Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Google links führen auf falsche Seiten (https://www.trojaner-board.de/128266-google-links-fuehren-falsche-seiten.html)

elric78 18.12.2012 10:53
Google links führen auf falsche Seiten
 
Hallo,

ich habe hier den Rechner meines Nachbarn, er hat das ähnliche / gleiche Problem, da in diesem Thread:hxxp://http://www.trojaner-board.de/127866-...n-werbung.html beschrieben wird.
Es handelt sich um ein Fujitsu Siemens Lifebook C Series, msinfo32 gibt folgendes aus:
Code:
Betriebssystemname        Microsoft Windows XP Professional
Version        5.1.2600 Service Pack 3 Build 2600
Betriebssystemhersteller        Microsoft Corporation
Systemname        BRUNO-5E8548D68
Systemhersteller        FUJITSU SIEMENS
Systemmodell        LIFEBOOK C1410
Systemtyp        X86-basierter PC
Prozessor        x86 Family 6 Model 15 Stepping 6 GenuineIntel ~1995 Mhz
BIOS-Version/-Datum        FUJITSU // Phoenix Technologies Ltd. Version 1.13, 05.10.2007
SMBIOS-Version        2.4
Windows-Verzeichnis        C:\WINDOWS
Systemverzeichnis        C:\WINDOWS\system32
Startgerät        \Device\HarddiskVolume1
Gebietsschema        Deutschland
Hardwareabstraktionsebene        Version = "5.1.2600.5512 (xpsp.080413-2111)"
Benutzername        BRUNO-5E8548D68\*********
Zeitzone        Westeuropäische Normalzeit
Gesamter realer Speicher        1.024,00 MB
Verfügbarer realer Speicher        571,11 MB
Gesamter virtueller Speicher        2,00 GB
Verfügbarer virtueller Speicher        1,96 GB
Größe der Auslagerungsdatei        2,38 GB
Auslagerungsdatei        C:\pagefile.sys

Ich habe mir OLT herruntergeladen und mit dem Inhalt der Textbox Benutzerdefiniert gescannt.
Textbox:
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
Hier das Ergebnis:
OLT.txt:
Code:
OTL logfile created on: 18.12.2012 09:59:49 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,98 Mb Total Physical Memory | 565,13 Mb Available Physical Memory | 55,73% Memory free
2,38 Gb Paging File | 2,08 Gb Available in Paging File | 87,38% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 25,70 Gb Total Space | 14,12 Gb Free Space | 54,96% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 46,41 Gb Free Space | 95,05% Space Free | Partition Type: NTFS
Drive E: | 3,71 Gb Total Space | 0,54 Gb Free Space | 14,49% Space Free | Partition Type: FAT32
 
Computer Name: BRUNO-5E8548D68 | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.18 08:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
PRC - [2012.09.17 12:41:54 | 000,254,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.06.06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2009.08.31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009.08.31 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009.08.31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009.08.31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009.08.31 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009.08.31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2008.07.22 21:44:06 | 000,357,376 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.14 04:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008.03.14 04:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe
PRC - [2008.03.14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe
PRC - [2007.10.25 14:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\Mctray.exe
PRC - [2006.11.17 14:38:40 | 000,080,688 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2006.07.05 10:57:16 | 000,118,784 | ---- | M] (FUJITSU LIMITED) -- C:\AddOn\Fujitsu\PSUtility\TrayManager.exe
PRC - [2006.04.07 16:36:00 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006.04.07 15:37:00 | 001,773,568 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006.02.06 22:00:00 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006.01.27 17:17:00 | 000,221,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006.01.23 20:47:00 | 000,073,728 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005.12.05 15:50:00 | 002,134,016 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2005.10.12 11:30:42 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005.10.12 11:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005.09.09 23:12:40 | 000,081,920 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2005.07.21 13:21:58 | 000,353,792 | ---- | M] (FUJITSU LIMITED) -- C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2005.07.21 13:20:46 | 000,061,440 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe
PRC - [2003.06.20 08:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.04.27 22:49:26 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.09.29 08:07:00 | 000,148,816 | ---- | M] () -- C:\Programme\McAfee\VirusScan Enterprise\VsEvntUI.DLL
MOD - [2008.03.14 04:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
MOD - [2008.02.25 21:23:10 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2005.08.22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll
MOD - [2005.07.22 20:30:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
MOD - [2004.10.14 09:18:00 | 000,040,960 | ---- | M] () -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll
MOD - [2004.07.20 16:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2009.08.31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009.08.31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2009.08.31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009.08.31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2008.03.14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2005.10.12 11:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon)
SRV - [2003.06.20 08:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- c:\temp\asliahmy.sys -- (asliahmy)
DRV - [2009.08.31 20:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009.08.31 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009.08.31 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009.08.31 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009.08.31 20:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009.08.31 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006.07.06 07:56:00 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006.06.29 12:13:08 | 001,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.04.17 08:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006.04.13 19:00:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006.03.16 09:45:00 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006.03.15 09:52:00 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV - [2006.02.24 00:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.02.10 10:17:00 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.02.08 16:33:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005.10.18 20:08:50 | 000,033,280 | ---- | M] (REDC) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2005.08.01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.21 13:20:46 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd)
DRV - [2005.07.11 17:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.01.06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.10.18 14:08:00 | 000,005,632 | ---- | M] (Fujitsu Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FUJ02E1.sys -- (FUJ02E1)
DRV - [2004.01.17 20:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001.08.01 20:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=13F832B5-832C-488C-A0D3-699DC579DFE6&apn_sauid=F62B5524-BF7B-4869-8139-FB6695FDED67
IE - HKCU\..\SearchScopes\{208E5592-DDCC-4C43-8506-ED885E532611}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - Extension: Google Drive = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] c:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LtMoh] C:\Programme\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PSUtility] C:\AddOn\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217401535390 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC11B496-896B-4D31-BDCE-9A8BBF1BE108}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\FJWSEL: DllName - (FJWSWNP.dll) - C:\WINDOWS\System32\FJWSWNP.dll (FUJITSU LIMITED)
O20 - Winlogon\Notify\PSUTY: DllName - (PSUWNP.dll) - C:\WINDOWS\System32\PSUWNP.dll (FUJITSU LIMITED)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.29 07:32:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{260d52fb-9fd9-11df-a73f-001b779a7a7d}\Shell - "" = AutoRun
O33 - MountPoints2\{260d52fb-9fd9-11df-a73f-001b779a7a7d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{260d52fb-9fd9-11df-a73f-001b779a7a7d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.18 08:34:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2012.12.17 21:47:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\****\Recent
[2012.12.17 21:21:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2012.12.17 20:16:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes
[2012.12.17 20:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.12.17 20:16:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.12.17 20:16:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.12.17 20:16:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.12.17 20:15:12 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\****\Desktop\gert.exe
[2012.12.12 18:46:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
[2012.12.12 17:27:47 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\****\IECompatCache
[2012.12.12 17:25:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\****\PrivacIE
[2012.12.12 17:22:22 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\****\IETldCache
[2012.12.12 17:18:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012.12.12 17:16:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012.12.12 10:11:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Ahead
[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.18 09:58:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.12.18 09:50:10 | 000,001,112 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.18 09:23:33 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8BABF1A8-644A-4852-9460-90FC27F03E2A}.job
[2012.12.18 09:06:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.12.18 09:05:02 | 000,278,161 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\gmer1015.zip
[2012.12.18 08:34:30 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2012.12.18 08:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2012.12.18 08:31:25 | 000,001,108 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.18 08:28:22 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe
[2012.12.18 08:28:02 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\ebtxeqrmt.job
[2012.12.18 08:28:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.12.18 08:27:59 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.17 21:21:30 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.12.17 20:16:20 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.17 19:48:32 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\****\Desktop\gert.exe
[2012.12.12 18:46:56 | 000,001,775 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Google Chrome.lnk
[2012.12.12 10:09:07 | 000,002,531 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Microsoft PowerPoint.lnk
[2012.12.12 09:53:09 | 000,134,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.12.11 13:17:27 | 000,114,688 | RHS- | M] () -- C:\WINDOWS\System32\ieapfltre.dll
[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.18 09:05:46 | 000,278,161 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\gmer1015.zip
[2012.12.18 08:34:30 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2012.12.18 08:34:09 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe
[2012.12.17 21:21:30 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.12.17 20:16:20 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.12 18:46:56 | 000,001,775 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Google Chrome.lnk
[2012.12.12 18:45:46 | 000,001,112 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.12 18:45:45 | 000,001,108 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.12 17:27:46 | 000,000,442 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8BABF1A8-644A-4852-9460-90FC27F03E2A}.job
[2012.12.11 13:17:27 | 000,114,688 | RHS- | C] () -- C:\WINDOWS\System32\ieapfltre.dll
[2012.12.11 13:17:27 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\ebtxeqrmt.job
[2012.02.16 11:43:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.10.12 08:47:57 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.03.01 12:24:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\capictrl.INI
[2008.07.29 07:42:54 | 000,000,150 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2008.07.29 07:42:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.29 17:08:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2011.03.04 17:56:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\FileZilla
[2008.07.30 08:32:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\InterVideo
[2011.01.18 14:06:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\TeamViewer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2008.07.29 07:56:18 | 000,000,000 | ---D | M] -- C:\AddOn
[2012.11.16 10:43:45 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2008.07.29 07:45:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2008.07.29 07:53:19 | 000,000,000 | ---D | M] -- C:\fsc.tmp
[2008.07.29 07:55:57 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.12.17 20:16:09 | 000,000,000 | ---D | M] -- C:\Programme
[2008.07.30 08:32:02 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012.12.12 09:45:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.12.18 09:23:33 | 000,000,000 | ---D | M] -- C:\temp
[2012.12.18 08:28:29 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2005.10.12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2005.10.12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\iaStor.sys
[2005.10.12 11:08:52 | 000,508,416 | ---- | M] (Intel Corporation) MD5=7C2D98D430DD91570DB63E819B9BC7E0 -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2005.08.18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvatabus.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2005.04.08 10:43:26 | 000,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.07.29 09:16:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.07.29 09:16:23 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.07.29 09:16:23 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.12.11 13:17:27 | 000,114,688 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ieapfltre.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.12.18 08:34:30 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2012.12.17 21:52:23 | 003,407,872 | -H-- | M] () -- C:\Dokumente und Einstellungen\****\NTUSER.DAT
[2012.12.18 10:03:04 | 000,024,576 | -H-- | M] () -- C:\Dokumente und Einstellungen\****\ntuser.dat.LOG
[2012.12.17 21:52:23 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\****\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.11.13 12:55:38 | 001,866,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >
Zusätzlich habe ich gestern Abend mit Malewarebytes einen Scan gemacht, der leider ergebnislos war. Hier ebenfalls das zugehörige Log-File:
Code:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.17.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
******** :: BRUNO-5E8548D68 [Administrator]

17.12.2012 20:17:17
mbam-log-2012-12-17 (20-17-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 285973
Laufzeit: 1 Stunde(n), 3 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Nun brauche ich wohl Hilfe, da in dem oben beschriebenen Thread ein OTL Script benutzt wird, das nur für den Threadersteller ist.

Sollte ich Informationen vergessen haben, bitte einfach melden. Ich werde versuchen diese dann schleunigst nachzureichen.

Ich möchte mich im vorraus schonmal für sämtliche Hilfe bedanken.

MfG Stephan

Chris4You 18.12.2012 11:31
Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
C:\WINDOWS\System32\ieapfltre.dll
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Superantispyware (SASW):
http://www.trojaner-board.de/51871-a...tispyware.html

TDSS-Killer
Download und Anweisung unter: http://www.trojaner-board.de/82358-t...tml#post640150
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:
http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg
Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten...

chris

elric78 18.12.2012 22:03
Hallo, danke für die Antwort. Hier die Scannergebnisse:

ieapfltr.dll
Code:
SHA256:        cea3e89e9a3ec4209a9e1cc011a5192e8f069d7cf9c4b98a745708ce48a7be4e
SHA1:        26e6b3f7bc04c5892f4789baf4a12742b6c593c8
MD5:        66f1c930f4572816bb15c3a863590305
File size:        435.5 KB ( 445952 bytes )
File name:        742428C400ACEFF6CE3206365B8A57004081F6E3.dll
File type:        Win32 DLL
Tags:        pedll signed
Detection ratio:        0 / 42
Analysis date:        2012-09-26 00:05:11 UTC ( 2 Monate, 3 Wochen ago )
die versteckte Datei ieapflte.dll lässt sich nicht scannen.

SuperAntiSpyware hat folgendes Ergebnis:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/18/2012 at 09:50 PM

Application Version : 5.6.1014

Core Rules Database Version : 9759
Trace Rules Database Version: 7571

Scan type      : Complete Scan
Total Scan Time : 00:51:04

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 521
Memory threats detected  : 0
Registry items scanned    : 37526
Registry threats detected : 0
File items scanned        : 46058
File threats detected    : 15

Adware.Tracking Cookie
        C:\Dokumente und Einstellungen\******\Cookies\4ERULT1Z.txt [ /xml.trafficno.com ]
        C:\Dokumente und Einstellungen\******\Cookies\YND5UU1L.txt [ /ad.yieldmanager.com ]
        C:\Dokumente und Einstellungen\******\Cookies\JL4HFHFZ.txt [ /media6degrees.com ]
        C:\Dokumente und Einstellungen\******\Cookies\DLHM05J2.txt [ /invitemedia.com ]
        C:\Dokumente und Einstellungen\******\Cookies\V3RA7C7H.txt [ /ad.zanox.com ]
        C:\Dokumente und Einstellungen\******\Cookies\SZEDLLKY.txt [ /ad.360yield.com ]
        C:\Dokumente und Einstellungen\******\Cookies\P4PQJH3W.txt [ /adbrite.com ]
        C:\Dokumente und Einstellungen\******\Cookies\70Z1DGUW.txt [ /casalemedia.com ]
        C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\Cookies\administrator@atdmt[2].txt [ Cookie:administrator@atdmt.com/ ]
        C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\Cookies\administrator@adfarm1.adition[1].txt [ Cookie:administrator@adfarm1.adition.com/ ]
        C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\Cookies\administrator@doubleclick[1].txt [ Cookie:administrator@doubleclick.net/ ]
        C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\COOKIES\ADMINISTRATOR@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
        .doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\******\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\******\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.Agent/Gen-Undef
        C:\WINDOWS\SYSTEM32\IEAPFLTRE.DLL
TDSS-Killer:
Code:
21:59:06.0640 3064  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:59:06.0703 3064  ============================================================
21:59:06.0703 3064  Current date / time: 2012/12/18 21:59:06.0703
21:59:06.0703 3064  SystemInfo:
21:59:06.0703 3064 
21:59:06.0703 3064  OS Version: 5.1.2600 ServicePack: 3.0
21:59:06.0703 3064  Product type: Workstation
21:59:06.0703 3064  ComputerName: BRUNO-5E8548D68
21:59:06.0703 3064  UserName: ******
21:59:06.0703 3064  Windows directory: C:\WINDOWS
21:59:06.0703 3064  System windows directory: C:\WINDOWS
21:59:06.0703 3064  Processor architecture: Intel x86
21:59:06.0703 3064  Number of processors: 2
21:59:06.0703 3064  Page size: 0x1000
21:59:06.0703 3064  Boot type: Normal boot
21:59:06.0703 3064  ============================================================
21:59:07.0125 3064  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:59:07.0125 3064  ============================================================
21:59:07.0125 3064  \Device\Harddisk0\DR0:
21:59:07.0125 3064  MBR partitions:
21:59:07.0125 3064  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3366B1C
21:59:07.0125 3064  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3366B5B, BlocksNum 0x61A7966
21:59:07.0125 3064  ============================================================
21:59:07.0140 3064  C: <-> \Device\Harddisk0\DR0\Partition1
21:59:07.0171 3064  D: <-> \Device\Harddisk0\DR0\Partition2
21:59:07.0171 3064  ============================================================
21:59:07.0171 3064  Initialize success
21:59:07.0171 3064  ============================================================
21:59:11.0828 1036  ============================================================
21:59:11.0828 1036  Scan started
21:59:11.0828 1036  Mode: Manual;
21:59:11.0828 1036  ============================================================
21:59:13.0375 1036  ================ Scan system memory ========================
21:59:13.0375 1036  Scan interrupted by user!
21:59:13.0375 1036  ================ Scan services =============================
21:59:13.0375 1036  Scan interrupted by user!
21:59:13.0375 1036  ================ Scan global ===============================
21:59:13.0375 1036  Scan interrupted by user!
21:59:13.0375 1036  ================ Scan MBR ==================================
21:59:13.0375 1036  Scan interrupted by user!
21:59:13.0375 1036  ================ Scan VBR ==================================
21:59:13.0375 1036  Scan interrupted by user!
21:59:13.0375 1036  ============================================================
21:59:13.0375 1036  Scan finished
21:59:13.0375 1036  ============================================================
21:59:13.0390 1112  Detected object count: 0
21:59:13.0390 1112  Actual detected object count: 0
21:59:35.0265 3720  ============================================================
21:59:35.0265 3720  Scan started
21:59:35.0265 3720  Mode: Manual; SigCheck; TDLFS;
21:59:35.0265 3720  ============================================================
21:59:35.0437 3720  ================ Scan services =============================
21:59:35.0515 3720  Abiosdsk - ok
21:59:35.0515 3720  abp480n5 - ok
21:59:35.0562 3720  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:59:36.0000 3720  ACPI - ok
21:59:36.0015 3720  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:59:36.0203 3720  ACPIEC - ok
21:59:36.0203 3720  adpu160m - ok
21:59:36.0218 3720  [ 8BED39E3C35D6A489438B8141717A557 ] aec            C:\WINDOWS\system32\drivers\aec.sys
21:59:36.0312 3720  aec - ok
21:59:36.0343 3720  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD            C:\WINDOWS\System32\drivers\afd.sys
21:59:36.0375 3720  AFD - ok
21:59:36.0437 3720  [ 90456051C422E09BC36E6340DD891F0C ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:59:36.0546 3720  AgereSoftModem - ok
21:59:36.0546 3720  Aha154x - ok
21:59:36.0546 3720  aic78u2 - ok
21:59:36.0546 3720  aic78xx - ok
21:59:36.0609 3720  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter        C:\WINDOWS\system32\alrsvc.dll
21:59:36.0703 3720  Alerter - ok
21:59:36.0734 3720  [ 190CD73D4984F94D823F9444980513E5 ] ALG            C:\WINDOWS\System32\alg.exe
21:59:36.0843 3720  ALG - ok
21:59:36.0843 3720  AliIde - ok
21:59:36.0843 3720  amsint - ok
21:59:36.0875 3720  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt        C:\WINDOWS\System32\appmgmts.dll
21:59:37.0000 3720  AppMgmt - ok
21:59:37.0031 3720  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394        C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:59:37.0125 3720  Arp1394 - ok
21:59:37.0140 3720  asc - ok
21:59:37.0140 3720  asc3350p - ok
21:59:37.0140 3720  asc3550 - ok
21:59:37.0203 3720  [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
21:59:37.0203 3720  aspnet_state ( UnsignedFile.Multi.Generic ) - warning
21:59:37.0203 3720  aspnet_state - detected UnsignedFile.Multi.Generic (1)
21:59:37.0218 3720  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:59:37.0328 3720  AsyncMac - ok
21:59:37.0343 3720  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi          C:\WINDOWS\system32\DRIVERS\atapi.sys
21:59:37.0421 3720  atapi - ok
21:59:37.0437 3720  Atdisk - ok
21:59:37.0468 3720  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc        C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:59:37.0562 3720  Atmarpc - ok
21:59:37.0609 3720  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
21:59:37.0734 3720  AudioSrv - ok
21:59:37.0765 3720  [ D9F724AA26C010A217C97606B160ED68 ] audstub        C:\WINDOWS\system32\DRIVERS\audstub.sys
21:59:37.0890 3720  audstub - ok
21:59:37.0921 3720  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:59:38.0062 3720  Beep - ok
21:59:38.0093 3720  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
21:59:38.0265 3720  BITS - ok
21:59:38.0296 3720  [ D3FACB34FFF5DB91ADB70987838F8BA7 ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
21:59:38.0328 3720  Brother XP spl Service - ok
21:59:38.0390 3720  [ B71549F23736ADF83A571061C47777FD ] Browser        C:\WINDOWS\System32\browser.dll
21:59:38.0500 3720  Browser - ok
21:59:38.0546 3720  [ C84E0365E1B1D1F96EBDF3B403DE5FEB ] BtnHnd          C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys
21:59:38.0562 3720  BtnHnd ( UnsignedFile.Multi.Generic ) - warning
21:59:38.0562 3720  BtnHnd - detected UnsignedFile.Multi.Generic (1)
21:59:38.0578 3720  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k        C:\WINDOWS\system32\drivers\cbidf2k.sys
21:59:38.0718 3720  cbidf2k - ok
21:59:38.0718 3720  cd20xrnt - ok
21:59:38.0734 3720  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio        C:\WINDOWS\system32\drivers\Cdaudio.sys
21:59:38.0859 3720  Cdaudio - ok
21:59:38.0906 3720  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
21:59:38.0984 3720  Cdfs - ok
21:59:39.0000 3720  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom          C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:59:39.0078 3720  Cdrom - ok
21:59:39.0078 3720  Changer - ok
21:59:39.0109 3720  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc          C:\WINDOWS\system32\cisvc.exe
21:59:39.0218 3720  CiSvc - ok
21:59:39.0234 3720  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv        C:\WINDOWS\system32\clipsrv.exe
21:59:39.0343 3720  ClipSrv - ok
21:59:39.0359 3720  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:59:39.0453 3720  CmBatt - ok
21:59:39.0453 3720  CmdIde - ok
21:59:39.0484 3720  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:59:39.0593 3720  Compbatt - ok
21:59:39.0593 3720  COMSysApp - ok
21:59:39.0593 3720  Cpqarray - ok
21:59:39.0640 3720  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
21:59:39.0734 3720  CryptSvc - ok
21:59:39.0734 3720  dac2w2k - ok
21:59:39.0734 3720  dac960nt - ok
21:59:39.0781 3720  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:59:39.0828 3720  DcomLaunch - ok
21:59:39.0875 3720  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
21:59:39.0968 3720  Dhcp - ok
21:59:39.0984 3720  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
21:59:40.0078 3720  Disk - ok
21:59:40.0078 3720  dmadmin - ok
21:59:40.0125 3720  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
21:59:40.0234 3720  dmboot - ok
21:59:40.0250 3720  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
21:59:40.0343 3720  dmio - ok
21:59:40.0375 3720  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
21:59:40.0453 3720  dmload - ok
21:59:40.0484 3720  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
21:59:40.0578 3720  dmserver - ok
21:59:40.0609 3720  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
21:59:40.0703 3720  DMusic - ok
21:59:40.0718 3720  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:59:40.0765 3720  Dnscache - ok
21:59:40.0796 3720  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc        C:\WINDOWS\System32\dot3svc.dll
21:59:40.0890 3720  Dot3svc - ok
21:59:40.0906 3720  dpti2o - ok
21:59:40.0921 3720  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud        C:\WINDOWS\system32\drivers\drmkaud.sys
21:59:41.0015 3720  drmkaud - ok
21:59:41.0031 3720  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost        C:\WINDOWS\System32\eapsvc.dll
21:59:41.0125 3720  EapHost - ok
21:59:41.0156 3720  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc          C:\WINDOWS\System32\ersvc.dll
21:59:41.0234 3720  ERSvc - ok
21:59:41.0265 3720  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
21:59:41.0296 3720  Eventlog - ok
21:59:41.0343 3720  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem    C:\WINDOWS\system32\es.dll
21:59:41.0375 3720  EventSystem - ok
21:59:41.0406 3720  [ 38D332A6D56AF32635675F132548343E ] Fastfat        C:\WINDOWS\system32\drivers\Fastfat.sys
21:59:41.0500 3720  Fastfat - ok
21:59:41.0531 3720  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:59:41.0578 3720  FastUserSwitchingCompatibility - ok
21:59:41.0593 3720  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc            C:\WINDOWS\system32\drivers\Fdc.sys
21:59:41.0671 3720  Fdc - ok
21:59:41.0703 3720  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
21:59:41.0812 3720  Fips - ok
21:59:41.0812 3720  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
21:59:41.0906 3720  Flpydisk - ok
21:59:41.0953 3720  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
21:59:42.0046 3720  FltMgr - ok
21:59:42.0062 3720  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:59:42.0156 3720  Fs_Rec - ok
21:59:42.0171 3720  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:59:42.0281 3720  Ftdisk - ok
21:59:42.0296 3720  [ 00845DCD64FE6348DDF7890C310C17B9 ] FUJ02B1        C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys
21:59:42.0328 3720  FUJ02B1 - ok
21:59:42.0343 3720  [ C4942669FDE5ABD7BBE70027C9DE1247 ] FUJ02E1        C:\WINDOWS\system32\Drivers\FUJ02E1.sys
21:59:42.0375 3720  FUJ02E1 - ok
21:59:42.0406 3720  [ EF9F310F86FD504AFCDCEDF8280091FB ] FUJ02E3        C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys
21:59:42.0421 3720  FUJ02E3 - ok
21:59:42.0468 3720  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc            C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:59:42.0546 3720  Gpc - ok
21:59:42.0609 3720  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate        C:\Programme\Google\Update\GoogleUpdate.exe
21:59:42.0625 3720  gupdate - ok
21:59:42.0640 3720  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
21:59:42.0640 3720  gupdatem - ok
21:59:42.0671 3720  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:59:42.0765 3720  HDAudBus - ok
21:59:42.0828 3720  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc        C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:59:42.0906 3720  helpsvc - ok
21:59:42.0921 3720  HidServ - ok
21:59:42.0953 3720  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
21:59:43.0031 3720  hkmsvc - ok
21:59:43.0031 3720  hpn - ok
21:59:43.0062 3720  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
21:59:43.0109 3720  HTTP - ok
21:59:43.0125 3720  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
21:59:43.0218 3720  HTTPFilter - ok
21:59:43.0218 3720  hwdatacard - ok
21:59:43.0218 3720  i2omgmt - ok
21:59:43.0218 3720  i2omp - ok
21:59:43.0265 3720  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:59:43.0359 3720  i8042prt - ok
21:59:43.0421 3720  [ 0B66A9A2137213075F753579E7D573A5 ] IAANTMon        C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe
21:59:43.0437 3720  IAANTMon ( UnsignedFile.Multi.Generic ) - warning
21:59:43.0437 3720  IAANTMon - detected UnsignedFile.Multi.Generic (1)
21:59:43.0500 3720  [ 6FCB904910DA07C9DC2593D66438FA29 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:59:43.0609 3720  ialm - ok
21:59:43.0640 3720  [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:59:43.0718 3720  iaStor - ok
21:59:43.0765 3720  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi          C:\WINDOWS\system32\DRIVERS\imapi.sys
21:59:43.0859 3720  Imapi - ok
21:59:43.0875 3720  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
21:59:43.0968 3720  ImapiService - ok
21:59:43.0968 3720  ini910u - ok
21:59:44.0125 3720  [ 71AE838A88B07268D732F596FC17CED5 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:59:44.0406 3720  IntcAzAudAddService - ok
21:59:44.0421 3720  IntelIde - ok
21:59:44.0484 3720  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:59:44.0578 3720  intelppm - ok
21:59:44.0609 3720  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw          C:\WINDOWS\system32\drivers\ip6fw.sys
21:59:44.0687 3720  Ip6Fw - ok
21:59:44.0718 3720  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:59:44.0812 3720  IpFilterDriver - ok
21:59:44.0843 3720  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:59:44.0937 3720  IpInIp - ok
21:59:44.0953 3720  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat          C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:59:45.0062 3720  IpNat - ok
21:59:45.0093 3720  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec          C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:59:45.0187 3720  IPSec - ok
21:59:45.0203 3720  [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda            C:\WINDOWS\system32\DRIVERS\irda.sys
21:59:45.0296 3720  irda - ok
21:59:45.0312 3720  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
21:59:45.0406 3720  IRENUM - ok
21:59:45.0437 3720  [ 2EFE1DB1EC58A26B0C14BFDA122E246F ] Irmon          C:\WINDOWS\System32\irmon.dll
21:59:45.0546 3720  Irmon - ok
21:59:45.0546 3720  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:59:45.0640 3720  isapnp - ok
21:59:45.0781 3720  [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
21:59:45.0796 3720  JavaQuickStarterService - ok
21:59:45.0812 3720  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:59:45.0906 3720  Kbdclass - ok
21:59:45.0937 3720  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
21:59:46.0015 3720  kmixer - ok
21:59:46.0062 3720  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
21:59:46.0078 3720  KSecDD - ok
21:59:46.0109 3720  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
21:59:46.0140 3720  lanmanserver - ok
21:59:46.0171 3720  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:59:46.0203 3720  lanmanworkstation - ok
21:59:46.0203 3720  lbrtfdc - ok
21:59:46.0250 3720  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts        C:\WINDOWS\System32\lmhsvc.dll
21:59:46.0390 3720  LmHosts - ok
21:59:46.0546 3720  [ 4C24C5DE1BFDDDEADCA326BE4F0AA93A ] McAfeeEngineService C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe
21:59:46.0593 3720  McAfeeEngineService - ok
21:59:46.0781 3720  [ 4CD3EE64736B4D156DAC5C1D6EB60C24 ] McAfeeFramework C:\Programme\McAfee\Common Framework\FrameworkService.exe
21:59:46.0828 3720  McAfeeFramework - ok
21:59:46.0906 3720  [ 3B26EC4190C52DEA7489302DA526B0C7 ] McShield        C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe
21:59:47.0015 3720  McShield - ok
21:59:47.0046 3720  [ EA6278098DA1F905AAEC3DD614357F6E ] McTaskManager  C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
21:59:47.0062 3720  McTaskManager - ok
21:59:47.0125 3720  [ 11F714F85530A2BD134074DC30E99FCA ] MDM            C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
21:59:47.0156 3720  MDM - ok
21:59:47.0187 3720  [ B7550A7107281D170CE85524B1488C98 ] Messenger      C:\WINDOWS\System32\msgsvc.dll
21:59:47.0359 3720  Messenger - ok
21:59:47.0453 3720  [ 4D81C0E4ED846E9A70B881891A5598AB ] mfeapfk        C:\WINDOWS\system32\drivers\mfeapfk.sys
21:59:47.0468 3720  mfeapfk - ok
21:59:47.0484 3720  [ FF75F47EC2A9EA3E780A9D08DABA1276 ] mfeavfk        C:\WINDOWS\system32\drivers\mfeavfk.sys
21:59:47.0500 3720  mfeavfk - ok
21:59:47.0515 3720  [ 5A3B000FDCCF826FFB74E76B0474C856 ] mfebopk        C:\WINDOWS\system32\drivers\mfebopk.sys
21:59:47.0546 3720  mfebopk - ok
21:59:47.0562 3720  [ 8E6B4E55D3A33B92693F7081EC018C39 ] mfehidk        C:\WINDOWS\system32\drivers\mfehidk.sys
21:59:47.0593 3720  mfehidk - ok
21:59:47.0625 3720  [ FA097D72A439C3A387FE38A654DF44C5 ] mferkdet        C:\WINDOWS\system32\drivers\mferkdet.sys
21:59:47.0656 3720  mferkdet - ok
21:59:47.0656 3720  mferkdk - ok
21:59:47.0671 3720  [ A45D0C099A478DE5CBD0D6E8466BECD5 ] mfetdik        C:\WINDOWS\system32\drivers\mfetdik.sys
21:59:47.0687 3720  mfetdik - ok
21:59:47.0734 3720  [ A64018CFFCB51F0D926F63ABEA14E8EE ] mfevtp          C:\WINDOWS\system32\mfevtps.exe
21:59:47.0750 3720  mfevtp - ok
21:59:47.0781 3720  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd          C:\WINDOWS\system32\drivers\mnmdd.sys
21:59:47.0953 3720  mnmdd - ok
21:59:47.0984 3720  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc        C:\WINDOWS\system32\mnmsrvc.exe
21:59:48.0062 3720  mnmsrvc - ok
21:59:48.0109 3720  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem          C:\WINDOWS\system32\drivers\Modem.sys
21:59:48.0203 3720  Modem - ok
21:59:48.0203 3720  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:59:48.0312 3720  Mouclass - ok
21:59:48.0343 3720  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:59:48.0437 3720  mouhid - ok
21:59:48.0468 3720  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
21:59:48.0546 3720  MountMgr - ok
21:59:48.0546 3720  mraid35x - ok
21:59:48.0562 3720  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:59:48.0656 3720  MRxDAV - ok
21:59:48.0687 3720  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:59:48.0734 3720  MRxSmb - ok
21:59:48.0781 3720  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC          C:\WINDOWS\system32\msdtc.exe
21:59:48.0890 3720  MSDTC - ok
21:59:48.0890 3720  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:59:48.0984 3720  Msfs - ok
21:59:48.0984 3720  MSIServer - ok
21:59:49.0015 3720  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV        C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:59:49.0109 3720  MSKSSRV - ok
21:59:49.0125 3720  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:59:49.0203 3720  MSPCLOCK - ok
21:59:49.0218 3720  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM          C:\WINDOWS\system32\drivers\MSPQM.sys
21:59:49.0312 3720  MSPQM - ok
21:59:49.0343 3720  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:59:49.0421 3720  mssmbios - ok
21:59:49.0453 3720  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup            C:\WINDOWS\system32\drivers\Mup.sys
21:59:49.0500 3720  Mup - ok
21:59:49.0531 3720  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
21:59:49.0640 3720  napagent - ok
21:59:49.0671 3720  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
21:59:49.0781 3720  NDIS - ok
21:59:49.0812 3720  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:59:49.0843 3720  NdisTapi - ok
21:59:49.0859 3720  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio        C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:59:49.0953 3720  Ndisuio - ok
21:59:49.0953 3720  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan        C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:59:50.0093 3720  NdisWan - ok
21:59:50.0125 3720  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy        C:\WINDOWS\system32\drivers\NDProxy.sys
21:59:50.0156 3720  NDProxy - ok
21:59:50.0187 3720  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS        C:\WINDOWS\system32\DRIVERS\netbios.sys
21:59:50.0312 3720  NetBIOS - ok
21:59:50.0343 3720  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
21:59:50.0468 3720  NetBT - ok
21:59:50.0500 3720  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
21:59:50.0625 3720  NetDDE - ok
21:59:50.0640 3720  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
21:59:50.0765 3720  NetDDEdsdm - ok
21:59:50.0781 3720  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:59:50.0921 3720  Netlogon - ok
21:59:50.0953 3720  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
21:59:51.0078 3720  Netman - ok
21:59:51.0156 3720  [ E2F396F71A793A04839DBB6AF304A026 ] NETw3x32        C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
21:59:51.0312 3720  NETw3x32 - ok
21:59:51.0343 3720  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394        C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:59:51.0437 3720  NIC1394 - ok
21:59:51.0468 3720  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla            C:\WINDOWS\System32\mswsock.dll
21:59:51.0500 3720  Nla - ok
21:59:51.0531 3720  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:59:51.0609 3720  Npfs - ok
21:59:51.0625 3720  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:59:51.0828 3720  Ntfs - ok
21:59:51.0843 3720  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp        C:\WINDOWS\system32\lsass.exe
21:59:51.0921 3720  NtLmSsp - ok
21:59:51.0968 3720  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc        C:\WINDOWS\system32\ntmssvc.dll
21:59:52.0062 3720  NtmsSvc - ok
21:59:52.0078 3720  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:59:52.0171 3720  Null - ok
21:59:52.0187 3720  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:59:52.0281 3720  NwlnkFlt - ok
21:59:52.0281 3720  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:59:52.0390 3720  NwlnkFwd - ok
21:59:52.0437 3720  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:59:52.0531 3720  ohci1394 - ok
21:59:52.0546 3720  [ F84785660305B9B903FB3BCA8BA29837 ] Parport        C:\WINDOWS\system32\DRIVERS\parport.sys
21:59:52.0625 3720  Parport - ok
21:59:52.0656 3720  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr        C:\WINDOWS\system32\drivers\PartMgr.sys
21:59:52.0734 3720  PartMgr - ok
21:59:52.0765 3720  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:59:52.0859 3720  ParVdm - ok
21:59:52.0890 3720  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI            C:\WINDOWS\system32\DRIVERS\pci.sys
21:59:52.0984 3720  PCI - ok
21:59:53.0000 3720  PCIDump - ok
21:59:53.0015 3720  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
21:59:53.0109 3720  PCIIde - ok
21:59:53.0125 3720  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:59:53.0218 3720  Pcmcia - ok
21:59:53.0218 3720  PDCOMP - ok
21:59:53.0218 3720  PDFRAME - ok
21:59:53.0218 3720  PDRELI - ok
21:59:53.0234 3720  PDRFRAME - ok
21:59:53.0234 3720  perc2 - ok
21:59:53.0234 3720  perc2hib - ok
21:59:53.0265 3720  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
21:59:53.0265 3720  PlugPlay - ok
21:59:53.0281 3720  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent    C:\WINDOWS\system32\lsass.exe
21:59:53.0359 3720  PolicyAgent - ok
21:59:53.0390 3720  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:59:53.0484 3720  PptpMiniport - ok
21:59:53.0500 3720  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:59:53.0578 3720  ProtectedStorage - ok
21:59:53.0609 3720  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:59:53.0703 3720  PSched - ok
21:59:53.0718 3720  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink        C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:59:53.0828 3720  Ptilink - ok
21:59:53.0828 3720  ql1080 - ok
21:59:53.0828 3720  Ql10wnt - ok
21:59:53.0828 3720  ql12160 - ok
21:59:53.0828 3720  ql1240 - ok
21:59:53.0843 3720  ql1280 - ok
21:59:53.0859 3720  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:59:53.0968 3720  RasAcd - ok
21:59:54.0000 3720  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto        C:\WINDOWS\System32\rasauto.dll
21:59:54.0109 3720  RasAuto - ok
21:59:54.0140 3720  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda        C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:59:54.0203 3720  Rasirda - ok
21:59:54.0218 3720  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp        C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:59:54.0328 3720  Rasl2tp - ok
21:59:54.0375 3720  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:59:54.0484 3720  RasMan - ok
21:59:54.0500 3720  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:59:54.0625 3720  RasPppoe - ok
21:59:54.0640 3720  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:59:54.0734 3720  Raspti - ok
21:59:54.0765 3720  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:59:54.0875 3720  Rdbss - ok
21:59:54.0890 3720  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:59:55.0000 3720  RDPCDD - ok
21:59:55.0031 3720  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr          C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:59:55.0125 3720  rdpdr - ok
21:59:55.0156 3720  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD          C:\WINDOWS\system32\drivers\RDPWD.sys
21:59:55.0203 3720  RDPWD - ok
21:59:55.0234 3720  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr      C:\WINDOWS\system32\sessmgr.exe
21:59:55.0343 3720  RDSessMgr - ok
21:59:55.0375 3720  [ ED761D453856F795A7FE056E42C36365 ] redbook        C:\WINDOWS\system32\DRIVERS\redbook.sys
21:59:55.0484 3720  redbook - ok
21:59:55.0515 3720  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:59:55.0609 3720  RemoteAccess - ok
21:59:55.0640 3720  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
21:59:55.0734 3720  RemoteRegistry - ok
21:59:55.0765 3720  [ 881EAC7D2000E19F109298BAECCE2499 ] risdptsk        C:\WINDOWS\system32\DRIVERS\risdptsk.sys
21:59:55.0796 3720  risdptsk - ok
21:59:55.0843 3720  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
21:59:55.0921 3720  RpcLocator - ok
21:59:55.0968 3720  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs          C:\WINDOWS\system32\rpcss.dll
21:59:55.0984 3720  RpcSs - ok
21:59:56.0062 3720  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
21:59:56.0156 3720  RSVP - ok
21:59:56.0171 3720  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs          C:\WINDOWS\system32\lsass.exe
21:59:56.0250 3720  SamSs - ok
21:59:56.0281 3720  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:59:56.0421 3720  SCardSvr - ok
21:59:56.0468 3720  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:59:56.0593 3720  Schedule - ok
21:59:56.0625 3720  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus          C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:59:56.0765 3720  sdbus - ok
21:59:56.0781 3720  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:59:56.0906 3720  Secdrv - ok
21:59:56.0937 3720  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:59:57.0062 3720  seclogon - ok
21:59:57.0093 3720  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
21:59:57.0218 3720  SENS - ok
21:59:57.0234 3720  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum        C:\WINDOWS\system32\DRIVERS\serenum.sys
21:59:57.0343 3720  serenum - ok
21:59:57.0359 3720  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
21:59:57.0437 3720  Serial - ok
21:59:57.0468 3720  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy        C:\WINDOWS\system32\DRIVERS\sfloppy.sys
21:59:57.0562 3720  Sfloppy - ok
21:59:57.0593 3720  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:59:57.0703 3720  SharedAccess - ok
21:59:57.0718 3720  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:59:57.0734 3720  ShellHWDetection - ok
21:59:57.0734 3720  Simbad - ok
21:59:57.0765 3720  [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA        C:\WINDOWS\system32\DRIVERS\smcirda.sys
21:59:57.0812 3720  SMCIRDA - ok
21:59:57.0828 3720  Sparrow - ok
21:59:57.0843 3720  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:59:57.0937 3720  splitter - ok
21:59:57.0968 3720  [ 60784F891563FB1B767F70117FC2428F ] Spooler        C:\WINDOWS\system32\spoolsv.exe
21:59:58.0015 3720  Spooler - ok
21:59:58.0031 3720  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:59:58.0125 3720  sr - ok
21:59:58.0156 3720  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice      C:\WINDOWS\system32\srsvc.dll
21:59:58.0281 3720  srservice - ok
21:59:58.0296 3720  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv            C:\WINDOWS\system32\DRIVERS\srv.sys
21:59:58.0343 3720  Srv - ok
21:59:58.0359 3720  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
21:59:58.0484 3720  SSDPSRV - ok
21:59:58.0515 3720  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:59:58.0640 3720  stisvc - ok
21:59:58.0687 3720  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:59:58.0781 3720  swenum - ok
21:59:58.0812 3720  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:59:58.0921 3720  swmidi - ok
21:59:58.0921 3720  SwPrv - ok
21:59:58.0937 3720  symc810 - ok
21:59:58.0937 3720  symc8xx - ok
21:59:58.0937 3720  sym_hi - ok
21:59:58.0953 3720  sym_u3 - ok
21:59:58.0984 3720  [ F8393BDFB6726A0F97DD23AA54F3087D ] SynTP          C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:59:59.0031 3720  SynTP - ok
21:59:59.0046 3720  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:59:59.0171 3720  sysaudio - ok
21:59:59.0218 3720  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog      C:\WINDOWS\system32\smlogsvc.exe
21:59:59.0359 3720  SysmonLog - ok
21:59:59.0390 3720  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
21:59:59.0531 3720  TapiSrv - ok
21:59:59.0562 3720  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip          C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:59:59.0625 3720  Tcpip - ok
21:59:59.0656 3720  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:59:59.0828 3720  TDPIPE - ok
21:59:59.0843 3720  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP          C:\WINDOWS\system32\drivers\TDTCP.sys
21:59:59.0937 3720  TDTCP - ok
21:59:59.0953 3720  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
22:00:00.0046 3720  TermDD - ok
22:00:00.0078 3720  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService    C:\WINDOWS\System32\termsrv.dll
22:00:00.0187 3720  TermService - ok
22:00:00.0203 3720  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
22:00:00.0218 3720  Themes - ok
22:00:00.0250 3720  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr        C:\WINDOWS\system32\tlntsvr.exe
22:00:00.0343 3720  TlntSvr - ok
22:00:00.0359 3720  [ E362D54FD394999C4178936396664E57 ] toshidpt        C:\WINDOWS\system32\drivers\Toshidpt.sys
22:00:00.0375 3720  toshidpt ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0375 3720  toshidpt - detected UnsignedFile.Multi.Generic (1)
22:00:00.0375 3720  TosIde - ok
22:00:00.0390 3720  [ B2842672056CA33F0A4AAB3E5CBBF181 ] tosporte        C:\WINDOWS\system32\DRIVERS\tosporte.sys
22:00:00.0406 3720  tosporte ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0406 3720  tosporte - detected UnsignedFile.Multi.Generic (1)
22:00:00.0421 3720  [ 926CA0B7FD2FA62D82C33B3117936070 ] Tosrfbd        C:\WINDOWS\system32\Drivers\tosrfbd.sys
22:00:00.0437 3720  Tosrfbd ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0437 3720  Tosrfbd - detected UnsignedFile.Multi.Generic (1)
22:00:00.0453 3720  [ 1AE2BA74B2A4F5A358B13FCD35258C30 ] Tosrfbnp        C:\WINDOWS\system32\Drivers\tosrfbnp.sys
22:00:00.0453 3720  Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0453 3720  Tosrfbnp - detected UnsignedFile.Multi.Generic (1)
22:00:00.0468 3720  [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom        C:\WINDOWS\system32\Drivers\tosrfcom.sys
22:00:00.0468 3720  Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0468 3720  Tosrfcom - detected UnsignedFile.Multi.Generic (1)
22:00:00.0468 3720  [ 5DBF390AAB62DD0D4D43A9278614E001 ] Tosrfhid        C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
22:00:00.0468 3720  Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0468 3720  Tosrfhid - detected UnsignedFile.Multi.Generic (1)
22:00:00.0484 3720  [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds        C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
22:00:00.0500 3720  tosrfnds ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0500 3720  tosrfnds - detected UnsignedFile.Multi.Generic (1)
22:00:00.0531 3720  [ AB6FD13D7EFA2634FA6BDF84C7EF0696 ] TosRfSnd        C:\WINDOWS\system32\drivers\TosRfSnd.sys
22:00:00.0546 3720  TosRfSnd ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0546 3720  TosRfSnd - detected UnsignedFile.Multi.Generic (1)
22:00:00.0562 3720  [ D870FD6CE9060B73289F47E88630EE0E ] Tosrfusb        C:\WINDOWS\system32\Drivers\tosrfusb.sys
22:00:00.0578 3720  Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0578 3720  Tosrfusb - detected UnsignedFile.Multi.Generic (1)
22:00:00.0609 3720  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
22:00:00.0718 3720  TrkWks - ok
22:00:00.0734 3720  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
22:00:00.0828 3720  Udfs - ok
22:00:00.0828 3720  ultra - ok
22:00:00.0875 3720  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
22:00:01.0015 3720  Update - ok
22:00:01.0046 3720  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:00:01.0156 3720  upnphost - ok
22:00:01.0187 3720  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS            C:\WINDOWS\System32\ups.exe
22:00:01.0296 3720  UPS - ok
22:00:01.0328 3720  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp        C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:00:01.0421 3720  usbccgp - ok
22:00:01.0453 3720  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci        C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:00:01.0546 3720  usbehci - ok
22:00:01.0578 3720  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:00:01.0656 3720  usbhub - ok
22:00:01.0687 3720  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR        C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:00:01.0781 3720  USBSTOR - ok
22:00:01.0812 3720  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci        C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:00:01.0906 3720  usbuhci - ok
22:00:01.0937 3720  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave        C:\WINDOWS\System32\drivers\vga.sys
22:00:02.0015 3720  VgaSave - ok
22:00:02.0031 3720  ViaIde - ok
22:00:02.0046 3720  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap        C:\WINDOWS\system32\drivers\VolSnap.sys
22:00:02.0140 3720  VolSnap - ok
22:00:02.0171 3720  [ 68F106273BE29E7B7EF8266977268E78 ] VSS            C:\WINDOWS\System32\vssvc.exe
22:00:02.0296 3720  VSS - ok
22:00:02.0312 3720  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time        C:\WINDOWS\system32\w32time.dll
22:00:02.0406 3720  W32Time - ok
22:00:02.0421 3720  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:00:02.0531 3720  Wanarp - ok
22:00:02.0531 3720  WDICA - ok
22:00:02.0546 3720  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
22:00:02.0640 3720  wdmaud - ok
22:00:02.0671 3720  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient      C:\WINDOWS\System32\webclnt.dll
22:00:02.0765 3720  WebClient - ok
22:00:02.0828 3720  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt        C:\WINDOWS\system32\wbem\WMIsvc.dll
22:00:02.0921 3720  winmgmt - ok
22:00:02.0953 3720  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
22:00:02.0984 3720  WmdmPmSN - ok
22:00:03.0015 3720  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi            C:\WINDOWS\System32\advapi32.dll
22:00:03.0062 3720  Wmi - ok
22:00:03.0093 3720  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:00:03.0265 3720  WmiApSrv - ok
22:00:03.0359 3720  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc  C:\Programme\Windows Media Player\WMPNetwk.exe
22:00:03.0484 3720  WMPNetworkSvc - ok
22:00:03.0515 3720  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
22:00:03.0625 3720  wscsvc - ok
22:00:03.0625 3720  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
22:00:03.0718 3720  wuauserv - ok
22:00:03.0750 3720  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:00:03.0796 3720  WudfPf - ok
22:00:03.0828 3720  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:00:03.0843 3720  WudfRd - ok
22:00:03.0859 3720  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc        C:\WINDOWS\System32\WUDFSvc.dll
22:00:03.0906 3720  WudfSvc - ok
22:00:03.0953 3720  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
22:00:04.0109 3720  WZCSVC - ok
22:00:04.0140 3720  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov        C:\WINDOWS\System32\xmlprov.dll
22:00:04.0218 3720  xmlprov - ok
22:00:04.0250 3720  [ 05D48E56EA2612D39A4E7F0ECC17B917 ] yukonwxp        C:\WINDOWS\system32\DRIVERS\yk51x86.sys
22:00:04.0296 3720  yukonwxp - ok
22:00:04.0312 3720  ================ Scan global ===============================
22:00:04.0343 3720  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
22:00:04.0375 3720  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
22:00:04.0375 3720  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
22:00:04.0390 3720  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
22:00:04.0406 3720  [Global] - ok
22:00:04.0406 3720  ================ Scan MBR ==================================
22:00:04.0406 3720  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
22:00:04.0703 3720  \Device\Harddisk0\DR0 - ok
22:00:04.0703 3720  ================ Scan VBR ==================================
22:00:04.0703 3720  [ CF209E8CB9A7DA0000CF044EFD9A4452 ] \Device\Harddisk0\DR0\Partition1
22:00:04.0703 3720  \Device\Harddisk0\DR0\Partition1 - ok
22:00:04.0734 3720  [ 8A54120711D44F92A7489803D73E69CE ] \Device\Harddisk0\DR0\Partition2
22:00:04.0734 3720  \Device\Harddisk0\DR0\Partition2 - ok
22:00:04.0734 3720  ============================================================
22:00:04.0734 3720  Scan finished
22:00:04.0734 3720  ============================================================
22:00:04.0843 2968  Detected object count: 12
22:00:04.0843 2968  Actual detected object count: 12
22:00:36.0828 2968  aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0828 2968  aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0828 2968  BtnHnd ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0828 2968  BtnHnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0828 2968  IAANTMon ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0828 2968  IAANTMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968  toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968  toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968  tosporte ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968  tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968  Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968  Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968  Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968  Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968  Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968  Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968  Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968  Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968  tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968  tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968  TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968  TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968  Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968  Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
Danke nochmal für die Hilfe Chris

Chris4You 19.12.2012 11:08
Hallo,

das ist schon das richtige Teil was wir erwischt haben (die Filesize stimmt nicht, die originale hat um die 400kb)...
Das Teil verhindert den upload/scannen.
Superantispyware hat es erkannt, ist die Frage ob es erfolgreich eliminiert
werden konnte, daher folgendes OTL-Script abfahren, Log posten und bitte
ein neues LOG erstellen und posten...

OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:
:OTL
[2012.12.11 13:17:27 | 000,114,688 | RHS- | C] () -- C:\WINDOWS\System32\ieapfltre.dll

:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris

elric78 19.12.2012 16:59
Hallo Chris, danke für deine Hilfe.
Hier wie gefordert das Logfile nach dem Fix:
Code:
All processes killed
========== OTL ==========
C:\WINDOWS\system32\ieapfltre.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 31591431 bytes
->Temporary Internet Files folder emptied: 13465418 bytes
->Flash cache emptied: 405 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: ****
->Temp folder emptied: 6902664 bytes
->Temporary Internet Files folder emptied: 20811115 bytes
->Java cache emptied: 46959637 bytes
->Google Chrome cache emptied: 10426233 bytes
->Flash cache emptied: 419 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
 
%systemdrive% .tmp files removed: 242340881 bytes
%systemroot% .tmp files removed: 2503692 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 135157391 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 487,00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 12192012_164554

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Und hier das Log nach dem Neustart:
Code:
OTL logfile created on: 19.12.2012 16:49:43 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\******\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,98 Mb Total Physical Memory | 511,75 Mb Available Physical Memory | 50,47% Memory free
2,38 Gb Paging File | 2,02 Gb Available in Paging File | 84,77% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 25,70 Gb Total Space | 14,29 Gb Free Space | 55,61% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 46,41 Gb Free Space | 95,05% Space Free | Partition Type: NTFS
 
Computer Name: BRUNO-5E8548D68 | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.18 08:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\******\Desktop\OTL.exe
PRC - [2012.09.17 12:41:54 | 000,254,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.06.06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2009.08.31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009.08.31 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009.08.31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009.08.31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009.08.31 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009.08.31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2008.07.22 21:44:06 | 000,357,376 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.14 04:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008.03.14 04:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe
PRC - [2008.03.14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe
PRC - [2007.10.25 14:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\Mctray.exe
PRC - [2006.11.17 14:38:40 | 000,080,688 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2006.07.05 10:57:16 | 000,118,784 | ---- | M] (FUJITSU LIMITED) -- C:\AddOn\Fujitsu\PSUtility\TrayManager.exe
PRC - [2006.04.07 16:36:00 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006.04.07 15:37:00 | 001,773,568 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006.02.06 22:00:00 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006.01.27 17:17:00 | 000,221,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006.01.23 20:47:00 | 000,073,728 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005.12.05 15:50:00 | 002,134,016 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2005.10.12 11:30:42 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005.10.12 11:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005.09.09 23:12:40 | 000,081,920 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2005.07.21 13:21:58 | 000,353,792 | ---- | M] (FUJITSU LIMITED) -- C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2005.07.21 13:20:46 | 000,061,440 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe
PRC - [2003.06.20 08:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.04.27 22:49:26 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2008.03.14 04:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
MOD - [2008.02.25 21:23:10 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2005.08.22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll
MOD - [2005.07.22 20:30:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
MOD - [2004.10.14 09:18:00 | 000,040,960 | ---- | M] () -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll
MOD - [2004.07.20 16:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2009.08.31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009.08.31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2009.08.31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009.08.31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2008.03.14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2005.10.12 11:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon)
SRV - [2003.06.20 08:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2009.08.31 20:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009.08.31 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009.08.31 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009.08.31 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009.08.31 20:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009.08.31 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006.07.06 07:56:00 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006.06.29 12:13:08 | 001,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.04.17 08:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006.04.13 19:00:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006.03.16 09:45:00 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006.03.15 09:52:00 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV - [2006.02.24 00:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.02.10 10:17:00 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.02.08 16:33:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005.10.18 20:08:50 | 000,033,280 | ---- | M] (REDC) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2005.08.01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.21 13:20:46 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd)
DRV - [2005.07.11 17:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.01.06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.10.18 14:08:00 | 000,005,632 | ---- | M] (Fujitsu Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FUJ02E1.sys -- (FUJ02E1)
DRV - [2004.01.17 20:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001.08.01 20:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=13F832B5-832C-488C-A0D3-699DC579DFE6&apn_sauid=F62B5524-BF7B-4869-8139-FB6695FDED67
IE - HKCU\..\SearchScopes\{208E5592-DDCC-4C43-8506-ED885E532611}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - Extension: Google Drive = C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] c:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LtMoh] C:\Programme\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PSUtility] C:\AddOn\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217401535390 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC11B496-896B-4D31-BDCE-9A8BBF1BE108}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\FJWSEL: DllName - (FJWSWNP.dll) - C:\WINDOWS\System32\FJWSWNP.dll (FUJITSU LIMITED)
O20 - Winlogon\Notify\PSUTY: DllName - (PSUWNP.dll) - C:\WINDOWS\System32\PSUWNP.dll (FUJITSU LIMITED)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.29 07:32:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{260d52fb-9fd9-11df-a73f-001b779a7a7d}\Shell - "" = AutoRun
O33 - MountPoints2\{260d52fb-9fd9-11df-a73f-001b779a7a7d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{260d52fb-9fd9-11df-a73f-001b779a7a7d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.19 16:45:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.18 21:58:31 | 000,000,000 | ---D | C] -- C:\tdsskiller
[2012.12.18 20:46:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\******\Eigene Dateien\Downloads
[2012.12.18 08:34:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\******\Desktop\OTL.exe
[2012.12.17 21:47:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\******\Recent
[2012.12.17 21:21:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2012.12.17 20:16:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\******\Anwendungsdaten\Malwarebytes
[2012.12.17 20:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.12.17 20:16:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.12.17 20:16:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.12.17 20:16:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.12.17 20:15:12 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\******\Desktop\gert.exe
[2012.12.12 18:46:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
[2012.12.12 18:45:30 | 000,763,448 | ---- | C] (Google Inc.) -- C:\Dokumente und Einstellungen\******\Eigene Dateien\ChromeSetup.exe
[2012.12.12 17:27:47 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\******\IECompatCache
[2012.12.12 17:25:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\******\PrivacIE
[2012.12.12 17:22:22 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\******\IETldCache
[2012.12.12 17:18:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012.12.12 17:16:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012.12.12 17:15:00 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012.12.12 17:12:25 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012.12.12 17:10:30 | 017,010,016 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\******\Eigene Dateien\IE8-WindowsXP-x86-DEU.exe
[2012.12.12 10:11:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Anwendungsdaten\Ahead
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.19 16:53:03 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.12.19 16:50:04 | 000,001,112 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.19 16:49:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.12.19 16:48:21 | 000,001,108 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.19 16:48:14 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\ebtxeqrmt.job
[2012.12.19 16:48:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.12.19 16:48:10 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.19 16:46:01 | 000,408,480 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.12.19 16:46:01 | 000,397,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.12.19 16:46:01 | 000,068,742 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.12.19 16:46:01 | 000,057,864 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.12.19 16:43:57 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8BABF1A8-644A-4852-9460-90FC27F03E2A}.job
[2012.12.18 09:05:02 | 000,278,161 | ---- | M] () -- C:\Dokumente und Einstellungen\******\Desktop\gmer1015.zip
[2012.12.18 08:34:30 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\******\defogger_reenable
[2012.12.18 08:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\******\Desktop\OTL.exe
[2012.12.18 08:28:22 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\******\Desktop\Defogger.exe
[2012.12.17 21:21:30 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.12.17 20:16:20 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.17 19:48:32 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\******\Desktop\gert.exe
[2012.12.12 18:46:56 | 000,001,775 | ---- | M] () -- C:\Dokumente und Einstellungen\******\Desktop\Google Chrome.lnk
[2012.12.12 18:45:37 | 000,763,448 | ---- | M] (Google Inc.) -- C:\Dokumente und Einstellungen\******\Eigene Dateien\ChromeSetup.exe
[2012.12.12 17:10:35 | 017,010,016 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\******\Eigene Dateien\IE8-WindowsXP-x86-DEU.exe
[2012.12.12 10:09:07 | 000,002,531 | ---- | M] () -- C:\Dokumente und Einstellungen\******\Desktop\Microsoft PowerPoint.lnk
[2012.12.12 09:53:09 | 000,134,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.12.18 09:05:46 | 000,278,161 | ---- | C] () -- C:\Dokumente und Einstellungen\******\Desktop\gmer1015.zip
[2012.12.18 08:34:30 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\******\defogger_reenable
[2012.12.18 08:34:09 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\******\Desktop\Defogger.exe
[2012.12.17 21:21:30 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.12.17 20:16:20 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.12 18:46:56 | 000,001,775 | ---- | C] () -- C:\Dokumente und Einstellungen\******\Desktop\Google Chrome.lnk
[2012.12.12 18:45:46 | 000,001,112 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.12 18:45:45 | 000,001,108 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.12 17:27:46 | 000,000,442 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8BABF1A8-644A-4852-9460-90FC27F03E2A}.job
[2012.12.11 13:17:27 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\ebtxeqrmt.job
[2012.02.16 11:43:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.10.12 08:47:57 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.03.01 12:24:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\capictrl.INI
[2008.07.29 07:42:54 | 000,000,150 | ---- | C] () -- C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2008.07.29 07:42:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Chris4You 20.12.2012 08:18
Hi,

wie verhält sich der Rechner, sind noch Umleitungen da?

chris

elric78 20.12.2012 10:39
Hallo Chris,

der Rechner verhält sich wieder völlig normal. Danke für die Hilfe.

Ist der Fall damit abgeschlossen?

MfG
Stephan

Chris4You 20.12.2012 11:06
Hi,

im Prinzip ja, man könnte noch die Askbar runterschmeissen und wir löschen noch die Backups von OTL (da hängt das kleine Tierchen noch ab... ;o)...

Falls der Rechner einwandfrei läuft, können die Backups der
Bereinigungstools gelöscht werden (soweit vorhanden):
  • OLT und das Verzeichnis C:\_OTL löschen...

Schöne Weihnacht&guten Rutsch noch,
chris


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19