7E37D5F3 3 Bytes  JMP 00380A08
.text          C:\WINDOWS\System32\nvsvc32.exe[436] USER32.dll!UnhookWindowsHookEx + 4                                                            7E37D5F7 1 Byte  [82]
.text          C:\WINDOWS\System32\nvsvc32.exe[436] USER32.dll!SetWindowsHookExA                                                                  7E381211 5 Bytes  JMP 00380600
.text          C:\WINDOWS\System32\nvsvc32.exe[436] USER32.dll!SetWinEventHook                                                                    7E3817F7 5 Bytes  JMP 003801F8
.text          C:\WINDOWS\System32\nvsvc32.exe[436] USER32.dll!UnhookWinEvent                                                                    7E3818AC 5 Bytes  JMP 003803FC
.text          C:\WINDOWS\System32\nvsvc32.exe[436] ADVAPI32.dll!SetServiceObjectSecurity                                                        77E06D81 3 Bytes  JMP 00391014
.text          C:\WINDOWS\System32\nvsvc32.exe[436] ADVAPI32.dll!SetServiceObjectSecurity + 4                                                    77E06D85 1 Byte  [88]
.text          C:\WINDOWS\System32\nvsvc32.exe[436] ADVAPI32.dll!ChangeServiceConfigA                                                            77E06E69 5 Bytes  JMP 00390804
.text          C:\WINDOWS\System32\nvsvc32.exe[436] ADVAPI32.dll!ChangeServiceConfigW                                                            77E07001 5 Bytes  JMP 00390A08
.text          C:\WINDOWS\System32\nvsvc32.exe[436] ADVAPI32.dll!ChangeServiceConfig2A                                                            77E07101 5 Bytes  JMP 00390C0C
.text          C:\WINDOWS\System32\nvsvc32.exe[436] ADVAPI32.dll!ChangeServiceConfig2W                                                            77E07189 5 Bytes  JMP 00390E10
.text          C:\WINDOWS\System32\nvsvc32.exe[436] ADVAPI32.dll!CreateServiceA                                                                  77E07211 5 Bytes  JMP 003901F8
.text          C:\WINDOWS\System32\nvsvc32.exe[436] ADVAPI32.dll!CreateServiceW                                                                  77E073A9 5 Bytes  JMP 003903FC
.text          C:\WINDOWS\System32\nvsvc32.exe[436] ADVAPI32.dll!DeleteService                                                                    77E074B1 5 Bytes  JMP 00390600
.text          C:\WINDOWS\System32\smss.exe[548] ntdll.dll!RtlDosSearchPath_U + 186                                                              7C926865 1 Byte  [62]
.text          C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!RtlDosSearchPath_U + 186                                                              7C926865 1 Byte  [62]
.text          C:\WINDOWS\system32\csrss.exe[596] KERNEL32.dll!GetBinaryTypeW + 80                                                                7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!LdrLoadDll                                                                        7C92632D 5 Bytes  JMP 000701F8
.text          C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!RtlDosSearchPath_U + 186                                                          7C926865 1 Byte  [62]
.text          C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!LdrUnloadDll                                                                      7C9271CD 5 Bytes  JMP 000703FC
.text          C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!GetBinaryTypeW + 80                                                            7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!SetServiceObjectSecurity                                                        77E06D81 5 Bytes  JMP 002B1014
.text          C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!ChangeServiceConfigA                                                            77E06E69 5 Bytes  JMP 002B0804
.text          C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!ChangeServiceConfigW                                                            77E07001 5 Bytes  JMP 002B0A08
.text          C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!ChangeServiceConfig2A                                                          77E07101 5 Bytes  JMP 002B0C0C
.text          C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!ChangeServiceConfig2W                                                          77E07189 5 Bytes  JMP 002B0E10
.text          C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!CreateServiceA                                                                  77E07211 5 Bytes  JMP 002B01F8
.text          C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!CreateServiceW                                                                  77E073A9 5 Bytes  JMP 002B03FC
.text          C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!DeleteService                                                                  77E074B1 5 Bytes  JMP 002B0600
.text          C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!SetWindowsHookExW                                                                7E37820F 5 Bytes  JMP 002C0804
.text          C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!UnhookWindowsHookEx                                                              7E37D5F3 5 Bytes  JMP 002C0A08
.text          C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!SetWindowsHookExA                                                                7E381211 5 Bytes  JMP 002C0600
.text          C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!SetWinEventHook                                                                  7E3817F7 5 Bytes  JMP 002C01F8
.text          C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!UnhookWinEvent                                                                    7E3818AC 5 Bytes  JMP 002C03FC
.text          C:\WINDOWS\system32\services.exe[664] ntdll.dll!LdrLoadDll                                                                        7C92632D 5 Bytes  JMP 000901F8
.text          C:\WINDOWS\system32\services.exe[664] ntdll.dll!RtlDosSearchPath_U + 186                                                          7C926865 1 Byte  [62]
.text          C:\WINDOWS\system32\services.exe[664] ntdll.dll!LdrUnloadDll                                                                      7C9271CD 5 Bytes  JMP 000903FC
.text          C:\WINDOWS\system32\services.exe[664] kernel32.dll!GetBinaryTypeW + 80                                                            7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\system32\services.exe[664] ADVAPI32.dll!SetServiceObjectSecurity                                                        77E06D81 5 Bytes  JMP 002B1014
.text          C:\WINDOWS\system32\services.exe[664] ADVAPI32.dll!ChangeServiceConfigA                                                            77E06E69 5 Bytes  JMP 002B0804
.text          C:\WINDOWS\system32\services.exe[664] ADVAPI32.dll!ChangeServiceConfigW                                                            77E07001 5 Bytes  JMP 002B0A08
.text          C:\WINDOWS\system32\services.exe[664] ADVAPI32.dll!ChangeServiceConfig2A                                                          77E07101 5 Bytes  JMP 002B0C0C
.text          C:\WINDOWS\system32\services.exe[664] ADVAPI32.dll!ChangeServiceConfig2W                                                          77E07189 5 Bytes  JMP 002B0E10
.text          C:\WINDOWS\system32\services.exe[664] ADVAPI32.dll!CreateServiceA                                                                  77E07211 5 Bytes  JMP 002B01F8
.text          C:\WINDOWS\system32\services.exe[664] ADVAPI32.dll!CreateServiceW                                                                  77E073A9 5 Bytes  JMP 002B03FC
.text          C:\WINDOWS\system32\services.exe[664] ADVAPI32.dll!DeleteService                                                                  77E074B1 5 Bytes  JMP 002B0600
.text          C:\WINDOWS\system32\services.exe[664] USER32.dll!SetWindowsHookExW                                                                7E37820F 5 Bytes  JMP 002C0804
.text          C:\WINDOWS\system32\services.exe[664] USER32.dll!UnhookWindowsHookEx                                                              7E37D5F3 5 Bytes  JMP 002C0A08
.text          C:\WINDOWS\system32\services.exe[664] USER32.dll!SetWindowsHookExA                                                                7E381211 5 Bytes  JMP 002C0600
.text          C:\WINDOWS\system32\services.exe[664] USER32.dll!SetWinEventHook                                                                  7E3817F7 5 Bytes  JMP 002C01F8
.text          C:\WINDOWS\system32\services.exe[664] USER32.dll!UnhookWinEvent                                                                    7E3818AC 5 Bytes  JMP 002C03FC
.text          C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!LdrLoadDll                                                                            7C92632D 5 Bytes  JMP 000901F8
.text          C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!RtlDosSearchPath_U + 186                                                              7C926865 1 Byte  [62]
.text          C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!LdrUnloadDll                                                                          7C9271CD 5 Bytes  JMP 000903FC
.text          C:\WINDOWS\system32\lsass.exe[676] kernel32.dll!GetBinaryTypeW + 80                                                                7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\system32\lsass.exe[676] ADVAPI32.dll!SetServiceObjectSecurity                                                          77E06D81 5 Bytes  JMP 002B1014
.text          C:\WINDOWS\system32\lsass.exe[676] ADVAPI32.dll!ChangeServiceConfigA                                                              77E06E69 5 Bytes  JMP 002B0804
.text          C:\WINDOWS\system32\lsass.exe[676] ADVAPI32.dll!ChangeServiceConfigW                                                              77E07001 5 Bytes  JMP 002B0A08
.text          C:\WINDOWS\system32\lsass.exe[676] ADVAPI32.dll!ChangeServiceConfig2A                                                              77E07101 5 Bytes  JMP 002B0C0C
.text          C:\WINDOWS\system32\lsass.exe[676] ADVAPI32.dll!ChangeServiceConfig2W                                                              77E07189 5 Bytes  JMP 002B0E10
.text          C:\WINDOWS\system32\lsass.exe[676] ADVAPI32.dll!CreateServiceA                                                                    77E07211 5 Bytes  JMP 002B01F8
.text          C:\WINDOWS\system32\lsass.exe[676] ADVAPI32.dll!CreateServiceW                                                                    77E073A9 5 Bytes  JMP 002B03FC
.text          C:\WINDOWS\system32\lsass.exe[676] ADVAPI32.dll!DeleteService                                                                      77E074B1 5 Bytes  JMP 002B0600
.text          C:\WINDOWS\system32\lsass.exe[676] USER32.dll!SetWindowsHookExW                                                                    7E37820F 5 Bytes  JMP 002C0804
.text          C:\WINDOWS\system32\lsass.exe[676] USER32.dll!UnhookWindowsHookEx                                                                  7E37D5F3 5 Bytes  JMP 002C0A08
.text          C:\WINDOWS\system32\lsass.exe[676] USER32.dll!SetWindowsHookExA                                                                    7E381211 5 Bytes  JMP 002C0600
.text          C:\WINDOWS\system32\lsass.exe[676] USER32.dll!SetWinEventHook                                                                      7E3817F7 5 Bytes  JMP 002C01F8
.text          C:\WINDOWS\system32\lsass.exe[676] USER32.dll!UnhookWinEvent                                                                      7E3818AC 5 Bytes  JMP 002C03FC
.text          C:\WINDOWS\System32\svchost.exe[796] ntdll.dll!LdrLoadDll                                                                          7C92632D 5 Bytes  JMP 000901F8
.text          C:\WINDOWS\System32\svchost.exe[796] ntdll.dll!RtlDosSearchPath_U + 186                                                            7C926865 1 Byte  [62]
.text          C:\WINDOWS\System32\svchost.exe[796] ntdll.dll!LdrUnloadDll                                                                        7C9271CD 5 Bytes  JMP 000903FC
.text          C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!GetBinaryTypeW + 80                                                              7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!SetServiceObjectSecurity                                                        77E06D81 5 Bytes  JMP 002B1014
.text          C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!ChangeServiceConfigA                                                            77E06E69 5 Bytes  JMP 002B0804
.text          C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!ChangeServiceConfigW                                                            77E07001 5 Bytes  JMP 002B0A08
.text          C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!ChangeServiceConfig2A                                                            77E07101 5 Bytes  JMP 002B0C0C
.text          C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!ChangeServiceConfig2W                                                            77E07189 5 Bytes  JMP 002B0E10
.text          C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!CreateServiceA                                                                  77E07211 5 Bytes  JMP 002B01F8
.text          C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!CreateServiceW                                                                  77E073A9 5 Bytes  JMP 002B03FC
.text          C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!DeleteService                                                                    77E074B1 5 Bytes  JMP 002B0600
.text          C:\WINDOWS\System32\svchost.exe[796] USER32.dll!SetWindowsHookExW                                                                  7E37820F 5 Bytes  JMP 002C0804
.text          C:\WINDOWS\System32\svchost.exe[796] USER32.dll!UnhookWindowsHookEx                                                                7E37D5F3 5 Bytes  JMP 002C0A08
.text          C:\WINDOWS\System32\svchost.exe[796] USER32.dll!SetWindowsHookExA                                                                  7E381211 5 Bytes  JMP 002C0600
.text          C:\WINDOWS\System32\svchost.exe[796] USER32.dll!SetWinEventHook                                                                    7E3817F7 5 Bytes  JMP 002C01F8
.text          C:\WINDOWS\System32\svchost.exe[796] USER32.dll!UnhookWinEvent                                                                    7E3818AC 5 Bytes  JMP 002C03FC
.text          C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!LdrLoadDll                                                                          7C92632D 5 Bytes  JMP 000901F8
.text          C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!RtlDosSearchPath_U + 186                                                            7C926865 1 Byte  [62]
.text          C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!LdrUnloadDll                                                                        7C9271CD 5 Bytes  JMP 000903FC
.text          C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!GetBinaryTypeW + 80                                                              7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!SetServiceObjectSecurity                                                        77E06D81 5 Bytes  JMP 002B1014
.text          C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!ChangeServiceConfigA                                                            77E06E69 5 Bytes  JMP 002B0804
.text          C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!ChangeServiceConfigW                                                            77E07001 5 Bytes  JMP 002B0A08
.text          C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!ChangeServiceConfig2A                                                            77E07101 5 Bytes  JMP 002B0C0C
.text          C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!ChangeServiceConfig2W                                                            77E07189 5 Bytes  JMP 002B0E10
.text          C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!CreateServiceA                                                                  77E07211 5 Bytes  JMP 002B01F8
.text          C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!CreateServiceW                                                                  77E073A9 5 Bytes  JMP 002B03FC
.text          C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!DeleteService                                                                    77E074B1 5 Bytes  JMP 002B0600
.text          C:\WINDOWS\system32\svchost.exe[832] USER32.dll!SetWindowsHookExW                                                                  7E37820F 5 Bytes  JMP 002C0804
.text          C:\WINDOWS\system32\svchost.exe[832] USER32.dll!UnhookWindowsHookEx                                                                7E37D5F3 5 Bytes  JMP 002C0A08
.text          C:\WINDOWS\system32\svchost.exe[832] USER32.dll!SetWindowsHookExA                                                                  7E381211 5 Bytes  JMP 002C0600
.text          C:\WINDOWS\system32\svchost.exe[832] USER32.dll!SetWinEventHook                                                                    7E3817F7 5 Bytes  JMP 002C01F8
.text          C:\WINDOWS\system32\svchost.exe[832] USER32.dll!UnhookWinEvent                                                                    7E3818AC 5 Bytes  JMP 002C03FC
.text          C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!LdrLoadDll                                                                          7C92632D 5 Bytes  JMP 000901F8
.text          C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!RtlDosSearchPath_U + 186                                                            7C926865 1 Byte  [62]
.text          C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!LdrUnloadDll                                                                        7C9271CD 5 Bytes  JMP 000903FC
.text          C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!GetBinaryTypeW + 80                                                              7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!SetServiceObjectSecurity                                                        77E06D81 5 Bytes  JMP 002B1014
.text          C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!ChangeServiceConfigA                                                            77E06E69 5 Bytes  JMP 002B0804
.text          C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!ChangeServiceConfigW                                                            77E07001 5 Bytes  JMP 002B0A08
.text          C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!ChangeServiceConfig2A                                                            77E07101 5 Bytes  JMP 002B0C0C
.text          C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!ChangeServiceConfig2W                                                            77E07189 5 Bytes  JMP 002B0E10
.text          C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!CreateServiceA                                                                  77E07211 5 Bytes  JMP 002B01F8
.text          C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!CreateServiceW                                                                  77E073A9 5 Bytes  JMP 002B03FC
.text          C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!DeleteService                                                                    77E074B1 5 Bytes  JMP 002B0600
.text          C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExW                                                                  7E37820F 5 Bytes  JMP 002C0804
.text          C:\WINDOWS\system32\svchost.exe[884] USER32.dll!UnhookWindowsHookEx                                                                7E37D5F3 5 Bytes  JMP 002C0A08
.text          C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExA                                                                  7E381211 5 Bytes  JMP 002C0600
.text          C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWinEventHook                                                                    7E3817F7 5 Bytes  JMP 002C01F8
.text          C:\WINDOWS\system32\svchost.exe[884] USER32.dll!UnhookWinEvent                                                                    7E3818AC 5 Bytes  JMP 002C03FC
.text          C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!LdrLoadDll                                                                          7C92632D 5 Bytes  JMP 000901F8
.text          C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!RtlDosSearchPath_U + 186                                                            7C926865 1 Byte  [62]
.text          C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!LdrUnloadDll                                                                        7C9271CD 5 Bytes  JMP 000903FC
.text          C:\WINDOWS\System32\svchost.exe[952] kernel32.dll!GetBinaryTypeW + 80                                                              7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\System32\svchost.exe[952] ADVAPI32.dll!SetServiceObjectSecurity                                                        77E06D81 5 Bytes  JMP 002B1014
.text          C:\WINDOWS\System32\svchost.exe[952] ADVAPI32.dll!ChangeServiceConfigA                                                            77E06E69 5 Bytes  JMP 002B0804
.text          C:\WINDOWS\System32\svchost.exe[952] ADVAPI32.dll!ChangeServiceConfigW                                                            77E07001 5 Bytes  JMP 002B0A08
.text          C:\WINDOWS\System32\svchost.exe[952] ADVAPI32.dll!ChangeServiceConfig2A                                                            77E07101 5 Bytes  JMP 002B0C0C
.text          C:\WINDOWS\System32\svchost.exe[952] ADVAPI32.dll!ChangeServiceConfig2W                                                            77E07189 5 Bytes  JMP 002B0E10
.text          C:\WINDOWS\System32\svchost.exe[952] ADVAPI32.dll!CreateServiceA                                                                  77E07211 5 Bytes  JMP 002B01F8
.text          C:\WINDOWS\System32\svchost.exe[952] ADVAPI32.dll!CreateServiceW                                                                  77E073A9 5 Bytes  JMP 002B03FC
.text          C:\WINDOWS\System32\svchost.exe[952] ADVAPI32.dll!DeleteService                                                                    77E074B1 5 Bytes  JMP 002B0600
.text          C:\WINDOWS\System32\svchost.exe[952] USER32.dll!SetWindowsHookExW                                                                  7E37820F 5 Bytes  JMP 002C0804
.text          C:\WINDOWS\System32\svchost.exe[952] USER32.dll!UnhookWindowsHookEx                                                                7E37D5F3 5 Bytes  JMP 002C0A08
.text          C:\WINDOWS\System32\svchost.exe[952] USER32.dll!SetWindowsHookExA                                                                  7E381211 5 Bytes  JMP 002C0600
.text          C:\WINDOWS\System32\svchost.exe[952] USER32.dll!SetWinEventHook                                                                    7E3817F7 5 Bytes  JMP 002C01F8
.text          C:\WINDOWS\System32\svchost.exe[952] USER32.dll!UnhookWinEvent                                                                    7E3818AC 5 Bytes  JMP 002C03FC
.text          C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!LdrLoadDll                                                                        7C92632D 5 Bytes  JMP 000901F8
.text          C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!RtlDosSearchPath_U + 186                                                          7C926865 1 Byte  [62]
.text          C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!LdrUnloadDll                                                                      7C9271CD 5 Bytes  JMP 000903FC
.text          C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 80                                                            7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity                                                        77E06D81 5 Bytes  JMP 002B1014
.text          C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigA                                                            77E06E69 5 Bytes  JMP 002B0804
.text          C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigW                                                            77E07001 5 Bytes  JMP 002B0A08
.text          C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A                                                          77E07101 5 Bytes  JMP 002B0C0C
.text          C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W                                                          77E07189 5 Bytes  JMP 002B0E10
.text          C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!CreateServiceA                                                                  77E07211 5 Bytes  JMP 002B01F8
.text          C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!CreateServiceW                                                                  77E073A9 5 Bytes  JMP 002B03FC
.text          C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!DeleteService                                                                  77E074B1 5 Bytes  JMP 002B0600
.text          C:\WINDOWS\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExW                                                                7E37820F 5 Bytes  JMP 002C0804
.text          C:\WINDOWS\System32\svchost.exe[1060] USER32.dll!UnhookWindowsHookEx                                                              7E37D5F3 5 Bytes  JMP 002C0A08
.text          C:\WINDOWS\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExA                                                                7E381211 5 Bytes  JMP 002C0600
.text          C:\WINDOWS\System32\svchost.exe[1060] USER32.dll!SetWinEventHook                                                                  7E3817F7 5 Bytes  JMP 002C01F8
.text          C:\WINDOWS\System32\svchost.exe[1060] USER32.dll!UnhookWinEvent                                                                    7E3818AC 5 Bytes  JMP 002C03FC
.text          C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!LdrLoadDll                                                                        7C92632D 5 Bytes  JMP 000901F8
.text          C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!RtlDosSearchPath_U + 186                                                          7C926865 1 Byte  [62]
.text          C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!LdrUnloadDll                                                                      7C9271CD 5 Bytes  JMP 000903FC
.text          C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetBinaryTypeW + 80                                                            7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!SetServiceObjectSecurity                                                        77E06D81 5 Bytes  JMP 002B1014
.text          C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigA                                                            77E06E69 5 Bytes  JMP 002B0804
.text          C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigW                                                            77E07001 5 Bytes  JMP 002B0A08
.text          C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2A                                                          77E07101 5 Bytes  JMP 002B0C0C
.text          C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2W                                                          77E07189 5 Bytes  JMP 002B0E10
.text          C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!CreateServiceA                                                                  77E07211 5 Bytes  JMP 002B01F8
.text          C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!CreateServiceW                                                                  77E073A9 5 Bytes  JMP 002B03FC
.text          C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!DeleteService                                                                  77E074B1 5 Bytes  JMP 002B0600
.text          C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExW                                                                7E37820F 5 Bytes  JMP 002C0804
.text          C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!UnhookWindowsHookEx                                                              7E37D5F3 5 Bytes  JMP 002C0A08
.text          C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExA                                                                7E381211 5 Bytes  JMP 002C0600
.text          C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!SetWinEventHook                                                                  7E3817F7 5 Bytes  JMP 002C01F8
.text          C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!UnhookWinEvent                                                                    7E3818AC 5 Bytes  JMP 002C03FC
.text          C:\WINDOWS\Explorer.EXE[1332] ntdll.dll!LdrLoadDll                                                                                7C92632D 5 Bytes  JMP 000901F8
.text          C:\WINDOWS\Explorer.EXE[1332] ntdll.dll!RtlDosSearchPath_U + 186                                                                  7C926865 1 Byte  [62]
.text          C:\WINDOWS\Explorer.EXE[1332] ntdll.dll!LdrUnloadDll                                                                              7C9271CD 5 Bytes  JMP 000903FC
.text          C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!GetBinaryTypeW + 80                                                                    7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!SetServiceObjectSecurity                                                                77E06D81 5 Bytes  JMP 002C1014
.text          C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!ChangeServiceConfigA                                                                    77E06E69 5 Bytes  JMP 002C0804
.text          C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!ChangeServiceConfigW                                                                    77E07001 5 Bytes  JMP 002C0A08
.text          C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!ChangeServiceConfig2A                                                                  77E07101 5 Bytes  JMP 002C0C0C
.text          C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!ChangeServiceConfig2W                                                                  77E07189 5 Bytes  JMP 002C0E10
.text          C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!CreateServiceA                                                                          77E07211 5 Bytes  JMP 002C01F8
.text          C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!CreateServiceW                                                                          77E073A9 5 Bytes  JMP 002C03FC
.text          C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!DeleteService                                                                          77E074B1 5 Bytes  JMP 002C0600
.text          C:\WINDOWS\Explorer.EXE[1332] USER32.dll!SetWindowsHookExW                                                                        7E37820F 5 Bytes  JMP 002D0804
.text          C:\WINDOWS\Explorer.EXE[1332] USER32.dll!UnhookWindowsHookEx                                                                      7E37D5F3 5 Bytes  JMP 002D0A08
.text          C:\WINDOWS\Explorer.EXE[1332] USER32.dll!SetWindowsHookExA                                                                        7E381211 5 Bytes  JMP 002D0600
.text          C:\WINDOWS\Explorer.EXE[1332] USER32.dll!SetWinEventHook                                                                          7E3817F7 5 Bytes  JMP 002D01F8
.text          C:\WINDOWS\Explorer.EXE[1332] USER32.dll!UnhookWinEvent                                                                            7E3818AC 5 Bytes  JMP 002D03FC
.text          C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1396] ntdll.dll!RtlDosSearchPath_U + 186                                          7C926865 1 Byte  [62]
.text          C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1396] kernel32.dll!SetUnhandledExceptionFilter                                    7C84495D 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text          C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1396] kernel32.dll!GetBinaryTypeW + 80                                            7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\system32\spoolsv.exe[1476] ntdll.dll!LdrLoadDll                                                                        7C92632D 5 Bytes  JMP 000901F8
.text          C:\WINDOWS\system32\spoolsv.exe[1476] ntdll.dll!RtlDosSearchPath_U + 186                                                          7C926865 1 Byte  [62]
.text          C:\WINDOWS\system32\spoolsv.exe[1476] ntdll.dll!LdrUnloadDll                                                                      7C9271CD 5 Bytes  JMP 000903FC
.text          C:\WINDOWS\system32\spoolsv.exe[1476] kernel32.dll!GetBinaryTypeW + 80                                                            7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\system32\spoolsv.exe[1476] ADVAPI32.dll!SetServiceObjectSecurity                                                        77E06D81 5 Bytes  JMP 002B1014
.text          C:\WINDOWS\system32\spoolsv.exe[1476] ADVAPI32.dll!ChangeServiceConfigA                                                            77E06E69 5 Bytes  JMP 002B0804
.text          C:\WINDOWS\system32\spoolsv.exe[1476] ADVAPI32.dll!ChangeServiceConfigW                                                            77E07001 5 Bytes  JMP 002B0A08
.text          C:\WINDOWS\system32\spoolsv.exe[1476] ADVAPI32.dll!ChangeServiceConfig2A                                                          77E07101 5 Bytes  JMP 002B0C0C
.text          C:\WINDOWS\system32\spoolsv.exe[1476] ADVAPI32.dll!ChangeServiceConfig2W                                                          77E07189 5 Bytes  JMP 002B0E10
.text          C:\WINDOWS\system32\spoolsv.exe[1476] ADVAPI32.dll!CreateServiceA                                                                  77E07211 5 Bytes  JMP 002B01F8
.text          C:\WINDOWS\system32\spoolsv.exe[1476] ADVAPI32.dll!CreateServiceW                                                                  77E073A9 5 Bytes  JMP 002B03FC
.text          C:\WINDOWS\system32\spoolsv.exe[1476] ADVAPI32.dll!DeleteService                                                                  77E074B1 5 Bytes  JMP 002B0600
.text          C:\WINDOWS\system32\spoolsv.exe[1476] USER32.dll!SetWindowsHookExW                                                                7E37820F 5 Bytes  JMP 002C0804
.text          C:\WINDOWS\system32\spoolsv.exe[1476] USER32.dll!UnhookWindowsHookEx                                                              7E37D5F3 5 Bytes  JMP 002C0A08
.text          C:\WINDOWS\system32\spoolsv.exe[1476] USER32.dll!SetWindowsHookExA                                                                7E381211 5 Bytes  JMP 002C0600
.text          C:\WINDOWS\system32\spoolsv.exe[1476] USER32.dll!SetWinEventHook                                                                  7E3817F7 5 Bytes  JMP 002C01F8
.text          C:\WINDOWS\system32\spoolsv.exe[1476] USER32.dll!UnhookWinEvent                                                                    7E3818AC 5 Bytes  JMP 002C03FC
.text          C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[1892] ntdll.dll!LdrLoadDll                              7C92632D 5 Bytes  JMP 000801F8
.text          C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[1892] ntdll.dll!RtlDosSearchPath_U + 186                7C926865 1 Byte  [62]
.text          C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[1892] ntdll.dll!LdrUnloadDll                            7C9271CD 5 Bytes  JMP 000803FC
.text          C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[1892] kernel32.dll!GetBinaryTypeW + 80                  7C868D8C 1 Byte  [62]
.text          C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[1892] ADVAPI32.dll!SetServiceObjectSecurity              77E06D81 5 Bytes  JMP 002C1014
.text          C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[1892] ADVAPI32.dll!ChangeServiceConfigA                  77E06E69 5 Bytes  JMP 002C0804
.text          C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[1892] ADVAPI32.dll!ChangeServiceConfigW                  77E07001 5 Bytes  JMP 002C0A08
.text          C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[1892] ADVAPI32.dll!ChangeServiceConfig2A                77E07101 5 Bytes  JMP 002C0C0C
.text          C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[1892] ADVAPI32.dll!ChangeServiceConfig2W                77E07189 5 Bytes  JMP 002C0E10
.text          C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[1892] ADVAPI32.dll!CreateServiceA                        77E07211 5 Bytes  JMP 002C01F8
.text          C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[1892] ADVAPI32.dll!CreateServiceW                        77E073A9 5 Bytes  JMP 002C03FC
.text          C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[1892] ADVAPI32.dll!DeleteService                        77E074B1 5 Bytes  JMP 002C0600
.text          C:\WINDOWS\system32\RUNDLL32.EXE[1924] ntdll.dll!LdrLoadDll                                                                        7C92632D 5 Bytes  JMP 000901F8
.text          C:\WINDOWS\system32\RUNDLL32.EXE[1924] ntdll.dll!RtlDosSearchPath_U + 186                                                          7C926865 1 Byte  [62]
.text          C:\WINDOWS\system32\RUNDLL32.EXE[1924] ntdll.dll!LdrUnloadDll                                                                      7C9271CD 5 Bytes  JMP 000903FC
.text          C:\WINDOWS\system32\RUNDLL32.EXE[1924] kernel32.dll!GetBinaryTypeW + 80                                                            7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\system32\RUNDLL32.EXE[1924] USER32.dll!SetWindowsHookExW                                                                7E37820F 5 Bytes  JMP 002B0804
.text          C:\WINDOWS\system32\RUNDLL32.EXE[1924] USER32.dll!UnhookWindowsHookEx                                                              7E37D5F3 5 Bytes  JMP 002B0A08
.text          C:\WINDOWS\system32\RUNDLL32.EXE[1924] USER32.dll!SetWindowsHookExA                                                                7E381211 5 Bytes  JMP 002B0600
.text          C:\WINDOWS\system32\RUNDLL32.EXE[1924] USER32.dll!SetWinEventHook                                                                  7E3817F7 5 Bytes  JMP 002B01F8
.text          C:\WINDOWS\system32\RUNDLL32.EXE[1924] USER32.dll!UnhookWinEvent                                                                  7E3818AC 5 Bytes  JMP 002B03FC
.text          C:\WINDOWS\system32\RUNDLL32.EXE[1924] ADVAPI32.dll!SetServiceObjectSecurity                                                      77E06D81 5 Bytes  JMP 002C1014
.text          C:\WINDOWS\system32\RUNDLL32.EXE[1924] ADVAPI32.dll!ChangeServiceConfigA                                                          77E06E69 5 Bytes  JMP 002C0804
.text          C:\WINDOWS\system32\RUNDLL32.EXE[1924] ADVAPI32.dll!ChangeServiceConfigW                                                          77E07001 5 Bytes  JMP 002C0A08
.text          C:\WINDOWS\system32\RUNDLL32.EXE[1924] ADVAPI32.dll!ChangeServiceConfig2A                                                          77E07101 5 Bytes  JMP 002C0C0C
.text          C:\WINDOWS\system32\RUNDLL32.EXE[1924] ADVAPI32.dll!ChangeServiceConfig2W                                                          77E07189 5 Bytes  JMP 002C0E10
.text          C:\WINDOWS\system32\RUNDLL32.EXE[1924] ADVAPI32.dll!CreateServiceA                                                                77E07211 5 Bytes  JMP 002C01F8
.text          C:\WINDOWS\system32\RUNDLL32.EXE[1924] ADVAPI32.dll!CreateServiceW                                                                77E073A9 5 Bytes  JMP 002C03FC
.text          C:\WINDOWS\system32\RUNDLL32.EXE[1924] ADVAPI32.dll!DeleteService                                                                  77E074B1 5 Bytes  JMP 002C0600
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] ntdll.dll!LdrLoadDll                                    7C92632D 5 Bytes  JMP 001501F8
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] ntdll.dll!RtlDosSearchPath_U + 186                      7C926865 1 Byte  [62]
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] ntdll.dll!LdrUnloadDll                                  7C9271CD 5 Bytes  JMP 001503FC
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] kernel32.dll!GetBinaryTypeW + 80                        7C868D8C 1 Byte  [62]
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] ADVAPI32.dll!SetServiceObjectSecurity                    77E06D81 3 Bytes  JMP 00391014
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] ADVAPI32.dll!SetServiceObjectSecurity + 4                77E06D85 1 Byte  [88]
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] ADVAPI32.dll!ChangeServiceConfigA                        77E06E69 5 Bytes  JMP 00390804
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] ADVAPI32.dll!ChangeServiceConfigW                        77E07001 5 Bytes  JMP 00390A08
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] ADVAPI32.dll!ChangeServiceConfig2A                      77E07101 5 Bytes  JMP 00390C0C
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] ADVAPI32.dll!ChangeServiceConfig2W                      77E07189 5 Bytes  JMP 00390E10
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] ADVAPI32.dll!CreateServiceA                              77E07211 5 Bytes  JMP 003901F8
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] ADVAPI32.dll!CreateServiceW                              77E073A9 5 Bytes  JMP 003903FC
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] ADVAPI32.dll!DeleteService                              77E074B1 5 Bytes  JMP 00390600
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] USER32.dll!SetWindowsHookExW                            7E37820F 5 Bytes  JMP 00E90804
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] USER32.dll!UnhookWindowsHookEx                          7E37D5F3 5 Bytes  JMP 00E90A08
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] USER32.dll!SetWindowsHookExA                            7E381211 5 Bytes  JMP 00E90600
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] USER32.dll!SetWinEventHook                              7E3817F7 5 Bytes  JMP 00E901F8
.text          C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1936] USER32.dll!UnhookWinEvent                                7E3818AC 5 Bytes  JMP 00E903FC
.text          C:\WINDOWS\system32\ctfmon.exe[1980] ntdll.dll!LdrLoadDll                                                                          7C92632D 5 Bytes  JMP 000A01F8
.text          C:\WINDOWS\system32\ctfmon.exe[1980] ntdll.dll!RtlDosSearchPath_U + 186                                                            7C926865 1 Byte  [62]
.text          C:\WINDOWS\system32\ctfmon.exe[1980] ntdll.dll!LdrUnloadDll                                                                        7C9271CD 5 Bytes  JMP 000A03FC
.text          C:\WINDOWS\system32\ctfmon.exe[1980] kernel32.dll!GetBinaryTypeW + 80                                                              7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\system32\ctfmon.exe[1980] ADVAPI32.dll!SetServiceObjectSecurity                                                        77E06D81 5 Bytes  JMP 002C1014
.text          C:\WINDOWS\system32\ctfmon.exe[1980] ADVAPI32.dll!ChangeServiceConfigA                                                            77E06E69 5 Bytes  JMP 002C0804
.text          C:\WINDOWS\system32\ctfmon.exe[1980] ADVAPI32.dll!ChangeServiceConfigW                                                            77E07001 5 Bytes  JMP 002C0A08
.text          C:\WINDOWS\system32\ctfmon.exe[1980] ADVAPI32.dll!ChangeServiceConfig2A                                                            77E07101 5 Bytes  JMP 002C0C0C
.text          C:\WINDOWS\system32\ctfmon.exe[1980] ADVAPI32.dll!ChangeServiceConfig2W                                                            77E07189 5 Bytes  JMP 002C0E10
.text          C:\WINDOWS\system32\ctfmon.exe[1980] ADVAPI32.dll!CreateServiceA                                                                  77E07211 5 Bytes  JMP 002C01F8
.text          C:\WINDOWS\system32\ctfmon.exe[1980] ADVAPI32.dll!CreateServiceW                                                                  77E073A9 5 Bytes  JMP 002C03FC
.text          C:\WINDOWS\system32\ctfmon.exe[1980] ADVAPI32.dll!DeleteService                                                                    77E074B1 5 Bytes  JMP 002C0600
.text          C:\WINDOWS\system32\ctfmon.exe[1980] USER32.dll!SetWindowsHookExW                                                                  7E37820F 5 Bytes  JMP 002D0804
.text          C:\WINDOWS\system32\ctfmon.exe[1980] USER32.dll!UnhookWindowsHookEx                                                                7E37D5F3 5 Bytes  JMP 002D0A08
.text          C:\WINDOWS\system32\ctfmon.exe[1980] USER32.dll!SetWindowsHookExA                                                                  7E381211 5 Bytes  JMP 002D0600
.text          C:\WINDOWS\system32\ctfmon.exe[1980] USER32.dll!SetWinEventHook                                                                    7E3817F7 5 Bytes  JMP 002D01F8
.text          C:\WINDOWS\system32\ctfmon.exe[1980] USER32.dll!UnhookWinEvent                                                                    7E3818AC 5 Bytes  JMP 002D03FC
.text          C:\WINDOWS\System32\svchost.exe[2136] ntdll.dll!LdrLoadDll                                                                        7C92632D 5 Bytes  JMP 000901F8
.text          C:\WINDOWS\System32\svchost.exe[2136] ntdll.dll!RtlDosSearchPath_U + 186                                                          7C926865 1 Byte  [62]
.text          C:\WINDOWS\System32\svchost.exe[2136] ntdll.dll!LdrUnloadDll                                                                      7C9271CD 5 Bytes  JMP 000903FC
.text          C:\WINDOWS\System32\svchost.exe[2136] kernel32.dll!GetBinaryTypeW + 80                                                            7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\System32\svchost.exe[2136] ADVAPI32.dll!SetServiceObjectSecurity                                                        77E06D81 5 Bytes  JMP 002B1014
.text          C:\WINDOWS\System32\svchost.exe[2136] ADVAPI32.dll!ChangeServiceConfigA                                                            77E06E69 5 Bytes  JMP 002B0804
.text          C:\WINDOWS\System32\svchost.exe[2136] ADVAPI32.dll!ChangeServiceConfigW                                                            77E07001 5 Bytes  JMP 002B0A08
.text          C:\WINDOWS\System32\svchost.exe[2136] ADVAPI32.dll!ChangeServiceConfig2A                                                          77E07101 5 Bytes  JMP 002B0C0C
.text          C:\WINDOWS\System32\svchost.exe[2136] ADVAPI32.dll!ChangeServiceConfig2W                                                          77E07189 5 Bytes  JMP 002B0E10
.text          C:\WINDOWS\System32\svchost.exe[2136] ADVAPI32.dll!CreateServiceA                                                                  77E07211 5 Bytes  JMP 002B01F8
.text          C:\WINDOWS\System32\svchost.exe[2136] ADVAPI32.dll!CreateServiceW                                                                  77E073A9 5 Bytes  JMP 002B03FC
.text          C:\WINDOWS\System32\svchost.exe[2136] ADVAPI32.dll!DeleteService                                                                  77E074B1 5 Bytes  JMP 002B0600
.text          C:\WINDOWS\System32\svchost.exe[2136] USER32.dll!SetWindowsHookExW                                                                7E37820F 5 Bytes  JMP 002C0804
.text          C:\WINDOWS\System32\svchost.exe[2136] USER32.dll!UnhookWindowsHookEx                                                              7E37D5F3 5 Bytes  JMP 002C0A08
.text          C:\WINDOWS\System32\svchost.exe[2136] USER32.dll!SetWindowsHookExA                                                                7E381211 5 Bytes  JMP 002C0600
.text          C:\WINDOWS\System32\svchost.exe[2136] USER32.dll!SetWinEventHook                                                                  7E3817F7 5 Bytes  JMP 002C01F8
.text          C:\WINDOWS\System32\svchost.exe[2136] USER32.dll!UnhookWinEvent                                                                    7E3818AC 5 Bytes  JMP 002C03FC
.text          C:\WINDOWS\System32\alg.exe[2632] ntdll.dll!LdrLoadDll                                                                            7C92632D 5 Bytes  JMP 000901F8
.text          C:\WINDOWS\System32\alg.exe[2632] ntdll.dll!RtlDosSearchPath_U + 186                                                              7C926865 1 Byte  [62]
.text          C:\WINDOWS\System32\alg.exe[2632] ntdll.dll!LdrUnloadDll                                                                          7C9271CD 5 Bytes  JMP 000903FC
.text          C:\WINDOWS\System32\alg.exe[2632] kernel32.dll!GetBinaryTypeW + 80                                                                7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\System32\alg.exe[2632] USER32.dll!SetWindowsHookExW                                                                    7E37820F 5 Bytes  JMP 002B0804
.text          C:\WINDOWS\System32\alg.exe[2632] USER32.dll!UnhookWindowsHookEx                                                                  7E37D5F3 5 Bytes  JMP 002B0A08
.text          C:\WINDOWS\System32\alg.exe[2632] USER32.dll!SetWindowsHookExA                                                                    7E381211 5 Bytes  JMP 002B0600
.text          C:\WINDOWS\System32\alg.exe[2632] USER32.dll!SetWinEventHook                                                                      7E3817F7 5 Bytes  JMP 002B01F8
.text          C:\WINDOWS\System32\alg.exe[2632] USER32.dll!UnhookWinEvent                                                                        7E3818AC 5 Bytes  JMP 002B03FC
.text          C:\WINDOWS\System32\alg.exe[2632] ADVAPI32.dll!SetServiceObjectSecurity                                                            77E06D81 5 Bytes  JMP 002C1014
.text          C:\WINDOWS\System32\alg.exe[2632] ADVAPI32.dll!ChangeServiceConfigA                                                                77E06E69 5 Bytes  JMP 002C0804
.text          C:\WINDOWS\System32\alg.exe[2632] ADVAPI32.dll!ChangeServiceConfigW                                                                77E07001 5 Bytes  JMP 002C0A08
.text          C:\WINDOWS\System32\alg.exe[2632] ADVAPI32.dll!ChangeServiceConfig2A                                                              77E07101 5 Bytes  JMP 002C0C0C
.text          C:\WINDOWS\System32\alg.exe[2632] ADVAPI32.dll!ChangeServiceConfig2W                                                              77E07189 5 Bytes  JMP 002C0E10
.text          C:\WINDOWS\System32\alg.exe[2632] ADVAPI32.dll!CreateServiceA                                                                      77E07211 5 Bytes  JMP 002C01F8
.text          C:\WINDOWS\System32\alg.exe[2632] ADVAPI32.dll!CreateServiceW                                                                      77E073A9 5 Bytes  JMP 002C03FC
.text          C:\WINDOWS\System32\alg.exe[2632] ADVAPI32.dll!DeleteService                                                                      77E074B1 5 Bytes  JMP 002C0600
.text          C:\Dokumente und Einstellungen\olli\Desktop\Virenprogramme\58f50cnb.exe[3004] ntdll.dll!RtlDosSearchPath_U + 186                  7C926865 1 Byte  [62]
.text          C:\Dokumente und Einstellungen\olli\Desktop\Virenprogramme\58f50cnb.exe[3004] kernel32.dll!GetBinaryTypeW + 80                    7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\system32\wuauclt.exe[3116] ntdll.dll!LdrLoadDll                                                                        7C92632D 5 Bytes  JMP 000A01F8
.text          C:\WINDOWS\system32\wuauclt.exe[3116] ntdll.dll!RtlDosSearchPath_U + 186                                                          7C926865 1 Byte  [62]
.text          C:\WINDOWS\system32\wuauclt.exe[3116] ntdll.dll!LdrUnloadDll                                                                      7C9271CD 5 Bytes  JMP 000A03FC
.text          C:\WINDOWS\system32\wuauclt.exe[3116] kernel32.dll!GetBinaryTypeW + 80                                                            7C868D8C 1 Byte  [62]
.text          C:\WINDOWS\system32\wuauclt.exe[3116] ADVAPI32.dll!SetServiceObjectSecurity                                                        77E06D81 5 Bytes  JMP 002C1014
.text          C:\WINDOWS\system32\wuauclt.exe[3116] ADVAPI32.dll!ChangeServiceConfigA                                                            77E06E69 5 Bytes  JMP 002C0804
.text          C:\WINDOWS\system32\wuauclt.exe[3116] ADVAPI32.dll!ChangeServiceConfigW                                                            77E07001 5 Bytes  JMP 002C0A08
.text          C:\WINDOWS\system32\wuauclt.exe[3116] ADVAPI32.dll!ChangeServiceConfig2A                                                          77E07101 5 Bytes  JMP 002C0C0C
.text          C:\WINDOWS\system32\wuauclt.exe[3116] ADVAPI32.dll!ChangeServiceConfig2W                                                          77E07189 5 Bytes  JMP 002C0E10
.text          C:\WINDOWS\system32\wuauclt.exe[3116] ADVAPI32.dll!CreateServiceA                                                                  77E07211 5 Bytes  JMP 002C01F8
.text          C:\WINDOWS\system32\wuauclt.exe[3116] ADVAPI32.dll!CreateServiceW                                                                  77E073A9 5 Bytes  JMP 002C03FC
.text          C:\WINDOWS\system32\wuauclt.exe[3116] ADVAPI32.dll!DeleteService                                                                  77E074B1 5 Bytes  JMP 002C0600
.text          C:\WINDOWS\system32\wuauclt.exe[3116] USER32.dll!SetWindowsHookExW                                                                7E37820F 5 Bytes  JMP 002D0804
.text          C:\WINDOWS\system32\wuauclt.exe[3116] USER32.dll!UnhookWindowsHookEx                                                              7E37D5F3 5 Bytes  JMP 002D0A08
.text          C:\WINDOWS\system32\wuauclt.exe[3116] USER32.dll!SetWindowsHookExA                                                                7E381211 5 Bytes  JMP 002D0600
.text          C:\WINDOWS\system32\wuauclt.exe[3116] USER32.dll!SetWinEventHook                                                                  7E3817F7 5 Bytes  JMP 002D01F8
.text          C:\WINDOWS\system32\wuauclt.exe[3116] USER32.dll!UnhookWinEvent                                                                    7E3818AC 5 Bytes  JMP 002D03FC
.text          C:\WINDOWS\system32\wscntfy.exe[3248] ntdll.dll!RtlDosSearchPath_U + 186                                                          7C926865 1 Byte  [62]
.text          C:\WINDOWS\system32\wscntfy.exe[3248] kernel32.dll!GetBinaryTypeW + 80                                                            7C868D8C 1 Byte  [62]
.text          C:\Programme\Alwil Software\Avast5\AvastUI.exe[3648] ntdll.dll!RtlDosSearchPath_U + 186                                            7C926865 1 Byte  [62]
.text          C:\Programme\Alwil Software\Avast5\AvastUI.exe[3648] kernel32.dll!GetBinaryTypeW + 80                                              7C868D8C 1 Byte  [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\WINDOWS\system32\services.exe[664] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]                      005F0002
IAT            C:\WINDOWS\system32\services.exe[664] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]                            005F0000
IAT            C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1396] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]              [64C8F6A0] C:\Programme\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT            C:\Programme\Alwil Software\Avast5\AvastUI.exe[3648] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                [64C8F6A0] C:\Programme\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                            aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                            sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                            aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                          aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                          aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                          aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                        aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
--- --- ---

Osam
Code:
OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:34:40 on 31.05.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Cmcpls" - "C-Media Corporation" - C:\WINDOWS\System\cmicnfg.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Add Performance Filter Driver" (sisperf) - "Silicon Integrated Systems Corp." - C:\WINDOWS\System32\drivers\sisperf.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"autorun" (autorun) - ? - c:\huadio.tmp  (File not found)
"avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"awadiaoc" (awadiaoc) - ? - C:\DOKUME~1\olli\LOKALE~1\Temp\awadiaoc.sys  (Hidden registry entry, rootkit activity | File not found)
"C-Media WDM Audio Interface" (cmuda) - "C-Media Inc" - C:\WINDOWS\System32\drivers\cmuda.sys
"catchme" (catchme) - ? - C:\DOKUME~1\olli\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Garmin USB Driver" (grmnusb) - "GARMIN Corp." - C:\WINDOWS\System32\drivers\grmnusb.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
"MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"SetupNT" (SetupNT) - ? - C:\WINDOWS\system32\SetupNT.sys  (File found, but it contains no detailed information)
"sisidex" (sisidex) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\drivers\sisidex.sys
"upperdev" (upperdev) - ? - C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys  (File not found)
"UsbserFilt" (UsbserFilt) - ? - C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Dokumente und Einstellungen\olli\Eigene Dateien\7-Zip\7-zip.dll
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\ashShell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{ABE00001-0123-ABED-1248-0248ADFA1909} "Zoom Player ShellExt" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
DirectAnimation Java Classes "DirectAnimation Java Classes" - ? -   (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\dajava.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "get_atlcom Class" - "NOS Microsystems Ltd." - C:\WINDOWS\Downloaded Program Files\gp.ocx / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
{83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader6.ocx / https://shop.aldisued-fotos-druck.de/shop/aurigma/ImageUploader6.cab
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? -   (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll
{0FB6A909-6086-458F-BD92-1F8EE10042A0} "Complitly" - "SimplyGen" - C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly\Complitly.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\olli\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Easy-PrintToolBox" - "CANON INC." - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"Microsoft Works Update Detection" - "Microsoft® Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
"NeroCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\\NeroCheck.exe
"SiSUSBRG" - "Silicon Integrated Systems Corp." - C:\WINDOWS\SiSUSBrg.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Redmon" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Application Updater" (Application Updater) - ? - "C:\Programme\Application Updater\ApplicationUpdater.exe"  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
"DefaultTabUpdate" (DefaultTabUpdate) - "TODO: <Company name>" - C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-31 21:36:02
-----------------------------
21:36:02.390    OS Version: Windows 5.1.2600 Service Pack 3
21:36:02.390    Number of processors: 1 586 0x209
21:36:02.390    ComputerName: ZWOCKEL-YJLBCL5  UserName: olli
21:36:03.046    Initialize success
21:36:06.593    AVAST engine defs: 12053100
21:36:45.046    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:36:45.062    Disk 0 Vendor: WDC_WD800BB-00DKA0 77.07W77 Size: 76318MB BusType: 3
21:36:45.078    Disk 0 MBR read successfully
21:36:45.078    Disk 0 MBR scan
21:36:45.078    Disk 0 Windows XP default MBR code
21:36:45.093    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        15005 MB offset 63
21:36:45.093    Disk 0 Partition - 00    0F Extended LBA            61310 MB offset 30732345
21:36:45.109    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        61310 MB offset 30732408
21:36:45.125    Disk 0 scanning sectors +156296385
21:36:45.234    Disk 0 scanning C:\WINDOWS\system32\drivers
21:37:04.359    Service scanning
21:37:33.453    Service WinDefend C:\WINDOWS\"C:\Programme\Reserve Speicher\MMsMpEng.exe" **LOCKED** 123
21:37:36.140    Modules scanning
21:37:53.390    Disk 0 trace - called modules:
21:37:53.421    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys siside.sys
21:37:53.437    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bb6ab8]
21:37:53.437    3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000061[0x89b66f18]
21:37:53.453    5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89b64d98]
21:37:53.812    AVAST engine scan C:\WINDOWS
21:38:10.171    AVAST engine scan C:\WINDOWS\system32
21:43:24.296    AVAST engine scan C:\WINDOWS\system32\drivers
21:43:44.468    AVAST engine scan C:\Dokumente und Einstellungen\olli
21:47:01.906    AVAST engine scan C:\Dokumente und Einstellungen\All Users
21:48:05.796    Scan finished successfully
21:55:37.312    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\olli\Desktop\Virenprogramme\MBR.dat"
21:55:37.328    The log file has been saved successfully to "C:\Dokumente und Einstellungen\olli\Desktop\Virenprogramme\aswMBR31052012.txt"
Gruss Olli

cosinus 01.06.2012 10:53
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

olli74 04.06.2012 21:29
Hallo Cosinus,
anbei die beiden Logs:

Es werden zig IE Fenster geöffnet un dBabylon Search ershceint dann hängt der Rechner sich auf. UNd MBAM hat 3 Dateien gefunden.
Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.04.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
olli :: ZWOCKEL-YJLBCL5 [Administrator]

04.06.2012 17:40:11
mbam-log-2012-06-04 (17-40-11).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 291649
Laufzeit: 2 Stunde(n), 25 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\Interface\{77777777-7777-7777-7777-770077227758} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
D:\System Volume Information\_restore{86641B74-F049-4A5D-A9ED-91D98EE23145}\RP380\A0141543.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.

(Ende)
SASW
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/04/2012 at 10:18 PM

Application Version : 5.0.1150

Core Rules Database Version : 8679
Trace Rules Database Version: 6491

Scan type      : Complete Scan
Total Scan Time : 00:57:39

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 428
Memory threats detected  : 0
Registry items scanned    : 34726
Registry threats detected : 0
File items scanned        : 3748
File threats detected    : 15

Adware.Tracking Cookie
        C:\Dokumente und Einstellungen\olli\Cookies\XD9FG6GC.txt [ /doubleclick.net ]
        C:\Dokumente und Einstellungen\olli\Cookies\B9SWZVGN.txt [ /serving-sys.com ]
        C:\Dokumente und Einstellungen\olli\Cookies\3OL9F7HM.txt [ /xiti.com ]
        C:\Dokumente und Einstellungen\olli\Cookies\J6DWU4YO.txt [ /revsci.net ]
        C:\Dokumente und Einstellungen\olli\Cookies\PE0U4PSL.txt [ /mediaplex.com ]
        C:\Dokumente und Einstellungen\olli\Cookies\L5PPF2N1.txt [ /www.googleadservices.com ]
        C:\Dokumente und Einstellungen\olli\Cookies\GFKBHQTN.txt [ /adx.chip.de ]
        C:\Dokumente und Einstellungen\olli\Cookies\PEGITMWJ.txt [ /webmasterplan.com ]
        C:\Dokumente und Einstellungen\olli\Cookies\0ME1MCA4.txt [ /www.googleadservices.com ]
        C:\Dokumente und Einstellungen\olli\Cookies\L8DMGPID.txt [ /zanox-affiliate.de ]
        C:\Dokumente und Einstellungen\olli\Cookies\8NMC23ZQ.txt [ /apmebf.com ]
        C:\Dokumente und Einstellungen\olli\Cookies\C152C7ZN.txt [ /www.googleadservices.com ]
        C:\Dokumente und Einstellungen\olli\Cookies\J2ZTBBNW.txt [ /www.zanox-affiliate.de ]
        C:\Dokumente und Einstellungen\olli\Cookies\HN5BLFF7.txt [ /tracking.quisma.com ]
        C:\Dokumente und Einstellungen\olli\Cookies\CI4YKDEG.txt [ /atdmt.com ]
SASW habe ich vorher abgebrochen D nicht ganz fertig gescannt hat sich dann aufgehängt.

hier noch die aktuell laufenden Prozesse
Code:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 22:28:09, on 04.06.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASCORE.EXE
C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SUPERAntiSpyware.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly\Complitly.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247694087031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247694076281
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - hxxp://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - https://shop.aldisued-fotos-druck.de/shop/aurigma/ImageUploader6.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASCORE.EXE
O23 - Service: Application Updater - Unknown owner - C:\Programme\Application Updater\ApplicationUpdater.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DefaultTabUpdate - TODO: <Company name> - C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7428 bytes
Gruss Oliver

cosinus 04.06.2012 21:37
Sieht ok aus, da wurden nur Cookies gefunden. Und ein Adware-Überreste war dabei, harmlos.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

olli74 11.06.2012 14:09
Hallo Cosinus,

Sorry war ein paar Tage ausser Gefecht.

Derzeit habe ich folgende Situation: Rechner fährt sehr lange hoch, vor dem ganzen tratra ca. 30 Sec. Mittlerweile fast 5 Minuten bis Windows erscheint.

Vielleicht kannst Du mir auch noch helfen dieses Babylon search zu entfernen.

Als wir das erste mal Combofix durchgeführt hatten wurde die Kiste verdammt schnell wie schon lange nicht mehr. Ein zwei Tage später war die Kiste schon wieder langsam.

Kannst Du mir noch sagen wo ich da Prozesse finden kann die das beeinflussen?

Sobald ich irgendeine Anwendung starte oder T online öffne kackt das Ding ab.

Emails abfragen dauert bis die Software bereit ist dabei ca. 3 Min und ständig kommt die meldung Software überlastet.

Gruss Oliver

cosinus 11.06.2012 15:08
Ich dachte diesen Babylonmüll haben wir längst entfernt :balla:

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

olli74 12.06.2012 05:55
Guten Morgen Cosinus,
#
anbei das Log von heute Morgen.

Code:
OTL logfile created on: 12.06.2012 06:25:42 - Run 2
OTL by OldTimer - Version 3.2.42.3    Folder = C:\Dokumente und Einstellungen\olli\Desktop\Virenprogramme
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 77,90% Memory free
3,85 Gb Paging File | 3,43 Gb Available in Paging File | 89,13% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14,65 Gb Total Space | 0,60 Gb Free Space | 4,08% Space Free | Partition Type: NTFS
Drive D: | 59,87 Gb Total Space | 20,47 Gb Free Space | 34,18% Space Free | Partition Type: NTFS
 
Computer Name: ZWOCKEL-YJLBCL5 | User Name: olli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.17 20:08:30 | 003,906,944 | ---- | M] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SUPERAntiSpyware.exe
PRC - [2012.05.12 14:48:26 | 000,114,240 | ---- | M] (TODO: <Company name>) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012.05.07 21:17:26 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\olli\Desktop\Virenprogramme\OTL.exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASCore.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
PRC - [2003.06.17 18:14:40 | 000,050,688 | ---- | M] (Microsoft® Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.12 06:16:47 | 000,052,736 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.06.12 06:16:46 | 000,065,024 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.06.11 22:14:37 | 001,767,424 | ---- | M] () -- C:\Programme\Alwil Software\Avast5\defs\12061101\algo.dll
MOD - [2012.06.04 21:14:16 | 000,117,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.06.04 21:14:15 | 000,052,224 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2007.08.21 14:32:44 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.05.12 14:48:26 | 000,114,240 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASCore.exe -- (!SASCORE)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.09.23 17:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Adapter | Disabled | Unknown] -- C:\Programme\Reserve Speicher\MMsMpEng.exe -- (WinDefend)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\olli\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\huadio.tmp -- (autorun)
DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.03.07 02:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.03.07 02:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.03.07 01:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.10.09 14:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2002.08.20 11:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002.07.30 10:46:28 | 000,005,760 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\siside.sys -- (SiSide)
DRV - [2002.07.10 17:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002.05.28 10:21:10 | 000,048,896 | R--- | M] (Windows (R) 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2001.08.17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 13:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [2000.10.25 14:27:24 | 000,003,000 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\SetupNT.sys -- (SetupNT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE337
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: D:\Programme\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
 
[2009.12.29 11:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2012.05.29 21:30:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKCU..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247694087031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247694076281 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} https://shop.aldisued-fotos-druck.de/shop/aurigma/ImageUploader6.cab (Image Uploader Control)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{602BF78B-AA1B-4875-A282-18BD73AC73DF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASWINLO.DLL) - C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\olli\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\olli\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: !SASCORE - C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: !SASCORE - C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.12 06:17:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Desktop\Virenprogramme
[2012.06.11 22:50:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Desktop\Aufnahmen Chorfest
[2012.06.04 21:12:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\SUPERAntiSpyware.com
[2012.06.04 21:11:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2012.06.04 21:11:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner
[2012.06.04 15:29:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.05.29 21:34:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.05.29 21:16:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.05.29 21:14:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.05.29 21:14:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.05.29 21:14:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.05.29 21:14:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.05.29 21:13:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.05.29 21:13:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.05.29 21:11:21 | 004,532,250 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\olli\Desktop\ComboFix.exe
[2012.05.26 07:16:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.23 21:37:41 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.05.23 19:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012.05.22 13:19:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012.05.21 22:00:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.05.21 22:00:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\7-Zip
[2012.05.21 22:00:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\Neuer Ordner
[2012.05.20 13:56:23 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\olli\Startmenü\Programme\Verwaltung
[2012.05.14 21:07:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.05.14 21:07:01 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.05.14 21:07:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.07 23:18:58 | 017,010,016 | ---- | C] (Microsoft Corporation) -- C:\Programme\IE8-WindowsXP-x86-DEU.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.12 06:15:13 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.12 06:14:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.11 22:55:07 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.11 22:12:41 | 000,038,010 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\wklnhst.dat
[2012.06.11 22:05:15 | 000,002,495 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Desktop\Microsoft Word.lnk
[2012.06.10 16:43:50 | 000,013,738 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.07 19:13:16 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.06.07 19:10:05 | 000,000,400 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012.05.30 21:17:42 | 004,532,250 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\olli\Desktop\ComboFix.exe
[2012.05.29 21:30:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.05.29 21:17:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.05.26 07:31:52 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.05.23 21:33:01 | 000,448,824 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.05.23 21:33:01 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.23 21:33:01 | 000,080,520 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.05.23 21:33:01 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.21 22:34:59 | 000,006,868 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\Gmer 21052012.zip
[2012.05.21 22:27:52 | 000,000,394 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\defogger_disable.zip
[2012.05.21 22:05:14 | 001,511,478 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\Eigene Dateien.zip
[2012.05.16 14:48:39 | 001,807,853 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Desktop\April-Mai 2012 135.jpg
 
========== Files Created - No Company Name ==========
 
[2012.05.29 21:17:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.05.29 21:17:01 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.05.29 21:14:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.05.29 21:14:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.05.29 21:14:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.05.29 21:14:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.05.29 21:14:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.05.22 13:45:28 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.22 13:45:27 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.21 22:34:59 | 000,006,868 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\Gmer 21052012.zip
[2012.05.21 22:27:52 | 000,000,394 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\defogger_disable.zip
[2012.05.21 22:05:06 | 001,511,478 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\Eigene Dateien.zip
[2012.05.18 13:05:55 | 001,807,853 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Desktop\April-Mai 2012 135.jpg
[2012.05.04 06:52:27 | 000,150,728 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.05.01 14:23:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.03.07 22:14:08 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011.12.13 22:35:29 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
 
========== LOP Check ==========
 
[2010.07.10 16:14:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2009.07.18 20:35:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010.10.01 14:37:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010.10.01 17:21:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010.10.01 14:24:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaMusic
[2010.11.11 16:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.01.01 13:31:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Smart Soft
[2009.07.15 23:28:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2010.10.24 14:30:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2012.03.07 22:13:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Babylon
[2011.11.27 14:44:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Canon
[2009.07.23 14:27:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\CD-LabelPrint
[2012.03.07 22:16:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly
[2012.05.12 14:48:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab
[2012.01.22 17:14:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVDVideoSoft
[2012.01.22 17:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.12.15 01:02:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\EAC
[2011.03.03 07:49:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Nokia
[2010.10.01 13:33:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\PC Suite
[2010.01.01 13:31:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Smart PDF Converter
[2009.07.15 23:28:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\T-Online
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*.  >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s  >
 
< %APPDATA%\*.  >
[2011.12.15 01:01:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\AccurateRip
[2012.05.22 13:47:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Adobe
[2012.03.07 22:13:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Babylon
[2011.11.27 14:44:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Canon
[2012.05.04 06:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\CANON INC
[2009.07.23 14:27:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\CD-LabelPrint
[2012.03.07 22:16:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly
[2012.05.12 14:48:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab
[2012.01.22 17:14:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVDVideoSoft
[2012.01.22 17:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.12.15 01:02:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\EAC
[2009.07.24 21:29:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Google
[2009.12.29 10:39:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Help
[2009.07.15 23:15:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Identities
[2009.08.03 08:10:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Macromedia
[2012.05.07 21:45:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Malwarebytes
[2011.06.27 06:58:35 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft
[2011.03.03 07:49:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Nokia
[2010.10.01 13:33:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\PC Suite
[2010.01.01 13:31:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Smart PDF Converter
[2012.06.04 21:12:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\SUPERAntiSpyware.com
[2009.07.15 23:28:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\T-Online
[2011.11.27 14:45:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\ZoomBrowser EX
 
< %APPDATA%\*.exe /s  >
[2012.02.21 05:27:46 | 000,091,128 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly\KeepMeUpdated.exe
[2012.02.21 05:27:46 | 000,091,128 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly\64\KeepMeUpdated.exe
[2012.05.12 14:48:43 | 000,120,976 | ---- | M] (Search Results LLC.) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabStart.exe
[2012.05.12 14:48:26 | 000,114,240 | ---- | M] (TODO: <Company name>) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe
[2012.05.12 14:48:25 | 000,165,952 | ---- | M] (Search Results, LLC) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\uninstalldt.exe
[2010.02.02 07:33:12 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
 
< %SYSTEMDRIVE%\*.exe  >
 
< MD5 for: AGP440.SYS  >
[2009.07.16 22:06:33 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.07.17 18:37:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.07.16 22:06:33 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009.07.17 18:37:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 14:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2009.07.16 22:06:33 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.07.17 18:37:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.07.16 22:06:33 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009.07.17 18:37:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002.08.29 14:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 09:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 09:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 09:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 09:57:36 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 09:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 09:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2002.08.29 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2002.08.29 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles  >
 
< %systemroot%\System32\config\*.sav  >
[2009.07.16 00:55:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.07.16 00:55:48 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.07.16 00:55:48 | 000,393,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s  >
 
< %systemroot%\system32\*.dll /lockedfiles  >

< End of report >
Ich hoffe da kannst Du was sehen.

Gruss Oliver

cosinus 12.06.2012 13:32
Zitat:
Scan Mode: Current user
Du hast den Haken bei alle Benutzer vergessen :(

olli74 13.06.2012 16:47
Anbei der neue Scan:

OTL Logfile:
Code:
OTL logfile created on: 12.06.2012 18:00:50 - Run 3
OTL by OldTimer - Version 3.2.42.3    Folder = C:\Dokumente und Einstellungen\olli\Desktop\Virenprogramme
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 83,10% Memory free
2,60 Gb Paging File | 2,43 Gb Available in Paging File | 93,28% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14,65 Gb Total Space | 1,81 Gb Free Space | 12,34% Space Free | Partition Type: NTFS
Drive D: | 59,87 Gb Total Space | 16,12 Gb Free Space | 26,92% Space Free | Partition Type: NTFS
 
Computer Name: ZWOCKEL-YJLBCL5 | User Name: olli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.12 14:48:26 | 000,114,240 | ---- | M] (TODO: <Company name>) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012.05.07 21:17:26 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\olli\Desktop\Virenprogramme\OTL.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASCore.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.11 11:49:06 | 000,421,888 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MInfraIS.exe
PRC - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
PRC - [2003.06.17 18:14:40 | 000,050,688 | ---- | M] (Microsoft® Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.12 08:07:52 | 001,767,424 | ---- | M] () -- C:\Programme\Alwil Software\Avast5\defs\12061200\algo.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2009.02.27 12:56:34 | 000,016,768 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2007.08.21 14:32:44 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.05.12 14:48:26 | 000,114,240 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASCore.exe -- (!SASCORE)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.09.23 17:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Adapter | Disabled | Unknown] -- C:\Programme\Reserve Speicher\MMsMpEng.exe -- (WinDefend)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\olli\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\huadio.tmp -- (autorun)
DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.03.07 02:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.03.07 02:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.03.07 01:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.10.09 14:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2002.08.20 11:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002.07.30 10:46:28 | 000,005,760 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\siside.sys -- (SiSide)
DRV - [2002.07.10 17:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002.05.28 10:21:10 | 000,048,896 | R--- | M] (Windows (R) 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2001.08.17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 13:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [2000.10.25 14:27:24 | 000,003,000 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\SetupNT.sys -- (SetupNT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-823518204-2052111302-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-823518204-2052111302-725345543-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-823518204-2052111302-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-823518204-2052111302-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE337
IE - HKU\S-1-5-21-823518204-2052111302-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: D:\Programme\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
 
[2009.12.29 11:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2012.05.29 21:30:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKU\S-1-5-21-823518204-2052111302-725345543-1004..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-2052111302-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-2052111302-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-823518204-2052111302-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-823518204-2052111302-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247694087031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247694076281 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} https://shop.aldisued-fotos-druck.de/shop/aurigma/ImageUploader6.cab (Image Uploader Control)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{602BF78B-AA1B-4875-A282-18BD73AC73DF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASWINLO.DLL) - C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\olli\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\olli\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: !SASCORE - C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: !SASCORE - C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.12 06:17:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Desktop\Virenprogramme
[2012.06.11 22:50:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Desktop\Aufnahmen Chorfest
[2012.06.04 21:12:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\SUPERAntiSpyware.com
[2012.06.04 21:11:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2012.06.04 21:11:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Desktop\Neuer Ordner
[2012.06.04 15:29:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.05.29 21:34:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.05.29 21:16:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.05.29 21:14:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.05.29 21:14:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.05.29 21:14:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.05.29 21:14:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.05.29 21:13:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.05.29 21:13:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.05.29 21:11:21 | 004,532,250 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\olli\Desktop\ComboFix.exe
[2012.05.26 07:16:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.23 21:37:41 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.05.23 19:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012.05.22 13:19:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012.05.21 22:00:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.05.21 22:00:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\7-Zip
[2012.05.21 22:00:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\Neuer Ordner
[2012.05.20 13:56:23 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\olli\Startmenü\Programme\Verwaltung
[2012.05.14 21:07:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.05.14 21:07:01 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.05.14 21:07:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.07 23:18:58 | 017,010,016 | ---- | C] (Microsoft Corporation) -- C:\Programme\IE8-WindowsXP-x86-DEU.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.12 17:55:04 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.12 17:54:42 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.12 17:54:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.12 14:49:48 | 003,655,828 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Desktop\Hairspray+Script.pdf
[2012.06.12 13:20:25 | 000,038,114 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\wklnhst.dat
[2012.06.11 22:05:15 | 000,002,495 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Desktop\Microsoft Word.lnk
[2012.06.10 16:43:50 | 000,013,738 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.07 19:13:16 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.06.07 19:10:05 | 000,000,400 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012.05.30 21:17:42 | 004,532,250 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\olli\Desktop\ComboFix.exe
[2012.05.29 21:30:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.05.29 21:17:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.05.26 07:31:52 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.05.23 21:33:01 | 000,448,824 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.05.23 21:33:01 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.23 21:33:01 | 000,080,520 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.05.23 21:33:01 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.21 22:34:59 | 000,006,868 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\Gmer 21052012.zip
[2012.05.21 22:27:52 | 000,000,394 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\defogger_disable.zip
[2012.05.21 22:05:14 | 001,511,478 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\Eigene Dateien.zip
[2012.05.16 14:48:39 | 001,807,853 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Desktop\April-Mai 2012 135.jpg
 
========== Files Created - No Company Name ==========
 
[2012.06.12 14:49:48 | 003,655,828 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Desktop\Hairspray+Script.pdf
[2012.05.29 21:17:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.05.29 21:17:01 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.05.29 21:14:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.05.29 21:14:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.05.29 21:14:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.05.29 21:14:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.05.29 21:14:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.05.22 13:45:28 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.22 13:45:27 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.21 22:34:59 | 000,006,868 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\Gmer 21052012.zip
[2012.05.21 22:27:52 | 000,000,394 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\defogger_disable.zip
[2012.05.21 22:05:06 | 001,511,478 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Eigene Dateien\Eigene Dateien.zip
[2012.05.18 13:05:55 | 001,807,853 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Desktop\April-Mai 2012 135.jpg
[2012.05.04 06:52:27 | 000,150,728 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.05.01 14:23:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.03.07 22:14:08 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011.12.13 22:35:29 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
 
========== LOP Check ==========
 
[2010.07.10 16:14:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2009.07.18 20:35:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010.10.01 14:37:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010.10.01 17:21:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010.10.01 14:24:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaMusic
[2010.11.11 16:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.01.01 13:31:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Smart Soft
[2009.07.15 23:28:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2010.10.24 14:30:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2012.03.07 22:13:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Babylon
[2011.11.27 14:44:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Canon
[2009.07.23 14:27:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\CD-LabelPrint
[2012.03.07 22:16:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly
[2012.05.12 14:48:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab
[2012.01.22 17:14:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVDVideoSoft
[2012.01.22 17:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.12.15 01:02:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\EAC
[2011.03.03 07:49:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Nokia
[2010.10.01 13:33:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\PC Suite
[2010.01.01 13:31:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Smart PDF Converter
[2009.07.15 23:28:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\T-Online
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*.  >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s  >
 
< %APPDATA%\*.  >
[2011.12.15 01:01:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\AccurateRip
[2012.05.22 13:47:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Adobe
[2012.03.07 22:13:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Babylon
[2011.11.27 14:44:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Canon
[2012.05.04 06:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\CANON INC
[2009.07.23 14:27:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\CD-LabelPrint
[2012.03.07 22:16:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly
[2012.05.12 14:48:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab
[2012.01.22 17:14:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVDVideoSoft
[2012.01.22 17:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.12.15 01:02:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\EAC
[2009.07.24 21:29:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Google
[2009.12.29 10:39:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Help
[2009.07.15 23:15:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Identities
[2009.08.03 08:10:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Macromedia
[2012.05.07 21:45:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Malwarebytes
[2011.06.27 06:58:35 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft
[2011.03.03 07:49:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Nokia
[2010.10.01 13:33:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\PC Suite
[2010.01.01 13:31:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Smart PDF Converter
[2012.06.04 21:12:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\SUPERAntiSpyware.com
[2009.07.15 23:28:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\T-Online
[2011.11.27 14:45:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\ZoomBrowser EX
 
< %APPDATA%\*.exe /s  >
[2012.02.21 05:27:46 | 000,091,128 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly\KeepMeUpdated.exe
[2012.02.21 05:27:46 | 000,091,128 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Complitly\64\KeepMeUpdated.exe
[2012.05.12 14:48:43 | 000,120,976 | ---- | M] (Search Results LLC.) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabStart.exe
[2012.05.12 14:48:26 | 000,114,240 | ---- | M] (TODO: <Company name>) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe
[2012.05.12 14:48:25 | 000,165,952 | ---- | M] (Search Results, LLC) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DefaultTab\DefaultTab\uninstalldt.exe
[2010.02.02 07:33:12 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
 
< %SYSTEMDRIVE%\*.exe  >
 
< MD5 for: AGP440.SYS  >
[2009.07.16 22:06:33 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.07.17 18:37:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.07.16 22:06:33 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009.07.17 18:37:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 14:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2009.07.16 22:06:33 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.07.17 18:37:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.07.16 22:06:33 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009.07.17 18:37:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002.08.29 14:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 09:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 09:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 09:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 09:57:36 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 09:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 09:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2002.08.29 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2002.08.29 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles  >
 
< %systemroot%\System32\config\*.sav  >
[2009.07.16 00:55:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.07.16 00:55:48 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.07.16 00:55:48 | 000,393,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s  >
 
< %systemroot%\system32\*.dll /lockedfiles  >

< End of report >
--- --- ---


Gruss Olli

cosinus 13.06.2012 20:13
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-2052111302-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-2052111302-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-823518204-2052111302-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-823518204-2052111302-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
:Files
C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Babylon
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

olli74 15.06.2012 21:14
Anbei das Fix Log:

Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-823518204-2052111302-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-823518204-2052111302-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-823518204-2052111302-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-823518204-2052111302-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Babylon folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: olli
->Temp folder emptied: 11332043 bytes
->Temporary Internet Files folder emptied: 24632504 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2892 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 36396 bytes
 
Total Files Cleaned = 34,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
 
User: LocalService
 
User: NetworkService
 
User: olli
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.3 log created on 06152012_220502

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Die KIste war heute Mittag so lahm das ich nicht mal während dem brennen den IE öffnen konnte geschweige denn irgendein anderes Programm. wie kommt das?
Gruss Olli

cosinus 15.06.2012 23:14
lahm/schnell sind relative Begriffe.
Wir wären durch, die Logs sind sauber und alles ist aus meiner Sicht ok
Wenn alles trotzdem zu langsam ist, wirst du zu anderen Maßnahmen greifen müssen
Vergiss nicht, ich seh alles nur aus Logs, ich hab deine Maschine nicht selbst unter meinem Schreibtisch und kann mir daher keinen echten persönlichen Eindruck verschaffen

olli74 02.07.2012 10:49
Hallo Cosinus,

Sorry das ich mich ein Paar Tage nicht mehr gemeldet habe. Famile und neu gebaut fordert sein Tribut.

Mein Rechner ist jetzt so weit das er nach dem öffnen vom IE vollig zusammenbricht. Egal welche Seite man aufruft. Das komische ist nur das der Task Manager teilweise nur 30 % Auslastung hat.

Babylon ist immer noch vorhanden, wenn ich dann mal die Möglichkeit bekomme einen zweiten Reiter im IE zu öffnen.

Google sucht noch Ergebnisse kommen auch ( dauert aber auch schon sehr lange) Wenn ich die Ergebnisse dann aufrufen will ist ende keine Bewegung mehr bevor ich nicht im TM den IE beende.
Ich denke ich sollte das Ding plattmachen.

Oder hast Du hier noch eine Idee mir das zu ersparen?

Ich danke Dir schon einmal im Voraus für Deine Hilfe.

Gruss Oliver

cosinus 02.07.2012 13:32
Ich würde erstmal versuchen rauszufinden, ob das nur unter Windows so ist, oder auch mit anderen Betriebssystemen.

So kann man sehen ob sich da ein Hardwareproblem abzeichnet oder der Fehler eher in der Konfig in Windows und/oder im Dateisystem ist.

Lad dir mal sowas wie Knoppix oder Ubuntu herunter, brenn die iso Datei per Imagebrennfunktion auf eine CD und boote den Rechner davon.
Teste dann mal ausgiebig das System unter Linux und berichte ob es dort normal läuft.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131