Trojaner-Board - 50€ Virus blockiert wie bei anderen Nutzern mein Windows XP

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - 50€ Virus blockiert wie bei anderen Nutzern mein Windows XP (https://www.trojaner-board.de/112185-50-virus-blockiert-anderen-nutzern-windows-xp.html)

50€ Virus blockiert wie bei anderen Nutzern mein Windows XP

Mir geht es so wie einigen anderen Nutzern hier auch. Ich hab mir wohl einen Virus eingefangen der mein Windows XP sperrt. Es geht ein Fenster auf das mann nicht schließen kann und die ganzen Windows Schaltflächen sind nicht zu benutzen, oberhalb sichtbar ist eine Deutschlandflagge. Als Text steht dort das der Pc aufgrund zu vieler pornographischer inhalte etc gesperrt werden musste, da sich das System an einer kritischen Grenze befindet. Man soll für ein extra virenprogramm dannn Geld bezahlen damit das Problem behoben ist.Unterhalb sichtbar sind einige Antivirenprogramme, wie antivir mcaffe etc...

Wie muss ich vorgehen damit mein Problem behoben wird?
Vielen Dank für antworten im vorraus

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

Der abgesicherte Modus funktioniert und in diesem befinde ich mich jetzt. Ich hatte 2 Konten zur Auswahl unter denen ich mich einloggen konnte. Einmal Adminstrator und das konto Housemaus.

Ich bin jetz auf dem Konto Administrator. Der internet funktioniert.

na wenn der Modus geht wirst du erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Code:

 Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.25.02
 

Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 8.0.6001.18702

Administrator :: MAUS [Administrator]
 

25.03.2012 20:49:18

mbam-log-2012-03-25 (20-49-18).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 448996

Laufzeit: 1 Stunde(n), 14 Minute(n), 22 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Skype\SkypePM.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Temp\0.252116531958566.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Code:

 ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=dbe1378162d97f42a5051363bf01e91d

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-25 09:26:24

# local_time=2012-03-25 11:26:24 (+0100, Westeuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1797 16775130 100 93 942085 69245233 942823 0

# compatibility_mode=8192 67108863 100 0 719 719 0 0

# scanned=128570

# found=0

# cleaned=0

# scan_time=2374

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=dbe1378162d97f42a5051363bf01e91d

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-25 11:27:57

# local_time=2012-03-26 01:27:57 (+0100, Westeuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1797 16775130 100 93 945128 69248276 945866 0

# compatibility_mode=8192 67108863 100 0 3762 3762 0 0

# scanned=246641

# found=1

# cleaned=0

# scan_time=6624

E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Temp\Main.class        a variant of Java/Exploit.CVE-2011-3544.BF trojan (unable to clean)        00000000000000000000000000000000        I

Funktioniert der normale Modus wieder? Wenn ja mach in diesem Modus ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Der normale Modus funktioniert wieder, jedoch lässt sich Antivir nicht mehr starten.
Ich mache nun den Otl scan.

Code:

OTL logfile created on: 26.03.2012 21:39:08 - Run 1

OTL by OldTimer - Version 3.2.39.2     Folder = E:\Dokumente und Einstellungen\Housemaus\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,64% Memory free

3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,05% Paging File free

Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme

Drive C: | 100,00 Mb Total Space | 63,41 Mb Free Space | 63,41% Space Free | Partition Type: NTFS

Drive D: | 116,87 Gb Total Space | 54,78 Gb Free Space | 46,87% Space Free | Partition Type: NTFS

Drive E: | 69,33 Gb Total Space | 16,98 Gb Free Space | 24,50% Space Free | Partition Type: NTFS

 

Computer Name: MAUS | User Name: Housemaus | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.26 21:37:20 | 000,593,920 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Housemaus\Desktop\OTL.exe

PRC - [2012.03.16 22:21:11 | 000,924,600 | ---- | M] (Mozilla Corporation) -- E:\Programme\Mozilla Firefox\firefox.exe

PRC - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- E:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- E:\Programme\Gemeinsame Dateien\logishrd\LVMVFM\LVPrcSrv.exe

PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.03.16 22:21:10 | 001,969,080 | ---- | M] () -- E:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll

MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll

MOD - [2011.09.05 19:04:58 | 000,301,056 | ---- | M] () -- E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU

MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- E:\Programme\WinRAR\RarExt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2011.06.30 22:00:57 | 000,269,480 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- E:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.04.27 13:59:40 | 000,136,360 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- E:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- E:\Programme\Gemeinsame Dateien\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DOKUME~1\HOUSEM~1\LOKALE~1\Temp\GPU-Z.sys -- (GPU-Z)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2011.06.30 22:00:57 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.06.30 22:00:57 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- E:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010.10.07 14:11:37 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)     Intel(R)

DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2009.04.30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

DRV - [2006.12.22 11:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2006.12.22 11:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2006.12.22 11:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2006.04.17 21:29:06 | 000,569,856 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)

DRV - [2005.12.22 22:25:10 | 000,006,861 | R--- | M] (Conexant Systems, Inc) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\UIUSYS.SYS -- (UIUSys)

DRV - [2005.11.30 20:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)

DRV - [2005.06.09 06:03:30 | 001,383,104 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\cmudau.sys -- (cmudau)

DRV - [2004.05.17 16:18:26 | 000,008,573 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\TOSRFEC.SYS -- (tosrfec)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-854245398-1897051121-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-854245398-1897051121-725345543-1004\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-854245398-1897051121-725345543-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-854245398-1897051121-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-854245398-1897051121-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-854245398-1897051121-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "chrome://fastdial/content/fastdial.html"

FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:3.4

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: E:\Programme\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: E:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: E:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: E:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.21 16:29:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: E:\Programme\Mozilla Firefox\components [2012.03.16 22:21:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2012.02.13 01:31:05 | 000,000,000 | ---D | M]

 

[2011.02.21 05:02:17 | 000,000,000 | ---D | M] (No name found) -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Mozilla\Extensions

[2012.03.16 23:05:32 | 000,000,000 | ---D | M] (No name found) -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Mozilla\Firefox\Profiles\oetlmwpw.default\extensions

[2012.03.16 23:05:32 | 000,000,000 | ---D | M] (Fast Dial) -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Mozilla\Firefox\Profiles\oetlmwpw.default\extensions\fastdial@telega.phpnet.us

[2012.03.20 22:28:32 | 000,001,056 | ---- | M] () -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Mozilla\Firefox\Profiles\oetlmwpw.default\searchplugins\icqplugin.xml

[2012.02.13 01:31:11 | 000,000,000 | ---D | M] (No name found) -- E:\Programme\Mozilla Firefox\extensions

[2011.10.11 21:01:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

() (No name found) -- E:\DOKUMENTE UND EINSTELLUNGEN\HOUSEMAUS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\OETLMWPW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012.03.16 22:21:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- E:\Programme\mozilla firefox\components\browsercomps.dll

[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- E:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2010.12.07 00:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- E:\Programme\mozilla firefox\plugins\npwachk.dll

[2012.03.16 22:21:07 | 000,001,392 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.03.16 22:21:07 | 000,002,252 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.03.16 22:21:07 | 000,001,153 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.16 22:21:07 | 000,006,805 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.16 22:21:07 | 000,001,178 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.16 22:21:06 | 000,001,105 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = E:\Programme\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = E:\Programme\Google\Chrome\Application\17.0.963.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = E:\Programme\Google\Chrome\Application\17.0.963.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = E:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = E:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = E:\Programme\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Winamp Application Detector (Enabled) = E:\Programme\Mozilla Firefox\plugins\npwachk.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = E:\Programme\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = E:\Programme\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = E:\Programme\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = E:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Harmony Firefox Plugin (Enabled) = E:\Programme\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll

CHR - plugin: Silverlight Plug-In (Enabled) = E:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Veetle TV Player (Enabled) = E:\Programme\Veetle\Player\npvlc.dll

CHR - plugin: Veetle TV Core (Enabled) = E:\Programme\Veetle\plugins\npVeetle.dll

CHR - plugin: iTunes Application Detector (Enabled) = E:\Programme\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google-Suche = E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Google Mail = E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

 

O1 HOSTS File: ([2011.02.21 19:54:18 | 000,001,017 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1 im.adtech.de

O1 - Hosts: 127.0.0.1 adserver.adtech.de

O1 - Hosts: 127.0.0.1 adtech.de

O1 - Hosts: 127.0.0.1 ar.atwola.com

O1 - Hosts: 127.0.0.1 atwola.com

O1 - Hosts: 127.0.0.1 adserver.71i.de

O1 - Hosts: 127.0.0.1 adicqserver.71i.de

O1 - Hosts: 127.0.0.1 71i.de

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: [Adobe ARM] E:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BluetoothAuthenticationAgent] E:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd File not found

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] E:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)

O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] E:\WINDOWS\System32\nwiz.exe ()

O4 - HKU\S-1-5-21-854245398-1897051121-725345543-1004..\Run: [SkypePM] E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Skype\SkypePM.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-854245398-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - E:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - E:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9939520-DC2F-4964-AB9C-F00C5D61DBA4}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.02.14 22:33:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - StartUpFolder: E:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Bluetooth Monitor.lnk - E:\Programme\TOSHIBA\Bluetooth Monitor\BtMon2.exe - (TOSHIBA)

MsConfig - StartUpFolder: E:^Dokumente und Einstellungen^Housemaus^Startmenü^Programme^Autostart^Logitech . Produktregistrierung.lnk - E:\Programme\Logitech\Logitech WebCam Software\eReg.exe - (Leader Technologies/Logitech)

MsConfig - StartUpFolder: E:^Dokumente und Einstellungen^Housemaus^Startmenü^Programme^Autostart^OpenOffice.org 3.3.lnk - E:\Programme\OpenOffice.org 3\program\quickstart.exe - ()

MsConfig - StartUpReg: ICQ - hkey= - key= - E:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - E:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - E:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()

MsConfig - StartUpReg: MSMSGS - hkey= - key= - E:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)

MsConfig - StartUpReg: msnmsgr - hkey= - key= - E:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= -  File not found

MsConfig - StartUpReg: Skype - hkey= - key= - E:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)

MsConfig - StartUpReg: Steam - hkey= - key= - E:\Programme\Steam\Steam.exe (Valve Corporation)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - E:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: UploadMgr - Service

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - E:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - E:\WINDOWS\system32\Rundll32.exe E:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - E:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - E:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - E:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "E:\WINDOWS\system32\rundll32.exe" "E:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.l3acm - E:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - E:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - E:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - E:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - E:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - E:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.I420 - E:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)

Drivers32: vidc.iv31 - E:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - E:\WINDOWS\System32\ir32_32.dll ()

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.26 21:37:19 | 000,593,920 | ---- | C] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Housemaus\Desktop\OTL.exe

[2012.03.25 22:34:52 | 000,000,000 | ---D | C] -- E:\Programme\ESET

[2012.03.25 20:47:34 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.03.25 20:47:33 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys

[2012.03.25 20:47:33 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.03.25 20:47:32 | 000,000,000 | ---D | C] -- E:\Programme\Malwarebytes' Anti-Malware

[2012.03.17 19:54:17 | 000,000,000 | ---D | C] -- E:\Programme\Gameforge

[2012.03.17 19:54:17 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Gameforge

[2012.03.17 18:44:35 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\XPSViewer

[2012.03.17 18:44:30 | 000,000,000 | ---D | C] -- E:\Programme\MSBuild

[2012.03.17 18:44:28 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\en-US

[2012.03.17 18:44:21 | 000,000,000 | ---D | C] -- E:\Programme\Reference Assemblies

[2012.03.17 18:43:41 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Housemaus\Desktop\Neuer Ordner

[2012.03.16 23:22:08 | 000,000,000 | R-SD | C] -- E:\WINDOWS\assembly

[2012.03.16 23:21:32 | 000,000,000 | ---D | C] -- E:\WINDOWS\Microsoft.NET

[2012.02.29 17:57:10 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Google

[2012.02.29 17:54:59 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth

[2012.02.26 17:54:00 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google

[2012.02.26 17:49:13 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google

[2012.02.26 17:48:55 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Google

[2012.02.26 17:48:51 | 000,000,000 | ---D | C] -- E:\Programme\Google

[5 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.26 21:37:20 | 000,593,920 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Housemaus\Desktop\OTL.exe

[2012.03.26 21:33:05 | 000,201,859 | ---- | M] () -- E:\WINDOWS\System32\nvapps.xml

[2012.03.26 21:33:03 | 000,001,092 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.26 21:33:00 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat

[2012.03.26 21:29:12 | 000,001,324 | ---- | M] () -- E:\WINDOWS\System32\d3d9caps.dat

[2012.03.26 21:25:31 | 000,449,044 | ---- | M] () -- E:\WINDOWS\System32\perfh007.dat

[2012.03.26 21:25:31 | 000,432,690 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat

[2012.03.26 21:25:31 | 000,080,306 | ---- | M] () -- E:\WINDOWS\System32\perfc007.dat

[2012.03.26 21:25:31 | 000,067,646 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat

[2012.03.25 20:47:34 | 000,000,756 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.25 00:38:28 | 000,013,646 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl

[2012.03.23 02:04:00 | 000,001,096 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.17 19:54:17 | 000,001,930 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\AION Free-To-Play.lnk

[2012.03.17 18:51:33 | 000,127,704 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT

[2012.03.15 00:06:11 | 000,001,374 | ---- | M] () -- E:\WINDOWS\imsins.BAK

[2012.03.07 12:41:21 | 000,020,228 | -H-- | M] () -- E:\WINDOWS\System32\mlfcache.dat

[5 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.25 20:47:34 | 000,000,756 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.17 19:54:17 | 000,001,930 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\AION Free-To-Play.lnk

[2012.02.29 17:54:08 | 000,001,096 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.02.29 17:54:06 | 000,001,092 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.02.16 20:49:45 | 000,003,072 | ---- | C] () -- E:\WINDOWS\System32\iacenc.dll

[2011.08.14 16:48:22 | 000,020,228 | -H-- | C] () -- E:\WINDOWS\System32\mlfcache.dat

[2011.07.23 14:57:50 | 000,004,608 | ---- | C] () -- E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.05.28 23:39:01 | 000,000,056 | -H-- | C] () -- E:\WINDOWS\System32\ezsidmv.dat

[2011.02.22 01:34:29 | 000,000,586 | ---- | C] () -- E:\WINDOWS\hpomdl44.dat.temp

[2011.02.21 21:54:43 | 000,064,950 | ---- | C] () -- E:\WINDOWS\War3Unin.dat

[2011.02.21 20:07:07 | 000,241,664 | R--- | C] () -- E:\WINDOWS\System32\cmdrvrmu.exe

[2011.02.21 20:07:07 | 000,045,056 | R--- | C] () -- E:\WINDOWS\System32\cmdrvrmu.dll

[2011.02.21 20:06:44 | 000,040,960 | R--- | C] () -- E:\WINDOWS\CmiUSB2Uninstall.exe

[2011.02.21 20:06:42 | 000,004,911 | R--- | C] () -- E:\WINDOWS\Cmudau.ini

[2011.02.21 16:21:00 | 000,181,880 | ---- | C] () -- E:\WINDOWS\hpoins44.dat

[2011.02.21 16:21:00 | 000,000,586 | ---- | C] () -- E:\WINDOWS\hpomdl44.dat

[2011.02.21 05:02:12 | 000,000,000 | ---- | C] () -- E:\WINDOWS\nsreg.dat

[2011.02.21 03:34:32 | 000,001,324 | ---- | C] () -- E:\WINDOWS\System32\d3d9caps.dat

[2011.02.21 03:14:44 | 000,012,402 | R--- | C] () -- E:\WINDOWS\HWSetupStr.ini

[2011.02.21 03:14:44 | 000,002,182 | R--- | C] () -- E:\WINDOWS\SVPW32Str.ini

[2011.02.21 03:11:11 | 000,049,152 | ---- | C] () -- E:\WINDOWS\System32\TosBthSupport.dll

[2011.02.21 02:48:02 | 000,002,048 | --S- | C] () -- E:\WINDOWS\bootstat.dat

[2011.02.21 02:44:09 | 000,021,740 | ---- | C] () -- E:\WINDOWS\System32\emptyregdb.dat

[2011.02.21 02:37:39 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI

[2011.02.21 02:36:34 | 000,127,704 | ---- | C] () -- E:\WINDOWS\System32\FNTCACHE.DAT

 
 ========== LOP Check ==========

 

[2011.02.21 05:24:08 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ

[2011.08.14 16:46:08 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012.03.22 17:52:00 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\ICQ

[2011.07.15 23:38:04 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Leadertech

[2011.02.21 22:55:43 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\LolClient

[2011.02.23 21:37:40 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\OpenOffice.org

[2011.02.26 07:15:43 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\TS3Client

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.06.23 16:51:03 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Adobe

[2011.11.16 16:27:08 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Apple Computer

[2011.02.21 05:01:37 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Avira

[2012.02.29 17:57:10 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Google

[2011.06.25 20:46:59 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\HP

[2012.03.10 15:52:27 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\HPAppData

[2012.03.22 17:52:00 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\ICQ

[2011.02.21 02:51:07 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Identities

[2011.08.07 02:55:42 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\InstallShield

[2011.07.15 23:38:04 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Leadertech

[2011.08.07 02:57:22 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Logitech

[2011.02.21 22:55:43 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\LolClient

[2011.02.21 19:30:56 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Macromedia

[2012.01.20 19:27:47 | 000,000,000 | --SD | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Microsoft

[2011.02.21 05:02:17 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Mozilla

[2011.02.23 21:37:40 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\OpenOffice.org

[2012.03.17 02:22:25 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Skype

[2011.07.26 16:59:05 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\skypePM

[2011.02.22 00:08:13 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Sun

[2011.02.26 07:15:43 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\TS3Client

[2012.03.23 00:20:49 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\vlc

[2011.05.20 17:13:23 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Winamp

[2011.02.21 05:23:05 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\WinRAR

[2011.02.22 01:37:53 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Yahoo!

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys

[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\system32\drivers\agp440.sys

[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- E:\WINDOWS\$NtServicePackUninstall$\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2003.04.02 14:00:00 | 010,180,476 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys

[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2002.08.29 04:52:58 | 010,180,476 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys

[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys

[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- E:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- E:\WINDOWS\system32\eventlog.dll

[2004.08.04 01:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- E:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- E:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- E:\WINDOWS\system32\netlogon.dll

[2004.08.04 01:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- E:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- E:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- E:\WINDOWS\system32\scecli.dll

[2004.08.04 01:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- E:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2004.08.04 01:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- E:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- E:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- E:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- E:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- E:\WINDOWS\system32\userinit.exe

[2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- E:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- E:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- E:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- E:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- E:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- E:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- E:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2011.02.21 03:35:45 | 000,094,208 | ---- | M] () -- E:\WINDOWS\System32\config\default.sav

[2011.02.21 03:35:45 | 000,606,208 | ---- | M] () -- E:\WINDOWS\System32\config\software.sav

[2011.02.21 03:35:45 | 000,413,696 | ---- | M] () -- E:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ]

 
 <           >
 

< End of report >

Code:

OTL Extras logfile created on: 26.03.2012 21:39:08 - Run 1

OTL by OldTimer - Version 3.2.39.2     Folder = E:\Dokumente und Einstellungen\Housemaus\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,64% Memory free

3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,05% Paging File free

Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme

Drive C: | 100,00 Mb Total Space | 63,41 Mb Free Space | 63,41% Space Free | Partition Type: NTFS

Drive D: | 116,87 Gb Total Space | 54,78 Gb Free Space | 46,87% Space Free | Partition Type: NTFS

Drive E: | 69,33 Gb Total Space | 16,98 Gb Free Space | 24,50% Space Free | Partition Type: NTFS

 

Computer Name: MAUS | User Name: Housemaus | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[HKEY_USERS\S-1-5-21-854245398-1897051121-725345543-1004\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "E:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "E:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "E:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "E:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "E:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher

"8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher

"6885:TCP" = 6885:TCP:*:Enabled:League of Legends Launcher

"6885:UDP" = 6885:UDP:*:Enabled:League of Legends Launcher

"6933:TCP" = 6933:TCP:*:Enabled:League of Legends Launcher

"6933:UDP" = 6933:UDP:*:Enabled:League of Legends Launcher

"6931:TCP" = 6931:TCP:*:Enabled:League of Legends Launcher

"6931:UDP" = 6931:UDP:*:Enabled:League of Legends Launcher

"6975:TCP" = 6975:TCP:*:Enabled:League of Legends Launcher

"6975:UDP" = 6975:UDP:*:Enabled:League of Legends Launcher

"6977:TCP" = 6977:TCP:*:Enabled:League of Legends Launcher

"6977:UDP" = 6977:UDP:*:Enabled:League of Legends Launcher

"6986:TCP" = 6986:TCP:*:Enabled:League of Legends Launcher

"6986:UDP" = 6986:UDP:*:Enabled:League of Legends Launcher

"6984:TCP" = 6984:TCP:*:Enabled:League of Legends Launcher

"6984:UDP" = 6984:UDP:*:Enabled:League of Legends Launcher

"6890:TCP" = 6890:TCP:*:Enabled:League of Legends Launcher

"6890:UDP" = 6890:UDP:*:Enabled:League of Legends Launcher

"8397:TCP" = 8397:TCP:*:Enabled:League of Legends Launcher

"8397:UDP" = 8397:UDP:*:Enabled:League of Legends Launcher

"6958:TCP" = 6958:TCP:*:Enabled:League of Legends Launcher

"6958:UDP" = 6958:UDP:*:Enabled:League of Legends Launcher

"6956:TCP" = 6956:TCP:*:Enabled:League of Legends Launcher

"6956:UDP" = 6956:UDP:*:Enabled:League of Legends Launcher

"6951:TCP" = 6951:TCP:*:Enabled:League of Legends Launcher

"6951:UDP" = 6951:UDP:*:Enabled:League of Legends Launcher

"6942:TCP" = 6942:TCP:*:Enabled:League of Legends Launcher

"6942:UDP" = 6942:UDP:*:Enabled:League of Legends Launcher

"6887:TCP" = 6887:TCP:*:Enabled:League of Legends Launcher

"6887:UDP" = 6887:UDP:*:Enabled:League of Legends Launcher

"6915:TCP" = 6915:TCP:*:Enabled:League of Legends Launcher

"6915:UDP" = 6915:UDP:*:Enabled:League of Legends Launcher

"6944:TCP" = 6944:TCP:*:Enabled:League of Legends Launcher

"6944:UDP" = 6944:UDP:*:Enabled:League of Legends Launcher

"6955:TCP" = 6955:TCP:*:Enabled:League of Legends Launcher

"6955:UDP" = 6955:UDP:*:Enabled:League of Legends Launcher

"6920:TCP" = 6920:TCP:*:Enabled:League of Legends Launcher

"6920:UDP" = 6920:UDP:*:Enabled:League of Legends Launcher

"6948:TCP" = 6948:TCP:*:Enabled:League of Legends Launcher

"6948:UDP" = 6948:UDP:*:Enabled:League of Legends Launcher

"8398:TCP" = 8398:TCP:*:Enabled:League of Legends Launcher

"8398:UDP" = 8398:UDP:*:Enabled:League of Legends Launcher

"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby

"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby

"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client

"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"E:\Programme\ICQ7.4\ICQ.exe" = E:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)

"E:\Programme\HP\Digital Imaging\bin\hposid01.exe" = E:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"E:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe" = E:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)

"E:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = E:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()

"E:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = E:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"E:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = E:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"E:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = E:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"E:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = E:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"E:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = E:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"E:\Programme\HP\HP Software Update\HPWUCli.exe" = E:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"E:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = E:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"E:\Programme\Veetle\Player\VeetleNet.exe" = E:\Programme\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"E:\Programme\ICQ7.4\ICQ.exe" = E:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)

"E:\Programme\HP\Digital Imaging\bin\hposid01.exe" = E:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"E:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe" = E:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)

"E:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = E:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()

"E:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = E:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"E:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = E:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"E:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = E:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"E:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = E:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"E:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = E:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"E:\Programme\HP\HP Software Update\HPWUCli.exe" = E:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"E:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = E:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"E:\Riot Games\League of Legends\air\LolClient.exe" = E:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby

"E:\Riot Games\League of Legends\game\League of Legends.exe" = E:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client

"E:\Programme\Steam\Steam.exe" = E:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"E:\Programme\Winamp\winamp.exe" = E:\Programme\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)

"E:\Riot Games\League of Legends\lol.launcher.exe" = E:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- ()

"E:\Programme\Logitech\Vid HD\Vid.exe" = E:\Programme\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)

"E:\Programme\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe" = E:\Programme\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader

"E:\Programme\World of Warcraft\Launcher.exe" = E:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher

"E:\Programme\World of Warcraft\Launcher.patch.exe" = E:\Programme\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher

"E:\Programme\World of Warcraft\BackgroundDownloader.exe" = E:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader

"E:\Programme\StarCraft II\StarCraft II.exe" = E:\Programme\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher

"E:\Programme\StarCraft II\Versions\Base19679\SC2.exe" = E:\Programme\StarCraft II\Versions\Base19679\SC2.exe:*:Enabled:StarCraft II

"E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"E:\Programme\Steam\steamapps\schalker265\counter-strike\hl.exe" = E:\Programme\Steam\steamapps\schalker265\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)

"E:\Programme\Steam\steamapps\schalker265\counter-strike source\hl2.exe" = E:\Programme\Steam\steamapps\schalker265\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()

"E:\Programme\Veetle\Player\VeetleNet.exe" = E:\Programme\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility

"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.4 Build #4561 Banner Remover 1.1

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{5C4D532E-4EC9-11E1-9544-B8AC6F97B88E}" = Google Earth Plug-in

"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE

"{61539202-097E-487E-9237-B291AB56D54C}" = Bluetooth Monitor 2

"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX

"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch

"{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD-Sicherheitsmodul

"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"C-Media USB Sound" = SPEED-LINK Medusa 5.1 USB

"CNXT_HDAUDIO" = Conexant HD Audio

"CNXT_MODEM_PCI_VEN_14F1&DEV_5045&SUBSYS_1179FF31" = Soft Data Fax Modem with SmartCP

"ESET Online Scanner" = ESET Online Scanner v3

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Print Projects" = HP Print Projects 1.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"ie8" = Windows Internet Explorer 8

"InstallShield_{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility

"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play

"InstallShield_{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility

"Logitech Vid" = Logitech Vid HD

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000

"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)

"NCLauncher_GameForge" = NC Launcher (GameForge)

"NVIDIA Drivers" = NVIDIA Drivers

"PROSet" = Intel(R) PRO Network Connections Drivers

"Shop for HP Supplies" = Shop for HP Supplies

"Steam App 10" = Counter-Strike

"Steam App 240" = Counter-Strike: Source

"Steam App 30" = Day of Defeat

"SystemRequirementsLab" = System Requirements Lab

"Veetle TV" = Veetle TV

"VLC media player" = VLC media player 1.1.7

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-854245398-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Warcraft III" = Warcraft III: All Products

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 17.03.2012 12:57:49 | Computer Name = MAUS | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung aion.bin, Version 2712.907.222.5354, fehlgeschlagenes

 Modul fmodex.dll, Version 0.4.26.5, Fehleradresse 0x000199ee.

 

Error - 17.03.2012 13:00:03 | Computer Name = MAUS | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung aion.bin, Version 2712.907.222.5354, fehlgeschlagenes

 Modul fmodex.dll, Version 0.4.26.5, Fehleradresse 0x000199ee.

 

Error - 17.03.2012 13:05:23 | Computer Name = MAUS | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung aion.bin, Version 2712.907.222.5354, fehlgeschlagenes

 Modul fmodex.dll, Version 0.4.26.5, Fehleradresse 0x000199ee.

 

Error - 17.03.2012 13:37:56 | Computer Name = MAUS | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung aion.bin, Version 2712.907.222.5354, fehlgeschlagenes

 Modul fmodex.dll, Version 0.4.26.5, Fehleradresse 0x000199ee.

 

Error - 17.03.2012 13:42:06 | Computer Name = MAUS | Source = MsiInstaller | ID = 11706

Description = Produkt: AION Free-To-Play -- Fehler 1706. Für das Produkt AION Free-To-Play

 wurde kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden

 Sie dabei eine gültige Kopie des Installationspakets "AION Free-To-Play.msi".

 

Error - 17.03.2012 13:44:40 | Computer Name = MAUS | Source = MsiInstaller | ID = 11706

Description = Produkt: AION Free-To-Play -- Fehler 1706. Für das Produkt AION Free-To-Play

 wurde kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden

 Sie dabei eine gültige Kopie des Installationspakets "AION Free-To-Play.msi".

 

Error - 17.03.2012 21:18:22 | Computer Name = MAUS | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung aion.bin, Version 2712.907.222.5354, fehlgeschlagenes

 Modul fmodex.dll, Version 0.4.26.5, Fehleradresse 0x000199ee.

 

Error - 17.03.2012 21:20:18 | Computer Name = MAUS | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung aion.bin, Version 2712.907.222.5354, fehlgeschlagenes

 Modul fmodex.dll, Version 0.4.26.5, Fehleradresse 0x000199ee.

 

Error - 18.03.2012 09:23:16 | Computer Name = MAUS | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung aion.bin, Version 2712.907.222.5354, fehlgeschlagenes

 Modul fmodex.dll, Version 0.4.26.5, Fehleradresse 0x000199ee.

 

Error - 18.03.2012 09:54:57 | Computer Name = MAUS | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung aion.bin, Version 2712.907.222.5354, fehlgeschlagenes

 Modul fmodex.dll, Version 0.4.26.5, Fehleradresse 0x000199ee.

 

[ System Events ]

Error - 25.03.2012 17:36:12 | Computer Name = MAUS | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   avgio  avipbb  Fips  intelppm  ssmdrv

 

Error - 25.03.2012 19:29:20 | Computer Name = MAUS | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 25.03.2012 19:29:33 | Computer Name = MAUS | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 25.03.2012 19:30:57 | Computer Name = MAUS | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 25.03.2012 19:44:19 | Computer Name = MAUS | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 26.03.2012 15:27:22 | Computer Name = MAUS | Source = Service Control Manager | ID = 7006

Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers

 fehlgeschlagen:   %%5

 

Error - 26.03.2012 15:27:22 | Computer Name = MAUS | Source = Service Control Manager | ID = 7006

Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers

 fehlgeschlagen:   %%5

 

Error - 26.03.2012 15:29:06 | Computer Name = MAUS | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 26.03.2012 15:30:19 | Computer Name = MAUS | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   avgio  avipbb  Fips  intelppm  ssmdrv

 

Error - 26.03.2012 15:31:53 | Computer Name = MAUS | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

 

< End of report >

Kann ich nun wieder alles machen wie gehabt? Ist Online Banking etc ohne probleme wieder möglich?

Zitat:

Kann ich nun wieder alles machen wie gehabt? Ist Online Banking etc ohne probleme wieder möglich?

Erstmal nicht! Wir haben hier analysemäßig gerade erst die Pberfläche angekratzt! 100% Sicherheit gibt es nicht, wenn du wirklich sicher banken willst schaust du dir mal so was wie Bankix an! Sicheres Online-Banking mit Bankix | c't

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "chrome://fastdial/content/fastdial.html"

FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:3.4

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="

FF - user.js - File not found

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4 - HKU\S-1-5-21-854245398-1897051121-725345543-1004..\Run: [SkypePM] E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Skype\SkypePM.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-854245398-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.02.14 22:33:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

 All processes killed

========== OTL ==========

Prefs.js: "ICQ Search" removed from browser.search.defaultenginename

Prefs.js: "chrome://fastdial/content/fastdial.html" removed from browser.startup.homepage

Prefs.js: fastdial@telega.phpnet.us:3.4 removed from extensions.enabledItems

Prefs.js: smartwebprinting@hp.com:4.5 removed from extensions.enabledItems

Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.

File move failed. E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_USERS\S-1-5-21-854245398-1897051121-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\SkypePM deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.

Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-854245398-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\AUTOEXEC.BAT moved successfully.

D:\autoexec.bat moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->FireFox cache emptied: 47746106 bytes

->Flash cache emptied: 456 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Housemaus

->Temp folder emptied: 1791759619 bytes

->Temporary Internet Files folder emptied: 149627094 bytes

->Java cache emptied: 54950331 bytes

->FireFox cache emptied: 47469738 bytes

->Google Chrome cache emptied: 12883064 bytes

->Flash cache emptied: 3129 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 2317510 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 853855 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1158451 bytes

%systemroot%\System32 .tmp files removed: 2951 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5311939 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 2.016,00 mb

 

E:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.39.2 log created on 03272012_151949
 

Files\Folders moved on Reboot...

E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Code:

 16:52:24.0781 3512        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

16:52:24.0843 3512        ============================================================

16:52:24.0843 3512        Current date / time: 2012/03/27 16:52:24.0843

16:52:24.0843 3512        SystemInfo:

16:52:24.0843 3512        

16:52:24.0843 3512        OS Version: 5.1.2600 ServicePack: 3.0

16:52:24.0843 3512        Product type: Workstation

16:52:24.0843 3512        ComputerName: MAUS

16:52:24.0843 3512        UserName: Housemaus

16:52:24.0843 3512        Windows directory: E:\WINDOWS

16:52:24.0843 3512        System windows directory: E:\WINDOWS

16:52:24.0843 3512        Processor architecture: Intel x86

16:52:24.0843 3512        Number of processors: 2

16:52:24.0843 3512        Page size: 0x1000

16:52:24.0843 3512        Boot type: Normal boot

16:52:24.0843 3512        ============================================================

16:52:27.0484 3512        Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

16:52:27.0484 3512        \Device\Harddisk0\DR0:

16:52:27.0484 3512        MBR used

16:52:27.0484 3512        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

16:52:27.0484 3512        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE9C0000

16:52:27.0484 3512        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE9F2800, BlocksNum 0x8AAB800

16:52:27.0578 3512        Initialize success

16:52:27.0578 3512        ============================================================

16:53:42.0937 3560        ============================================================

16:53:42.0937 3560        Scan started

16:53:42.0937 3560        Mode: Manual; SigCheck; TDLFS; 

16:53:42.0937 3560        ============================================================

16:53:43.0484 3560        Abiosdsk - ok

16:53:43.0531 3560        abp480n5 - ok

16:53:43.0593 3560        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) E:\WINDOWS\system32\DRIVERS\ACPI.sys

16:53:45.0156 3560        ACPI - ok

16:53:45.0296 3560        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) E:\WINDOWS\system32\DRIVERS\ACPIEC.sys

16:53:45.0421 3560        ACPIEC - ok

16:53:45.0437 3560        adpu160m - ok

16:53:45.0484 3560        aec             (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys

16:53:45.0593 3560        aec - ok

16:53:45.0656 3560        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) E:\WINDOWS\System32\drivers\afd.sys

16:53:45.0703 3560        AFD - ok

16:53:45.0718 3560        Aha154x - ok

16:53:45.0718 3560        aic78u2 - ok

16:53:45.0734 3560        aic78xx - ok

16:53:45.0765 3560        Alerter         (738d80cc01d7bc7584be917b7f544394) E:\WINDOWS\system32\alrsvc.dll

16:53:45.0906 3560        Alerter - ok

16:53:45.0937 3560        ALG             (190cd73d4984f94d823f9444980513e5) E:\WINDOWS\System32\alg.exe

16:53:46.0031 3560        ALG - ok

16:53:46.0125 3560        AliIde - ok

16:53:46.0171 3560        amsint - ok

16:53:46.0296 3560        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) E:\Programme\Avira\AntiVir Desktop\sched.exe

16:53:46.0312 3560        AntiVirSchedulerService - ok

16:53:46.0328 3560        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) E:\Programme\Avira\AntiVir Desktop\avguard.exe

16:53:46.0343 3560        AntiVirService - ok

16:53:46.0437 3560        Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

16:53:46.0437 3560        Apple Mobile Device - ok

16:53:46.0453 3560        AppMgmt - ok

16:53:46.0500 3560        Arp1394         (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys

16:53:46.0609 3560        Arp1394 - ok

16:53:46.0609 3560        asc - ok

16:53:46.0625 3560        asc3350p - ok

16:53:46.0625 3560        asc3550 - ok

16:53:46.0750 3560        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

16:53:46.0796 3560        aspnet_state - ok

16:53:46.0906 3560        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:53:46.0984 3560        AsyncMac - ok

16:53:47.0062 3560        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys

16:53:47.0515 3560        atapi - ok

16:53:47.0562 3560        Atdisk - ok

16:53:47.0593 3560        Atmarpc         (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:53:47.0671 3560        Atmarpc - ok

16:53:47.0718 3560        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) E:\WINDOWS\System32\audiosrv.dll

16:53:47.0828 3560        AudioSrv - ok

16:53:47.0875 3560        audstub         (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys

16:53:47.0968 3560        audstub - ok

16:53:48.0000 3560        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) E:\WINDOWS\system32\DRIVERS\avgntflt.sys

16:53:48.0031 3560        avgntflt - ok

16:53:48.0062 3560        avipbb          (13b02b9b969dde270cd7c351203dad3c) E:\WINDOWS\system32\DRIVERS\avipbb.sys

16:53:48.0062 3560        avipbb - ok

16:53:48.0093 3560        avkmgr          (271cfd1a989209b1964e24d969552bf7) E:\WINDOWS\system32\DRIVERS\avkmgr.sys

16:53:48.0093 3560        avkmgr - ok

16:53:48.0156 3560        Beep            (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys

16:53:48.0265 3560        Beep - ok

16:53:48.0406 3560        BITS            (d6f603772a789bb3228f310d650b8bd1) E:\WINDOWS\system32\qmgr.dll

16:53:48.0546 3560        BITS - ok

16:53:48.0656 3560        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) E:\Programme\Bonjour\mDNSResponder.exe

16:53:48.0671 3560        Bonjour Service - ok

16:53:48.0765 3560        Browser         (b42057f06bbb98b31876c0b3f2b54e33) E:\WINDOWS\System32\browser.dll

16:53:48.0890 3560        Browser - ok

16:53:49.0000 3560        BthEnum         (b279426e3c0c344893ed78a613a73bde) E:\WINDOWS\system32\DRIVERS\BthEnum.sys

16:53:49.0109 3560        BthEnum - ok

16:53:49.0234 3560        BthPan          (80602b8746d3738f5886ce3d67ef06b6) E:\WINDOWS\system32\DRIVERS\bthpan.sys

16:53:49.0343 3560        BthPan - ok

16:53:49.0406 3560        BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) E:\WINDOWS\system32\Drivers\BTHport.sys

16:53:49.0453 3560        BTHPORT - ok

16:53:49.0531 3560        BthServ         (26c601ef7525e31379744abfc6f35a1b) E:\WINDOWS\System32\bthserv.dll

16:53:49.0625 3560        BthServ - ok

16:53:49.0687 3560        BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) E:\WINDOWS\system32\Drivers\BTHUSB.sys

16:53:49.0796 3560        BTHUSB - ok

16:53:49.0828 3560        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys

16:53:49.0906 3560        cbidf2k - ok

16:53:49.0953 3560        CCDECODE        (0be5aef125be881c4f854c554f2b025c) E:\WINDOWS\system32\DRIVERS\CCDECODE.sys

16:53:50.0046 3560        CCDECODE - ok

16:53:50.0046 3560        cd20xrnt - ok

16:53:50.0093 3560        Cdaudio         (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys

16:53:50.0187 3560        Cdaudio - ok

16:53:50.0312 3560        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys

16:53:50.0406 3560        Cdfs - ok

16:53:50.0468 3560        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys

16:53:50.0562 3560        Cdrom - ok

16:53:50.0578 3560        Changer - ok

16:53:50.0625 3560        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) E:\WINDOWS\system32\cisvc.exe

16:53:50.0734 3560        CiSvc - ok

16:53:50.0796 3560        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) E:\WINDOWS\system32\clipsrv.exe

16:53:50.0890 3560        ClipSrv - ok

16:53:51.0031 3560        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:53:51.0140 3560        clr_optimization_v2.0.50727_32 - ok

16:53:51.0265 3560        CmBatt          (0f6c187d38d98f8df904589a5f94d411) E:\WINDOWS\system32\DRIVERS\CmBatt.sys

16:53:51.0359 3560        CmBatt - ok

16:53:51.0406 3560        CmdIde - ok

16:53:51.0562 3560        cmudau          (6567d62b2b9e30692da2cd64ab512c1f) E:\WINDOWS\system32\drivers\cmudau.sys

16:53:51.0687 3560        cmudau ( UnsignedFile.Multi.Generic ) - warning

16:53:51.0687 3560        cmudau - detected UnsignedFile.Multi.Generic (1)

16:53:51.0734 3560        Compbatt        (6e4c9f21f0fae8940661144f41b13203) E:\WINDOWS\system32\DRIVERS\compbatt.sys

16:53:51.0843 3560        Compbatt - ok

16:53:51.0843 3560        COMSysApp - ok

16:53:51.0859 3560        Cpqarray - ok

16:53:51.0906 3560        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) E:\WINDOWS\System32\cryptsvc.dll

16:53:52.0000 3560        CryptSvc - ok

16:53:52.0078 3560        dac2w2k - ok

16:53:52.0109 3560        dac960nt - ok

16:53:52.0171 3560        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) E:\WINDOWS\system32\rpcss.dll

16:53:52.0234 3560        DcomLaunch - ok

16:53:52.0281 3560        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) E:\WINDOWS\System32\dhcpcsvc.dll

16:53:52.0359 3560        Dhcp - ok

16:53:52.0390 3560        Disk            (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys

16:53:52.0468 3560        Disk - ok

16:53:52.0484 3560        dmadmin - ok

16:53:52.0546 3560        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) E:\WINDOWS\system32\drivers\dmboot.sys

16:53:52.0734 3560        dmboot - ok

16:53:52.0843 3560        dmio            (53720ab12b48719d00e327da470a619a) E:\WINDOWS\system32\drivers\dmio.sys

16:53:52.0953 3560        dmio - ok

16:53:53.0078 3560        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys

16:53:53.0187 3560        dmload - ok

16:53:53.0250 3560        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) E:\WINDOWS\System32\dmserver.dll

16:53:53.0359 3560        dmserver - ok

16:53:53.0406 3560        DMusic          (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys

16:53:53.0515 3560        DMusic - ok

16:53:53.0562 3560        Dnscache        (407f3227ac618fd1ca54b335b083de07) E:\WINDOWS\System32\dnsrslvr.dll

16:53:53.0593 3560        Dnscache - ok

16:53:53.0656 3560        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) E:\WINDOWS\System32\dot3svc.dll

16:53:53.0750 3560        Dot3svc - ok

16:53:53.0765 3560        dpti2o - ok

16:53:53.0781 3560        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys

16:53:53.0875 3560        drmkaud - ok

16:53:54.0109 3560        E100B           (5c940a174dfb2c42b9f6ba6edc2baa0b) E:\WINDOWS\system32\DRIVERS\e100b325.sys

16:53:54.0281 3560        E100B - ok

16:53:54.0390 3560        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) E:\WINDOWS\System32\eapsvc.dll

16:53:54.0484 3560        EapHost - ok

16:53:54.0531 3560        ERSvc           (877c18558d70587aa7823a1a308ac96b) E:\WINDOWS\System32\ersvc.dll

16:53:54.0640 3560        ERSvc - ok

16:53:54.0703 3560        Eventlog        (a3edbe9053889fb24ab22492472b39dc) E:\WINDOWS\system32\services.exe

16:53:54.0718 3560        Eventlog - ok

16:53:54.0812 3560        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) E:\WINDOWS\System32\es.dll

16:53:54.0843 3560        EventSystem - ok

16:53:54.0984 3560        Fastfat         (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys

16:53:55.0062 3560        Fastfat - ok

16:53:55.0171 3560        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) E:\WINDOWS\System32\shsvcs.dll

16:53:55.0218 3560        FastUserSwitchingCompatibility - ok

16:53:55.0296 3560        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\drivers\Fdc.sys

16:53:55.0375 3560        Fdc - ok

16:53:55.0406 3560        Fips            (b0678a548587c5f1967b0d70bacad6c1) E:\WINDOWS\system32\drivers\Fips.sys

16:53:55.0484 3560        Fips - ok

16:53:55.0500 3560        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\drivers\Flpydisk.sys

16:53:55.0593 3560        Flpydisk - ok

16:53:55.0656 3560        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys

16:53:55.0750 3560        FltMgr - ok

16:53:55.0890 3560        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

16:53:55.0890 3560        FontCache3.0.0.0 - ok

16:53:55.0921 3560        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys

16:53:56.0031 3560        Fs_Rec - ok

16:53:56.0140 3560        Ftdisk          (8f1955ce42e1484714b542f341647778) E:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:53:56.0234 3560        Ftdisk - ok

16:53:56.0343 3560        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

16:53:56.0343 3560        GEARAspiWDM - ok

16:53:56.0468 3560        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys

16:53:56.0546 3560        Gpc - ok

16:53:56.0640 3560        GPU-Z - ok

16:53:56.0734 3560        gupdate         (f02a533f517eb38333cb12a9e8963773) E:\Programme\Google\Update\GoogleUpdate.exe

16:53:56.0750 3560        gupdate - ok

16:53:56.0750 3560        gupdatem        (f02a533f517eb38333cb12a9e8963773) E:\Programme\Google\Update\GoogleUpdate.exe

16:53:56.0750 3560        gupdatem - ok

16:53:56.0968 3560        HdAudAddService (bb42bb78bbbc1e83292ef26973598daf) E:\WINDOWS\system32\drivers\CHDAud.sys

16:53:57.0031 3560        HdAudAddService - ok

16:53:57.0156 3560        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

16:53:57.0250 3560        HDAudBus - ok

16:53:57.0296 3560        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

16:53:57.0390 3560        helpsvc - ok

16:53:57.0437 3560        HidServ         (b35da85e60c0103f2e4104532da2f12b) E:\WINDOWS\System32\hidserv.dll

16:53:57.0546 3560        HidServ - ok

16:53:57.0593 3560        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys

16:53:57.0687 3560        HidUsb - ok

16:53:57.0796 3560        hkmsvc          (ed29f14101523a6e0e808107405d452c) E:\WINDOWS\System32\kmsvc.dll

16:53:57.0875 3560        hkmsvc - ok

16:53:57.0968 3560        hpn - ok

16:53:58.0125 3560        hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) E:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll

16:53:58.0156 3560        hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

16:53:58.0156 3560        hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

16:53:58.0171 3560        hpqddsvc        (f3f72a2a86c22610bca5439fa789dd52) E:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll

16:53:58.0187 3560        hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

16:53:58.0187 3560        hpqddsvc - detected UnsignedFile.Multi.Generic (1)

16:53:58.0234 3560        HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) E:\WINDOWS\system32\DRIVERS\HPZid412.sys

16:53:58.0406 3560        HPZid412 - ok

16:53:58.0515 3560        HPZipr12        (89f41658929393487b6b7d13c8528ce3) E:\WINDOWS\system32\DRIVERS\HPZipr12.sys

16:53:58.0546 3560        HPZipr12 - ok

16:53:58.0546 3560        HPZius12        (abcb05ccdbf03000354b9553820e39f8) E:\WINDOWS\system32\DRIVERS\HPZius12.sys

16:53:58.0593 3560        HPZius12 - ok

16:53:58.0671 3560        HSFHWAZL        (6a5c4732d6803f84e2987edd8e4359ce) E:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

16:53:58.0718 3560        HSFHWAZL - ok

16:53:58.0796 3560        HSF_DPV         (21c31273c6cc4826e74be8ae3b09d4a8) E:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

16:53:58.0906 3560        HSF_DPV - ok

16:53:58.0968 3560        HTTP            (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys

16:53:59.0000 3560        HTTP - ok

16:53:59.0046 3560        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) E:\WINDOWS\System32\w3ssl.dll

16:53:59.0140 3560        HTTPFilter - ok

16:53:59.0250 3560        i2omgmt - ok

16:53:59.0250 3560        i2omp - ok

16:53:59.0312 3560        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) E:\WINDOWS\system32\DRIVERS\i8042prt.sys

16:53:59.0406 3560        i8042prt - ok

16:53:59.0515 3560        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

16:53:59.0531 3560        IDriverT ( UnsignedFile.Multi.Generic ) - warning

16:53:59.0531 3560        IDriverT - detected UnsignedFile.Multi.Generic (1)

16:53:59.0718 3560        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

16:53:59.0796 3560        idsvc - ok

16:54:00.0015 3560        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys

16:54:00.0109 3560        Imapi - ok

16:54:00.0203 3560        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) E:\WINDOWS\System32\imapi.exe

16:54:00.0296 3560        ImapiService - ok

16:54:00.0343 3560        ini910u - ok

16:54:00.0390 3560        IntelIde - ok

16:54:00.0453 3560        intelppm        (4c7d2750158ed6e7ad642d97bffae351) E:\WINDOWS\system32\DRIVERS\intelppm.sys

16:54:00.0546 3560        intelppm - ok

16:54:00.0609 3560        ip6fw           (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys

16:54:00.0718 3560        ip6fw - ok

16:54:00.0859 3560        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:54:00.0953 3560        IpFilterDriver - ok

16:54:01.0046 3560        IpInIp          (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys

16:54:01.0140 3560        IpInIp - ok

16:54:01.0203 3560        IpNat           (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys

16:54:01.0296 3560        IpNat - ok

16:54:01.0421 3560        iPod Service    (ca1972397b845b2f53f5dc63c22fd98a) E:\Programme\iPod\bin\iPodService.exe

16:54:01.0484 3560        iPod Service - ok

16:54:01.0546 3560        IPSec           (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys

16:54:01.0625 3560        IPSec - ok

16:54:01.0656 3560        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys

16:54:01.0765 3560        IRENUM - ok

16:54:01.0859 3560        isapnp          (6dfb88f64135c525433e87648bda30de) E:\WINDOWS\system32\DRIVERS\isapnp.sys

16:54:01.0953 3560        isapnp - ok

16:54:02.0046 3560        JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) E:\Programme\Java\jre6\bin\jqs.exe

16:54:02.0062 3560        JavaQuickStarterService - ok

16:54:02.0156 3560        Kbdclass        (1704d8c4c8807b889e43c649b478a452) E:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:54:02.0250 3560        Kbdclass - ok

16:54:02.0343 3560        kbdhid          (b6d6c117d771c98130497265f26d1882) E:\WINDOWS\system32\DRIVERS\kbdhid.sys

16:54:02.0437 3560        kbdhid - ok

16:54:02.0546 3560        kmixer          (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys

16:54:02.0640 3560        kmixer - ok

16:54:02.0765 3560        KSecDD          (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys

16:54:02.0859 3560        KSecDD - ok

16:54:02.0906 3560        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) E:\WINDOWS\System32\srvsvc.dll

16:54:02.0953 3560        lanmanserver - ok

16:54:03.0015 3560        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) E:\WINDOWS\System32\wkssvc.dll

16:54:03.0078 3560        lanmanworkstation - ok

16:54:03.0093 3560        lbrtfdc - ok

16:54:03.0125 3560        LmHosts         (636714b7d43c8d0c80449123fd266920) E:\WINDOWS\System32\lmhsvc.dll

16:54:03.0234 3560        LmHosts - ok

16:54:03.0281 3560        LVPr2Mon        (1a7db7a00a4b0d8da24cd691a4547291) E:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

16:54:03.0281 3560        LVPr2Mon - ok

16:54:03.0406 3560        LVPrcSrv        (0ddfdcaa92c7f553328db06ba599bea9) E:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe

16:54:03.0406 3560        LVPrcSrv - ok

16:54:03.0546 3560        mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) E:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

16:54:03.0562 3560        mdmxsdk - ok

16:54:03.0578 3560        Messenger       (b7550a7107281d170ce85524b1488c98) E:\WINDOWS\System32\msgsvc.dll

16:54:03.0687 3560        Messenger - ok

16:54:03.0734 3560        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys

16:54:03.0828 3560        mnmdd - ok

16:54:03.0937 3560        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) E:\WINDOWS\System32\mnmsrvc.exe

16:54:04.0015 3560        mnmsrvc - ok

16:54:04.0078 3560        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) E:\WINDOWS\system32\drivers\Modem.sys

16:54:04.0156 3560        Modem - ok

16:54:04.0187 3560        Mouclass        (b24ce8005deab254c0251e15cb71d802) E:\WINDOWS\system32\DRIVERS\mouclass.sys

16:54:04.0265 3560        Mouclass - ok

16:54:04.0312 3560        mouhid          (66a6f73c74e1791464160a7065ce711a) E:\WINDOWS\system32\DRIVERS\mouhid.sys

16:54:04.0406 3560        mouhid - ok

16:54:04.0437 3560        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys

16:54:04.0531 3560        MountMgr - ok

16:54:04.0546 3560        mraid35x - ok

16:54:04.0562 3560        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:54:04.0656 3560        MRxDAV - ok

16:54:04.0734 3560        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:54:04.0765 3560        MRxSmb - ok

16:54:04.0890 3560        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) E:\WINDOWS\System32\msdtc.exe

16:54:04.0984 3560        MSDTC - ok

16:54:05.0046 3560        Msfs            (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys

16:54:05.0140 3560        Msfs - ok

16:54:05.0156 3560        MSIServer - ok

16:54:05.0187 3560        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys

16:54:05.0281 3560        MSKSSRV - ok

16:54:05.0328 3560        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:54:05.0421 3560        MSPCLOCK - ok

16:54:05.0453 3560        MSPQM           (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys

16:54:05.0531 3560        MSPQM - ok

16:54:05.0562 3560        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:54:05.0656 3560        mssmbios - ok

16:54:05.0750 3560        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) E:\WINDOWS\system32\drivers\MSTEE.sys

16:54:05.0875 3560        MSTEE - ok

16:54:06.0000 3560        Mup             (de6a75f5c270e756c5508d94b6cf68f5) E:\WINDOWS\system32\drivers\Mup.sys

16:54:06.0031 3560        Mup - ok

16:54:06.0140 3560        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

16:54:06.0250 3560        NABTSFEC - ok

16:54:06.0343 3560        napagent        (46bb15ae2ac7d025d6d2567b876817bd) E:\WINDOWS\System32\qagentrt.dll

16:54:06.0453 3560        napagent - ok

16:54:06.0515 3560        NDIS            (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys

16:54:06.0625 3560        NDIS - ok

16:54:06.0718 3560        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) E:\WINDOWS\system32\DRIVERS\NdisIP.sys

16:54:06.0812 3560        NdisIP - ok

16:54:06.0843 3560        NdisTapi        (0109c4f3850dfbab279542515386ae22) E:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:54:06.0875 3560        NdisTapi - ok

16:54:06.0906 3560        Ndisuio         (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:54:07.0000 3560        Ndisuio - ok

16:54:07.0046 3560        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:54:07.0156 3560        NdisWan - ok

16:54:07.0218 3560        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) E:\WINDOWS\system32\drivers\NDProxy.sys

16:54:07.0250 3560        NDProxy - ok

16:54:07.0359 3560        Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) E:\WINDOWS\system32\HPZinw12.dll

16:54:07.0375 3560        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

16:54:07.0375 3560        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

16:54:07.0484 3560        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys

16:54:07.0578 3560        NetBIOS - ok

16:54:07.0656 3560        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys

16:54:07.0734 3560        NetBT - ok

16:54:07.0828 3560        NetDDE          (8ace4251bffd09ce75679fe940e996cc) E:\WINDOWS\system32\netdde.exe

16:54:07.0921 3560        NetDDE - ok

16:54:07.0953 3560        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) E:\WINDOWS\system32\netdde.exe

16:54:08.0031 3560        NetDDEdsdm - ok

16:54:08.0140 3560        Netlogon        (afb8261b56cba0d86aeb6df682af9785) E:\WINDOWS\System32\lsass.exe

16:54:08.0234 3560        Netlogon - ok

16:54:08.0281 3560        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) E:\WINDOWS\System32\netman.dll

16:54:08.0375 3560        Netman - ok

16:54:08.0500 3560        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:54:08.0515 3560        NetTcpPortSharing - ok

16:54:08.0968 3560        NETwLx32        (72062b53186e4a3f5fcbc41ebb62b905) E:\WINDOWS\system32\DRIVERS\NETwLx32.sys

16:54:09.0671 3560        NETwLx32 - ok

16:54:09.0812 3560        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys

16:54:09.0906 3560        NIC1394 - ok

16:54:10.0187 3560        Nla             (f1b67b6b0751ae0e6e964b02821206a3) E:\WINDOWS\System32\mswsock.dll

16:54:10.0234 3560        Nla - ok

16:54:10.0250 3560        Npfs            (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys

16:54:10.0328 3560        Npfs - ok

16:54:10.0390 3560        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys

16:54:10.0500 3560        Ntfs - ok

16:54:10.0546 3560        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) E:\WINDOWS\System32\lsass.exe

16:54:10.0625 3560        NtLmSsp - ok

16:54:10.0687 3560        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) E:\WINDOWS\system32\ntmssvc.dll

16:54:10.0812 3560        NtmsSvc - ok

16:54:10.0953 3560        Null            (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys

16:54:11.0046 3560        Null - ok

16:54:11.0531 3560        nv              (d42fb8615e810901779294f5627364fe) E:\WINDOWS\system32\DRIVERS\nv4_mini.sys

16:54:12.0265 3560        nv - ok

16:54:12.0343 3560        NVSvc           (755d3a2de4b05024f90430fe32ff26a5) E:\WINDOWS\system32\nvsvc32.exe

16:54:12.0359 3560        NVSvc - ok

16:54:12.0406 3560        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:54:12.0515 3560        NwlnkFlt - ok

16:54:12.0546 3560        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:54:12.0656 3560        NwlnkFwd - ok

16:54:12.0718 3560        ohci1394        (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys

16:54:12.0812 3560        ohci1394 - ok

16:54:12.0937 3560        Parport         (f84785660305b9b903fb3bca8ba29837) E:\WINDOWS\system32\drivers\Parport.sys

16:54:13.0031 3560        Parport - ok

16:54:13.0078 3560        PartMgr         (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys

16:54:13.0156 3560        PartMgr - ok

16:54:13.0234 3560        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) E:\WINDOWS\system32\drivers\ParVdm.sys

16:54:13.0343 3560        ParVdm - ok

16:54:13.0359 3560        PCI             (387e8dedc343aa2d1efbc30580273acd) E:\WINDOWS\system32\DRIVERS\pci.sys

16:54:13.0453 3560        PCI - ok

16:54:13.0468 3560        PCIDump - ok

16:54:13.0500 3560        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) E:\WINDOWS\system32\DRIVERS\pciide.sys

16:54:13.0609 3560        PCIIde - ok

16:54:13.0640 3560        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) E:\WINDOWS\system32\DRIVERS\pcmcia.sys

16:54:13.0750 3560        Pcmcia - ok

16:54:13.0750 3560        PDCOMP - ok

16:54:13.0765 3560        PDFRAME - ok

16:54:13.0765 3560        PDRELI - ok

16:54:13.0781 3560        PDRFRAME - ok

16:54:13.0796 3560        perc2 - ok

16:54:13.0796 3560        perc2hib - ok

16:54:13.0984 3560        PID_PEPI        (dd184d9adfe2a8a21741dbdfe9e22f5c) E:\WINDOWS\system32\DRIVERS\LV302V32.SYS

16:54:14.0250 3560        PID_PEPI - ok

16:54:14.0375 3560        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) E:\WINDOWS\system32\services.exe

16:54:14.0406 3560        PlugPlay - ok

16:54:14.0500 3560        Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) E:\WINDOWS\system32\HPZipm12.dll

16:54:14.0515 3560        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

16:54:14.0515 3560        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

16:54:14.0578 3560        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) E:\WINDOWS\System32\lsass.exe

16:54:14.0656 3560        PolicyAgent - ok

16:54:14.0687 3560        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys

16:54:14.0781 3560        PptpMiniport - ok

16:54:14.0828 3560        Processor       (2cb55427c58679f49ad600fccba76360) E:\WINDOWS\system32\DRIVERS\processr.sys

16:54:14.0906 3560        Processor - ok

16:54:14.0921 3560        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) E:\WINDOWS\system32\lsass.exe

16:54:15.0000 3560        ProtectedStorage - ok

16:54:15.0000 3560        PSched          (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys

16:54:15.0109 3560        PSched - ok

16:54:15.0140 3560        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys

16:54:15.0250 3560        Ptilink - ok

16:54:15.0312 3560        PxHelp20        (153d02480a0a2f45785522e814c634b6) E:\WINDOWS\system32\Drivers\PxHelp20.sys

16:54:15.0312 3560        PxHelp20 - ok

16:54:15.0328 3560        ql1080 - ok

16:54:15.0328 3560        Ql10wnt - ok

16:54:15.0343 3560        ql12160 - ok

16:54:15.0359 3560        ql1240 - ok

16:54:15.0359 3560        ql1280 - ok

16:54:15.0375 3560        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys

16:54:15.0484 3560        RasAcd - ok

16:54:15.0515 3560        RasAuto         (f5ba6caccdb66c8f048e867563203246) E:\WINDOWS\System32\rasauto.dll

16:54:15.0625 3560        RasAuto - ok

16:54:15.0718 3560        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:54:15.0812 3560        Rasl2tp - ok

16:54:15.0921 3560        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) E:\WINDOWS\System32\rasmans.dll

16:54:16.0015 3560        RasMan - ok

16:54:16.0078 3560        RasPppoe        (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:54:16.0156 3560        RasPppoe - ok

16:54:16.0171 3560        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys

16:54:16.0265 3560        Raspti - ok

16:54:16.0296 3560        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys

16:54:16.0375 3560        Rdbss - ok

16:54:16.0406 3560        RDPCDD          (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:54:16.0515 3560        RDPCDD - ok

16:54:16.0578 3560        RDPWD           (5b3055daa788bd688594d2f5981f2a83) E:\WINDOWS\system32\drivers\RDPWD.sys

16:54:16.0593 3560        RDPWD - ok

16:54:16.0625 3560        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) E:\WINDOWS\system32\sessmgr.exe

16:54:16.0718 3560        RDSessMgr - ok

16:54:16.0750 3560        redbook         (ed761d453856f795a7fe056e42c36365) E:\WINDOWS\system32\DRIVERS\redbook.sys

16:54:16.0859 3560        redbook - ok

16:54:16.0968 3560        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) E:\WINDOWS\System32\mprdim.dll

16:54:17.0078 3560        RemoteAccess - ok

16:54:17.0156 3560        RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) E:\WINDOWS\system32\DRIVERS\rfcomm.sys

16:54:17.0234 3560        RFCOMM - ok

16:54:17.0250 3560        RpcLocator      (2a02e21867497df20b8fc95631395169) E:\WINDOWS\System32\locator.exe

16:54:17.0343 3560        RpcLocator - ok

16:54:17.0421 3560        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) E:\WINDOWS\system32\rpcss.dll

16:54:17.0453 3560        RpcSs - ok

16:54:17.0515 3560        RSVP            (4bdd71b4b521521499dfd14735c4f398) E:\WINDOWS\System32\rsvp.exe

16:54:17.0625 3560        RSVP - ok

16:54:17.0656 3560        SamSs           (afb8261b56cba0d86aeb6df682af9785) E:\WINDOWS\system32\lsass.exe

16:54:17.0734 3560        SamSs - ok

16:54:17.0765 3560        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) E:\WINDOWS\System32\SCardSvr.exe

16:54:17.0890 3560        SCardSvr - ok

16:54:17.0953 3560        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) E:\WINDOWS\system32\schedsvc.dll

16:54:18.0046 3560        Schedule - ok

16:54:18.0140 3560        sdbus           (8d04819a3ce51b9eb47e5689b44d43c4) E:\WINDOWS\system32\DRIVERS\sdbus.sys

16:54:18.0234 3560        sdbus - ok

16:54:18.0312 3560        Secdrv          (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys

16:54:18.0390 3560        Secdrv - ok

16:54:18.0421 3560        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) E:\WINDOWS\System32\seclogon.dll

16:54:18.0531 3560        seclogon - ok

16:54:18.0531 3560        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) E:\WINDOWS\system32\sens.dll

16:54:18.0625 3560        SENS - ok

16:54:18.0671 3560        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) E:\WINDOWS\system32\drivers\Serial.sys

16:54:18.0765 3560        Serial - ok

16:54:18.0812 3560        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys

16:54:18.0906 3560        Sfloppy - ok

16:54:18.0968 3560        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) E:\WINDOWS\System32\ipnathlp.dll

16:54:19.0078 3560        SharedAccess - ok

16:54:19.0125 3560        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) E:\WINDOWS\System32\shsvcs.dll

16:54:19.0156 3560        ShellHWDetection - ok

16:54:19.0171 3560        Simbad - ok

16:54:19.0218 3560        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) E:\WINDOWS\system32\DRIVERS\SLIP.sys

16:54:19.0312 3560        SLIP - ok

16:54:19.0390 3560        Sparrow - ok

16:54:19.0484 3560        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys

16:54:19.0593 3560        splitter - ok

16:54:19.0671 3560        Spooler         (60784f891563fb1b767f70117fc2428f) E:\WINDOWS\system32\spoolsv.exe

16:54:19.0718 3560        Spooler - ok

16:54:19.0781 3560        sr              (50fa898f8c032796d3b1b9951bb5a90f) E:\WINDOWS\system32\DRIVERS\sr.sys

16:54:19.0859 3560        sr - ok

16:54:19.0906 3560        srservice       (fe77a85495065f3ad59c5c65b6c54182) E:\WINDOWS\System32\srsvc.dll

16:54:20.0000 3560        srservice - ok

16:54:20.0062 3560        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) E:\WINDOWS\system32\DRIVERS\srv.sys

16:54:20.0109 3560        Srv - ok

16:54:20.0218 3560        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) E:\WINDOWS\System32\ssdpsrv.dll

16:54:20.0312 3560        SSDPSRV - ok

16:54:20.0406 3560        ssmdrv          (a36ee93698802cd899f98bfd553d8185) E:\WINDOWS\system32\DRIVERS\ssmdrv.sys

16:54:20.0406 3560        ssmdrv - ok

16:54:20.0484 3560        stisvc          (bc2c5985611c5356b24aeb370953ded9) E:\WINDOWS\system32\wiaservc.dll

16:54:20.0578 3560        stisvc - ok

16:54:20.0625 3560        streamip        (77813007ba6265c4b6098187e6ed79d2) E:\WINDOWS\system32\DRIVERS\StreamIP.sys

16:54:20.0718 3560        streamip - ok

16:54:20.0781 3560        swenum          (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys

16:54:20.0875 3560        swenum - ok

16:54:20.0921 3560        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys

16:54:21.0000 3560        swmidi - ok

16:54:21.0015 3560        SwPrv - ok

16:54:21.0015 3560        symc810 - ok

16:54:21.0031 3560        symc8xx - ok

16:54:21.0046 3560        sym_hi - ok

16:54:21.0046 3560        sym_u3 - ok

16:54:21.0078 3560        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys

16:54:21.0156 3560        sysaudio - ok

16:54:21.0218 3560        SysmonLog       (2903fffa2523926d6219428040dce6b9) E:\WINDOWS\system32\smlogsvc.exe

16:54:21.0312 3560        SysmonLog - ok

16:54:21.0437 3560        TapiSrv         (05903cac4b98908d55ea5774775b382e) E:\WINDOWS\System32\tapisrv.dll

16:54:21.0531 3560        TapiSrv - ok

16:54:21.0640 3560        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys

16:54:21.0671 3560        Tcpip - ok

16:54:21.0703 3560        TDPIPE          (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys

16:54:21.0812 3560        TDPIPE - ok

16:54:21.0828 3560        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys

16:54:21.0921 3560        TDTCP - ok

16:54:21.0937 3560        TermDD          (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys

16:54:22.0046 3560        TermDD - ok

16:54:22.0078 3560        TermService     (b7de02c863d8f5a005a7bf375375a6a4) E:\WINDOWS\System32\termsrv.dll

16:54:22.0187 3560        TermService - ok

16:54:22.0250 3560        Themes          (2db7d303c36ddd055215052f118e8e75) E:\WINDOWS\System32\shsvcs.dll

16:54:22.0250 3560        Themes - ok

16:54:22.0328 3560        tifm21          (244cfbffdefb77f3df571a8cd108fc06) E:\WINDOWS\system32\drivers\tifm21.sys

16:54:22.0359 3560        tifm21 - ok

16:54:22.0437 3560        TosIde - ok

16:54:22.0500 3560        tosrfec         (cc42fdbe9760ca1639e23158ab995f98) E:\WINDOWS\system32\DRIVERS\tosrfec.sys

16:54:22.0500 3560        tosrfec ( UnsignedFile.Multi.Generic ) - warning

16:54:22.0500 3560        tosrfec - detected UnsignedFile.Multi.Generic (1)

16:54:22.0593 3560        TrkWks          (626504572b175867f30f3215c04b3e2f) E:\WINDOWS\system32\trkwks.dll

16:54:22.0687 3560        TrkWks - ok

16:54:22.0781 3560        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys

16:54:22.0906 3560        Udfs - ok

16:54:22.0937 3560        UIUSys          (0f90d3118d081a5c7780b2879e87a604) E:\WINDOWS\system32\DRIVERS\UIUSYS.SYS

16:54:22.0953 3560        UIUSys ( UnsignedFile.Multi.Generic ) - warning

16:54:22.0953 3560        UIUSys - detected UnsignedFile.Multi.Generic (1)

16:54:22.0968 3560        ultra - ok

16:54:23.0015 3560        UMWdf           (ab0a7ca90d9e3d6a193905dc1715ded0) E:\WINDOWS\system32\wdfmgr.exe

16:54:23.0062 3560        UMWdf - ok

16:54:23.0109 3560        Update          (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys

16:54:23.0218 3560        Update - ok

16:54:23.0343 3560        upnphost        (1dfd8975d8c89214b98d9387c1125b49) E:\WINDOWS\System32\upnphost.dll

16:54:23.0453 3560        upnphost - ok

16:54:23.0546 3560        UPS             (9b11e6118958e63e1fef129466e2bda7) E:\WINDOWS\System32\ups.exe

16:54:23.0640 3560        UPS - ok

16:54:23.0734 3560        USBAAPL         (83cafcb53201bbac04d822f32438e244) E:\WINDOWS\system32\Drivers\usbaapl.sys

16:54:23.0796 3560        USBAAPL - ok

16:54:23.0921 3560        usbaudio        (e919708db44ed8543a7c017953148330) E:\WINDOWS\system32\drivers\usbaudio.sys

16:54:24.0015 3560        usbaudio - ok

16:54:24.0125 3560        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:54:24.0218 3560        usbccgp - ok

16:54:24.0281 3560        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys

16:54:24.0375 3560        usbehci - ok

16:54:24.0500 3560        usbhub          (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys

16:54:24.0593 3560        usbhub - ok

16:54:24.0625 3560        usbprint        (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys

16:54:24.0718 3560        usbprint - ok

16:54:24.0765 3560        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys

16:54:24.0875 3560        usbscan - ok

16:54:24.0968 3560        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:54:25.0062 3560        USBSTOR - ok

16:54:25.0125 3560        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) E:\WINDOWS\system32\DRIVERS\usbuhci.sys

16:54:25.0218 3560        usbuhci - ok

16:54:25.0234 3560        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys

16:54:25.0312 3560        VgaSave - ok

16:54:25.0328 3560        ViaIde - ok

16:54:25.0375 3560        VolSnap         (a5a712f4e880874a477af790b5186e1d) E:\WINDOWS\system32\drivers\VolSnap.sys

16:54:25.0468 3560        VolSnap - ok

16:54:25.0625 3560        VSS             (68f106273be29e7b7ef8266977268e78) E:\WINDOWS\System32\vssvc.exe

16:54:25.0718 3560        VSS - ok

16:54:25.0781 3560        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) E:\WINDOWS\System32\w32time.dll

16:54:25.0859 3560        W32Time - ok

16:54:25.0875 3560        Wanarp          (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys

16:54:25.0968 3560        Wanarp - ok

16:54:25.0984 3560        WDICA - ok

16:54:26.0046 3560        wdmaud          (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys

16:54:26.0140 3560        wdmaud - ok

16:54:26.0171 3560        WebClient       (81727c9873e3905a2ffc1ebd07265002) E:\WINDOWS\System32\webclnt.dll

16:54:26.0250 3560        WebClient - ok

16:54:26.0359 3560        winachsf        (307d248f97835b6879bdd361086924fe) E:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

16:54:26.0437 3560        winachsf - ok

16:54:26.0562 3560        winmgmt         (6f3f3973d97714cc5f906a19fe883729) E:\WINDOWS\system32\wbem\WMIsvc.dll

16:54:26.0656 3560        winmgmt - ok

16:54:26.0781 3560        WmdmPmSN        (140ef97b64f560fd78643cae2cdad838) E:\WINDOWS\system32\MsPMSNSv.dll

16:54:26.0859 3560        WmdmPmSN - ok

16:54:26.0906 3560        WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) E:\WINDOWS\system32\DRIVERS\wmiacpi.sys

16:54:26.0984 3560        WmiAcpi - ok

16:54:27.0046 3560        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) E:\WINDOWS\System32\wbem\wmiapsrv.exe

16:54:27.0140 3560        WmiApSrv - ok

16:54:27.0203 3560        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) E:\WINDOWS\system32\wscsvc.dll

16:54:27.0296 3560        wscsvc - ok

16:54:27.0328 3560        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

16:54:27.0437 3560        WSTCODEC - ok

16:54:27.0484 3560        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) E:\WINDOWS\system32\wuauserv.dll

16:54:27.0640 3560        wuauserv - ok

16:54:27.0781 3560        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) E:\WINDOWS\System32\wzcsvc.dll

16:54:27.0890 3560        WZCSVC - ok

16:54:27.0953 3560        xmlprov         (0ada34871a2e1cd2caafed1237a47750) E:\WINDOWS\System32\xmlprov.dll

16:54:28.0093 3560        xmlprov - ok

16:54:28.0125 3560        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

16:54:28.0453 3560        \Device\Harddisk0\DR0 - ok

16:54:28.0453 3560        Boot (0x1200)   (b1d4a029eeaf372def580d6fe4053304) \Device\Harddisk0\DR0\Partition0

16:54:28.0453 3560        \Device\Harddisk0\DR0\Partition0 - ok

16:54:28.0484 3560        Boot (0x1200)   (fa7f1fbb267de3e0ec00bede3d307c68) \Device\Harddisk0\DR0\Partition1

16:54:28.0484 3560        \Device\Harddisk0\DR0\Partition1 - ok

16:54:28.0500 3560        Boot (0x1200)   (8ccead1c397e96bb542788c54ac50910) \Device\Harddisk0\DR0\Partition2

16:54:28.0500 3560        \Device\Harddisk0\DR0\Partition2 - ok

16:54:28.0500 3560        ============================================================

16:54:28.0500 3560        Scan finished

16:54:28.0500 3560        ============================================================

16:54:28.0640 1876        Detected object count: 8

16:54:28.0640 1876        Actual detected object count: 8

16:58:30.0890 1876        cmudau ( UnsignedFile.Multi.Generic ) - skipped by user

16:58:30.0890 1876        cmudau ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:58:30.0890 1876        hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

16:58:30.0890 1876        hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:58:30.0890 1876        hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

16:58:30.0890 1876        hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:58:30.0890 1876        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

16:58:30.0890 1876        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:58:30.0906 1876        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

16:58:30.0906 1876        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:58:30.0906 1876        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

16:58:30.0906 1876        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:58:30.0906 1876        tosrfec ( UnsignedFile.Multi.Generic ) - skipped by user

16:58:30.0906 1876        tosrfec ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:58:30.0906 1876        UIUSys ( UnsignedFile.Multi.Generic ) - skipped by user

16:58:30.0906 1876        UIUSys ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code:

ComboFix 12-03-27.03 - Housemaus 28.03.2012   0:08.1.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2046.1376 [GMT 2:00]

ausgeführt von:: e:\dokumente und einstellungen\Housemaus\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

D:\install.exe

e:\windows\EventSystem.log

e:\windows\IsUn0407.exe

e:\windows\system32\dllcache\dlimport.exe

e:\windows\system32\dllcache\wmpvis.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-27 bis 2012-03-27  ))))))))))))))))))))))))))))))

.

.

2012-03-27 13:19 . 2012-03-27 13:19        --------        d-----w-        E:\_OTL

2012-03-26 23:40 . 2012-03-26 23:40        --------        d-----w-        e:\dokumente und einstellungen\Housemaus\Anwendungsdaten\Avira

2012-03-26 23:37 . 2012-01-31 06:56        74640        ----a-w-        e:\windows\system32\drivers\avgntflt.sys

2012-03-26 23:37 . 2012-01-31 06:56        137416        ----a-w-        e:\windows\system32\drivers\avipbb.sys

2012-03-26 23:37 . 2011-09-16 14:08        36000        ----a-w-        e:\windows\system32\drivers\avkmgr.sys

2012-03-26 23:37 . 2012-03-26 23:37        --------        d-----w-        e:\programme\Avira

2012-03-26 23:37 . 2012-03-26 23:37        --------        d-----w-        e:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira

2012-03-25 20:34 . 2012-03-25 20:34        --------        d-----w-        e:\programme\ESET

2012-03-25 18:47 . 2012-03-25 18:47        --------        d-----w-        e:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2012-03-25 18:47 . 2011-12-10 13:24        20464        ----a-w-        e:\windows\system32\drivers\mbam.sys

2012-03-25 18:47 . 2012-03-25 18:47        --------        d-----w-        e:\programme\Malwarebytes' Anti-Malware

2012-03-25 16:43 . 2012-03-25 18:45        --------        d-----w-        e:\dokumente und einstellungen\Administrator

2012-03-17 17:54 . 2012-03-17 17:54        --------        d-----w-        e:\programme\Gameforge

2012-03-17 16:44 . 2012-03-17 16:44        --------        d-----w-        e:\windows\system32\XPSViewer

2012-03-17 16:44 . 2012-03-17 16:44        --------        d-----w-        e:\programme\MSBuild

2012-03-17 16:44 . 2012-03-17 16:44        --------        d-----w-        e:\programme\Reference Assemblies

2012-03-17 16:44 . 2008-07-06 12:06        89088        ----a-w-        e:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-03-17 16:43 . 2008-07-06 12:06        117760        ------w-        e:\windows\system32\prntvpt.dll

2012-03-17 16:43 . 2008-07-06 12:06        89088        -c----w-        e:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-03-17 16:43 . 2008-07-06 12:06        575488        -c----w-        e:\windows\system32\dllcache\xpsshhdr.dll

2012-03-17 16:43 . 2008-07-06 12:06        575488        ------w-        e:\windows\system32\xpsshhdr.dll

2012-03-17 16:43 . 2008-07-06 10:50        597504        -c----w-        e:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-03-17 16:43 . 2008-07-06 10:50        597504        ------w-        e:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-03-17 16:43 . 2008-07-06 12:06        1676288        -c----w-        e:\windows\system32\dllcache\xpssvcs.dll

2012-03-17 16:43 . 2008-07-06 12:06        1676288        ------w-        e:\windows\system32\xpssvcs.dll

2012-03-16 21:26 . 2007-03-15 15:57        443752        ----a-w-        e:\windows\system32\d3dx10_33.dll

2012-03-16 20:21 . 2012-03-16 20:21        592824        ----a-w-        e:\programme\Mozilla Firefox\gkmedias.dll

2012-03-16 20:21 . 2012-03-16 20:21        44472        ----a-w-        e:\programme\Mozilla Firefox\mozglue.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-03 09:57 . 2003-04-02 12:00        1860224        ----a-w-        e:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-16 18:49        3072        ------w-        e:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2011-02-21 00:43        139784        ----a-w-        e:\windows\system32\drivers\rdpwd.sys

2012-03-16 20:21 . 2012-02-12 23:31        97208        ----a-w-        e:\programme\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 61952]

"HP Software Update"="e:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"nwiz"="nwiz.exe" [2009-01-30 1657376]

"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2009-01-30 13594624]

"Adobe ARM"="e:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"APSDaemon"="e:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"avgnt"="e:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

e:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

HP Digital Imaging Monitor.lnk - e:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

.

[HKLM\~\startupfolder\E:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Bluetooth Monitor.lnk]

path=e:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Monitor.lnk

backup=e:\windows\pss\Bluetooth Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\E:^Dokumente und Einstellungen^Housemaus^Startmenü^Programme^Autostart^Logitech . Produktregistrierung.lnk]

path=e:\dokumente und einstellungen\Housemaus\Startmenü\Programme\Autostart\Logitech . Produktregistrierung.lnk

backup=e:\windows\pss\Logitech . Produktregistrierung.lnkStartup

.

[HKLM\~\startupfolder\E:^Dokumente und Einstellungen^Housemaus^Startmenü^Programme^Autostart^OpenOffice.org 3.3.lnk]

path=e:\dokumente und einstellungen\Housemaus\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk

backup=e:\windows\pss\OpenOffice.org 3.3.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

2011-02-21 03:23        119608        ----a-w-        e:\programme\ICQ7.4\ICQ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-11-12 23:24        421736        ----a-w-        e:\programme\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2009-10-14 11:36        2793304        ----a-w-        e:\programme\Logitech\Logitech WebCam Software\LWS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 06:52        1695232        ------w-        e:\programme\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 20:12        3872080        ----a-w-        e:\programme\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-09-26 07:49        17353352        ----a-r-        e:\programme\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-08-26 23:37        1242448        ----a-w-        e:\programme\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 13:49        249064        ----a-w-        e:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Programme\\ICQ7.4\\ICQ.exe"=

"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"e:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"e:\\Programme\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"e:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"e:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"e:\\Programme\\HP\\HP Software Update\\HPWUCli.exe"=

"e:\\Programme\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"e:\\Programme\\Steam\\Steam.exe"=

"e:\\Programme\\Winamp\\winamp.exe"=

"e:\\Riot Games\\League of Legends\\lol.launcher.exe"=

"e:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"e:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"e:\\Programme\\Logitech\\Vid HD\\Vid.exe"=

"e:\\Programme\\Skype\\Phone\\Skype.exe"=

"e:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"e:\\Programme\\Bonjour\\mDNSResponder.exe"=

"e:\\Programme\\iTunes\\iTunes.exe"=

"e:\\Programme\\Steam\\steamapps\\schalker265\\counter-strike\\hl.exe"=

"e:\\Programme\\Steam\\steamapps\\schalker265\\counter-strike source\\hl2.exe"=

"e:\\Programme\\Veetle\\Player\\VeetleNet.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8396:TCP"= 8396:TCP:League of Legends Launcher

"8396:UDP"= 8396:UDP:League of Legends Launcher

"6885:TCP"= 6885:TCP:League of Legends Launcher

"6885:UDP"= 6885:UDP:League of Legends Launcher

"6933:TCP"= 6933:TCP:League of Legends Launcher

"6933:UDP"= 6933:UDP:League of Legends Launcher

"6931:TCP"= 6931:TCP:League of Legends Launcher

"6931:UDP"= 6931:UDP:League of Legends Launcher

"6975:TCP"= 6975:TCP:League of Legends Launcher

"6975:UDP"= 6975:UDP:League of Legends Launcher

"6977:TCP"= 6977:TCP:League of Legends Launcher

"6977:UDP"= 6977:UDP:League of Legends Launcher

"6986:TCP"= 6986:TCP:League of Legends Launcher

"6986:UDP"= 6986:UDP:League of Legends Launcher

"6984:TCP"= 6984:TCP:League of Legends Launcher

"6984:UDP"= 6984:UDP:League of Legends Launcher

"6890:TCP"= 6890:TCP:League of Legends Launcher

"6890:UDP"= 6890:UDP:League of Legends Launcher

"8397:TCP"= 8397:TCP:League of Legends Launcher

"8397:UDP"= 8397:UDP:League of Legends Launcher

"6958:TCP"= 6958:TCP:League of Legends Launcher

"6958:UDP"= 6958:UDP:League of Legends Launcher

"6956:TCP"= 6956:TCP:League of Legends Launcher

"6956:UDP"= 6956:UDP:League of Legends Launcher

"6951:TCP"= 6951:TCP:League of Legends Launcher

"6951:UDP"= 6951:UDP:League of Legends Launcher

"6942:TCP"= 6942:TCP:League of Legends Launcher

"6942:UDP"= 6942:UDP:League of Legends Launcher

"6887:TCP"= 6887:TCP:League of Legends Launcher

"6887:UDP"= 6887:UDP:League of Legends Launcher

"6915:TCP"= 6915:TCP:League of Legends Launcher

"6915:UDP"= 6915:UDP:League of Legends Launcher

"6944:TCP"= 6944:TCP:League of Legends Launcher

"6944:UDP"= 6944:UDP:League of Legends Launcher

"6955:TCP"= 6955:TCP:League of Legends Launcher

"6955:UDP"= 6955:UDP:League of Legends Launcher

"6920:TCP"= 6920:TCP:League of Legends Launcher

"6920:UDP"= 6920:UDP:League of Legends Launcher

"6948:TCP"= 6948:TCP:League of Legends Launcher

"6948:UDP"= 6948:UDP:League of Legends Launcher

"8398:TCP"= 8398:TCP:League of Legends Launcher

"8398:UDP"= 8398:UDP:League of Legends Launcher

"8393:TCP"= 8393:TCP:League of Legends Lobby

"8393:UDP"= 8393:UDP:League of Legends Lobby

"8390:TCP"= 8390:TCP:League of Legends Game Client

"8390:UDP"= 8390:UDP:League of Legends Game Client

.

R1 avkmgr;avkmgr;e:\windows\system32\drivers\avkmgr.sys [27.03.2012 01:37 36000]

R2 AntiVirSchedulerService;Avira Planer;e:\programme\Avira\AntiVir Desktop\sched.exe [27.03.2012 01:37 86224]

R3 NETwLx32;    Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows XP 32-Bit;e:\windows\system32\drivers\NETwLx32.sys [21.02.2011 03:08 6609920]

S2 gupdate;Google Update-Dienst (gupdate);e:\programme\Google\Update\GoogleUpdate.exe [29.02.2012 17:54 136176]

S3 GPU-Z;GPU-Z;\??\e:\dokume~1\HOUSEM~1\LOKALE~1\Temp\GPU-Z.sys --> e:\dokume~1\HOUSEM~1\LOKALE~1\Temp\GPU-Z.sys [?]

S3 gupdatem;Google Update-Dienst (gupdatem);e:\programme\Google\Update\GoogleUpdate.exe [29.02.2012 17:54 136176]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-23 e:\windows\Tasks\AppleSoftwareUpdate.job

- e:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]

.

2012-03-27 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- e:\programme\Google\Update\GoogleUpdate.exe [2012-02-29 15:53]

.

2012-03-27 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- e:\programme\Google\Update\GoogleUpdate.exe [2012-02-29 15:53]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uInternet Settings,ProxyOverride = *.local

IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - e:\programme\ICQ7.4\ICQ.exe

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - e:\dokumente und einstellungen\Housemaus\Anwendungsdaten\Mozilla\Firefox\Profiles\oetlmwpw.default\

FF - prefs.js: browser.search.selectedEngine - Google

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-CmUsbSound - cmcnfgu.cpl

MSConfigStartUp-QuickTime Task - e:\programme\QuickTime\QTTask.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-03-28 00:14

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-03-28  00:16:29

ComboFix-quarantined-files.txt  2012-03-27 22:16

.

Vor Suchlauf: 8 Verzeichnis(se), 20.067.778.560 Bytes frei

Nach Suchlauf: 10 Verzeichnis(se), 20.020.404.224 Bytes frei

.

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

; This boot.ini was automatically generated by NeoSmart Technologies' BootGrabber.exe

; Use EasyBCD from hxxp://neosmart.net/dl.php?id=1 to manage your bootloader

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Windows XP on E:\" /fastdetect

.

- - End Of File - - 5BD6BFBCDB1B157FB2B13E100D2D9A7F

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-03-28 17:35:37

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2200BT_PL rev.00400051

Running: mx4xxogf.exe; Driver: E:\DOKUME~1\HOUSEM~1\LOKALE~1\Temp\pxtdypoc.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT   F7A5C4A4                                                                                           ZwClose

SSDT   F7A5C45E                                                                                           ZwCreateKey

SSDT   F7A5C4AE                                                                                           ZwCreateSection

SSDT   F7A5C454                                                                                           ZwCreateThread

SSDT   F7A5C463                                                                                           ZwDeleteKey

SSDT   F7A5C46D                                                                                           ZwDeleteValueKey

SSDT   F7A5C49F                                                                                           ZwDuplicateObject

SSDT   F7A5C472                                                                                           ZwLoadKey

SSDT   F7A5C440                                                                                           ZwOpenProcess

SSDT   F7A5C445                                                                                           ZwOpenThread

SSDT   F7A5C4C7                                                                                           ZwQueryValueKey

SSDT   F7A5C47C                                                                                           ZwReplaceKey

SSDT   F7A5C4B8                                                                                           ZwRequestWaitReplyPort

SSDT   F7A5C477                                                                                           ZwRestoreKey

SSDT   F7A5C4B3                                                                                           ZwSetContextThread

SSDT   F7A5C4BD                                                                                           ZwSetSecurityObject

SSDT   F7A5C468                                                                                           ZwSetValueKey

SSDT   F7A5C4C2                                                                                           ZwSystemDebugControl

SSDT   F7A5C44F                                                                                           ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text  E:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                           section is writeable [0xB7814360, 0x33AACD, 0xE8000020]

init   E:\WINDOWS\system32\drivers\tifm21.sys                                                             entry point in "init" section [0xB7162EBF]
 

---- User code sections - GMER 1.0.15 ----
 

.text  E:\Programme\Mozilla Firefox\firefox.exe[3840] ntdll.dll!LdrLoadDll                                7C92632D 5 Bytes  JMP 01219720 E:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text  E:\Programme\Mozilla Firefox\firefox.exe[3840] kernel32.dll!VirtualAlloc                           7C809AF1 5 Bytes  JMP 0144E21B E:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text  E:\Programme\Mozilla Firefox\firefox.exe[3840] kernel32.dll!MapViewOfFile                          7C80B9A5 5 Bytes  JMP 0144E1F4 E:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text  E:\Programme\Mozilla Firefox\firefox.exe[3840] GDI32.dll!CreateDIBSection                          77EF9E19 5 Bytes  JMP 0144E17E E:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT    E:\WINDOWS\Explorer.EXE[244] @ E:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]           [01952F20] E:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

IAT    E:\WINDOWS\Explorer.EXE[244] @ E:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]  [01952C90] E:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

IAT    E:\WINDOWS\Explorer.EXE[244] @ E:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                [01952CF0] E:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

IAT    E:\WINDOWS\Explorer.EXE[244] @ E:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]      [01952CC0] E:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
 

---- Registry - GMER 1.0.15 ----
 

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00037ad38903                        

Reg    HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00037ad38903 (not active ControlSet)    
 

---- EOF - GMER 1.0.15 ----

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 17:43:14 on 28.03.2012
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 11.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"AppleSoftwareUpdate.job" - "Apple Inc." - E:\Programme\Apple Software Update\SoftwareUpdate.exe

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - E:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - E:\Programme\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - E:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"HWSETUP.CPL" - "TOSHIBA Corp." - E:\WINDOWS\system32\HWSETUP.CPL

"infocardcpl.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - E:\WINDOWS\system32\javacpl.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - E:\WINDOWS\system32\nvcpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - E:\WINDOWS\system32\nvtuicpl.cpl

"PhysX.cpl" - "NVIDIA Corporation" - E:\WINDOWS\system32\PhysX.cpl

"ToshSrv.cpl" - ? - E:\WINDOWS\system32\ToshSrv.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Cmcplsu" - "C-Media Corporation" - E:\WINDOWS\System\cmcnfgu.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - E:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - E:\WINDOWS\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - E:\WINDOWS\System32\DRIVERS\avkmgr.sys

"Bluetooth ACPI from TOSHIBA" (tosrfec) - "TOSHIBA Corporation" - E:\WINDOWS\System32\DRIVERS\tosrfec.sys

"C-Media USB Sound Interface" (cmudau) - "C-Media Inc" - E:\WINDOWS\System32\drivers\cmudau.sys

"catchme" (catchme) - ? - E:\DOKUME~1\HOUSEM~1\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - E:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"Conexant Setup API" (UIUSys) - "Conexant Systems, Inc" - E:\WINDOWS\System32\DRIVERS\UIUSYS.SYS

"GPU-Z" (GPU-Z) - ? - E:\DOKUME~1\HOUSEM~1\LOKALE~1\Temp\GPU-Z.sys  (File not found)

"i2omgmt" (i2omgmt) - ? - E:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - E:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"PCIDump" (PCIDump) - ? - E:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - E:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - E:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - E:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - E:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - E:\WINDOWS\System32\Drivers\PxHelp20.sys

"pxtdypoc" (pxtdypoc) - ? - E:\DOKUME~1\HOUSEM~1\LOKALE~1\Temp\pxtdypoc.sys  (Hidden registry entry, rootkit activity | File not found)

"ssmdrv" (ssmdrv) - "Avira GmbH" - E:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"WDICA" (WDICA) - ? - E:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - E:\WINDOWS\system32\Rundll32.exe E:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - E:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - E:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - E:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - E:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - E:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - E:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - E:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - E:\WINDOWS\system32\nvshell.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - E:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - E:\WINDOWS\system32\nvshell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - E:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - E:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - E:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - E:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - E:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - E:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - E:\WINDOWS\system32\dfshim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - E:\Programme\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - E:\WINDOWS\system32\Macromed\Flash\Flash10m.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - E:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

"ICQ7.4" - "ICQ, LLC." - E:\Programme\ICQ7.4\ICQ.exe

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - E:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - E:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - E:\Programme\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - E:\Dokumente und Einstellungen\Housemaus\Startmenü\Programme\Autostart\desktop.ini

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "E:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"APSDaemon" - "Apple Inc." - "E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "E:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"HP Software Update" - "Hewlett-Packard" - E:\Programme\HP\HP Software Update\HPWuSchd2.exe

"nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Anwendungsverwaltung" (AppMgmt) - ? - E:\WINDOWS\System32\appmgmts.dll  (File not found)

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Automatic Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll  (File not found)

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - E:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - E:\Programme\Avira\AntiVir Desktop\sched.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - E:\Programme\Bonjour\mDNSResponder.exe

"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - E:\Programme\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - E:\Programme\Google\Update\GoogleUpdate.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - E:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - E:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - E:\Programme\iPod\bin\iPodService.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\jqs.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - E:\WINDOWS\system32\HPZinw12.dll

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - E:\WINDOWS\system32\HPZipm12.dll

"Process Monitor" (LVPrcSrv) - "Logitech Inc." - E:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - E:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-03-28 17:44:43

-----------------------------

17:44:43.750    OS Version: Windows 5.1.2600 Service Pack 3

17:44:43.750    Number of processors: 2 586 0xF06

17:44:43.750    ComputerName: MAUS  UserName: 

17:44:44.140    Initialize success

17:47:22.750    AVAST engine defs: 12032801

17:49:27.593    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

17:49:27.593    Disk 0 Vendor: FUJITSU_MHV2200BT_PL 00400051 Size: 190782MB BusType: 3

17:49:28.703    Disk 0 MBR read successfully

17:49:28.703    Disk 0 MBR scan

17:49:28.765    Disk 0 Windows XP default MBR code

17:49:28.812    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

17:49:28.812    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       119680 MB offset 206848

17:49:28.859    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        70999 MB offset 245311488

17:49:28.890    Disk 0 scanning sectors +390717440

17:49:29.125    Disk 0 scanning E:\WINDOWS\system32\drivers

17:50:12.546    Service scanning

17:50:31.515    Modules scanning

17:51:12.562    Disk 0 trace - called modules:

17:51:12.609    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 

17:51:12.609    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a434ab8]

17:51:12.609    3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000078[0x8a4383b8]

17:51:12.609    5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a47e940]

17:51:12.953    AVAST engine scan E:\WINDOWS

17:52:00.218    AVAST engine scan E:\WINDOWS\system32

18:00:15.046    AVAST engine scan E:\WINDOWS\system32\drivers

18:01:18.015    AVAST engine scan E:\Dokumente und Einstellungen\Housemaus

18:01:59.125    Disk 0 MBR has been saved successfully to "E:\Dokumente und Einstellungen\Housemaus\Desktop\MBR.dat"

18:01:59.125    The log file has been saved successfully to "E:\Dokumente und Einstellungen\Housemaus\Desktop\aswMBR.txt"