Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus stört Firefox und alle Antivirus Progs.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.09.2010, 01:18   #1
KeinenNick
 
Virus stört Firefox und alle Antivirus Progs. - Standard

Virus stört Firefox und alle Antivirus Progs.



Irgendein "Plagegeist" hat sich auf meinem Lap Top eingenistet. Seit dem fuktionieren nur mehr wenige Websiten mit Firefox, kein E-mail Abruf und sämtliche Software die ich gegen Viren hab stürtzt ab sobald es den Ordner recycle.Bin scant!
Zur Info: Hab WIn Vista laufen.

Vieleicht kennt Ihr ja ein Programm was ich laufen lassen könnt: (AntiVir, Adware,Malwarebytes, stürzen sofort ab)

Ich möchte mich schon im Voraus bei all jenen Bedanken die sich über mein Problem Gedanken machen!

Alt 13.09.2010, 14:06   #2
markusg
/// Malware-holic
 
Virus stört Firefox und alle Antivirus Progs. - Standard

Virus stört Firefox und alle Antivirus Progs.



ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide.
__________________


Alt 13.09.2010, 22:52   #3
KeinenNick
 
Virus stört Firefox und alle Antivirus Progs. - Standard

Virus stört Firefox und alle Antivirus Progs.



OTL.TXT:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.09.2010 22:35:34 - Run 2
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Users\Jimmy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 433,53 Gb Total Space | 361,81 Gb Free Space | 83,46% Space Free | Partition Type: NTFS
Drive D: | 32,22 Gb Total Space | 17,55 Gb Free Space | 54,48% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3,73 Gb Total Space | 0,64 Gb Free Space | 17,11% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JIMMY-PC
Current User Name: Jimmy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jimmy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron Corp.)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - c:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - G:\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Connection Manager\sysctrl.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Jimmy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (STacSV) -- c:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WPN111) -- C:\Windows\System32\DRIVERS\WPN111v.sys File not found
DRV - (Trufos) -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys File not found
DRV - (Profos) -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA)
DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (DNISp50) -- C:\Windows\System32\drivers\DNISP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DNIMp50) -- C:\Windows\System32\drivers\DNIMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4163552127-872894075-1681724628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-4163552127-872894075-1681724628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-4163552127-872894075-1681724628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4163552127-872894075-1681724628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com/ [binary data]
IE - HKU\S-1-5-21-4163552127-872894075-1681724628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-4163552127-872894075-1681724628-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.18
FF - prefs.js..keyword.URL: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={B264E225-5D95-4611-67ED-51BC5777389A}&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.13 00:43:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.13 00:43:25 | 000,000,000 | ---D | M]
 
[2009.09.17 12:38:11 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\mozilla\Extensions
[2010.09.13 21:36:42 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\m0chm78r.default\extensions
[2010.04.04 17:03:33 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\m0chm78r.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009.09.17 17:21:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\m0chm78r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.13 22:27:40 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.25 06:21:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.25 06:21:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.25 06:21:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.25 06:21:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.25 06:21:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.02.07 23:33:42 | 000,002,657 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       activate.adobe.com
O1 - Hosts: 127.0.0.1       practivate.adobe.com
O1 - Hosts: 127.0.0.1       adobeereg.com
O1 - Hosts: 127.0.0.1       hxxp://www.adobeereg.com
O1 - Hosts: 127.0.0.1       activate.adobe.com
O1 - Hosts: 127.0.0.1       activate-sea.adobe.com
O1 - Hosts: 127.0.0.1       activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1       wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1       192.150.18.108
O1 - Hosts: 30 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4163552127-872894075-1681724628-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Z810SysStart] C:\Programme\Connection Manager\sysctrl.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4163552127-872894075-1681724628-1000..\Run: [SpybotSD TeaTimer] G:\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-4163552127-872894075-1681724628-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4163552127-872894075-1681724628-1000..\Run: [Z810SysStart] C:\Programme\Connection Manager\sysctrl.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{4648e6e7-bf44-11df-a0fc-001f162806af}\Shell - "" = AutoRun
O33 - MountPoints2\{4648e6e7-bf44-11df-a0fc-001f162806af}\Shell\AutoRun\command - "" = I:\Startme.exe -- File not found
O33 - MountPoints2\{6f1c4ab6-a369-11de-8f38-001f162806af}\Shell - "" = AutoRun
O33 - MountPoints2\{6f1c4ab6-a369-11de-8f38-001f162806af}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ccefcf2e-e409-11de-846c-001f162806af}\Shell - "" = AutoRun
O33 - MountPoints2\{ccefcf2e-e409-11de-846c-001f162806af}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\{dd53f965-a7c1-11de-8551-001f162806af}\Shell - "" = AutoRun
O33 - MountPoints2\{dd53f965-a7c1-11de-8551-001f162806af}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: MDS_Menu - hkey= - key= - C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe (CyberLink Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: snp2uvc - hkey= - key= - C:\Windows\vsnp2uvc.exe File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: tsnp2uvc - hkey= - key= - C:\Windows\tsnp2uvc.exe ()
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: Z810PNP - hkey= - key= - C:\Programme\Connection Manager\SamsungPnPServiceManager.exe ()
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.13 21:43:19 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.09.13 21:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.09.12 21:35:36 | 001,913,032 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jimmy\Desktop\HousecallLauncher.exe
[2010.09.12 21:12:59 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
[2010.09.12 20:58:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.12 20:58:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.12 20:58:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.12 20:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.12 20:52:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.09.12 17:01:31 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.09.12 17:01:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.09.12 17:00:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{437292BE-95BD-4B12-B699-6D217A03ACAF}
[2010.09.12 16:59:52 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.09.12 16:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.08.22 15:05:48 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2009.07.23 04:36:52 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.07.23 04:36:51 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.13 22:35:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E0E42B1F-2849-4B8D-A516-D66190011D5C}.job
[2010.09.13 22:34:25 | 002,621,440 | -HS- | M] () -- C:\Users\Jimmy\NTUSER.DAT
[2010.09.13 22:16:49 | 000,079,117 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.09.13 22:16:49 | 000,079,117 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.09.13 22:16:46 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.13 22:16:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.13 22:16:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.13 22:16:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.13 22:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.13 22:16:17 | 3184,390,144 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.13 22:15:38 | 000,524,288 | -HS- | M] () -- C:\Users\Jimmy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.13 22:15:38 | 000,065,536 | -HS- | M] () -- C:\Users\Jimmy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.13 22:04:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.13 21:58:52 | 000,000,625 | ---- | M] () -- C:\Users\Jimmy\Desktop\Spybot - Search & Destroy.lnk
[2010.09.13 19:12:37 | 000,020,664 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\wklnhst.dat
[2010.09.13 18:39:38 | 001,432,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.13 18:39:38 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.13 18:39:38 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.13 18:39:38 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.13 18:39:38 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.13 16:41:26 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5343E896-89C9-43C4-B38B-73BEB8CD58C2}.job
[2010.09.13 00:40:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.12 23:12:03 | 002,008,924 | -H-- | M] () -- C:\Users\Jimmy\AppData\Local\IconCache.db
[2010.09.12 21:35:44 | 000,000,036 | ---- | M] () -- C:\Users\Jimmy\AppData\Local\housecall.guid.cache
[2010.09.12 21:32:56 | 001,913,032 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jimmy\Desktop\HousecallLauncher.exe
[2010.09.12 21:06:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
[2010.09.12 21:01:33 | 314,891,564 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.09.12 20:58:40 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.12 17:00:16 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.09.10 13:06:14 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.09.08 14:59:42 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.09.05 18:55:25 | 000,049,152 | ---- | M] () -- C:\Users\Jimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.05 18:11:58 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.08.22 15:05:57 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2010.08.21 15:11:16 | 000,363,520 | ---- | M] () -- C:\Users\Jimmy\Desktop\herbert.exe
 
========== Files Created - No Company Name ==========
 
[2010.09.13 22:16:17 | 3184,390,144 | -HS- | C] () -- C:\hiberfil.sys
[2010.09.13 21:43:23 | 000,000,625 | ---- | C] () -- C:\Users\Jimmy\Desktop\Spybot - Search & Destroy.lnk
[2010.09.12 21:35:44 | 000,000,036 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\housecall.guid.cache
[2010.09.12 20:58:40 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.12 20:38:09 | 000,363,520 | ---- | C] () -- C:\Users\Jimmy\Desktop\herbert.exe
[2010.09.12 17:00:16 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.08.22 15:05:57 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2009.12.24 12:52:53 | 000,000,680 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\d3d9caps.dat
[2009.12.06 17:27:42 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.12.06 17:27:41 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.12.06 17:27:37 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.06 17:27:37 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.12.06 17:27:36 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009.12.06 17:27:33 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.12.06 17:27:33 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.09.29 20:16:00 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.09.29 20:16:00 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\253D7348A0.sys
[2009.09.23 19:36:02 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.22 23:48:19 | 000,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.09.19 16:29:42 | 000,049,152 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.18 14:09:02 | 000,020,664 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\wklnhst.dat
[2009.09.17 22:44:20 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.28 08:50:54 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll
[2009.07.23 04:36:52 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009.07.23 04:36:52 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009.07.23 04:36:51 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009.07.22 13:34:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.22 11:09:36 | 000,079,117 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.07.22 11:09:29 | 000,079,117 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.03.16 16:21:42 | 000,114,688 | ---- | C] () -- C:\Windows\System32\RagTimeSearch.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2009.09.17 19:32:40 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\BullGuard
[2010.04.08 20:25:42 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\Template
[2010.04.08 20:16:34 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\Windows Live Writer
[2010.02.08 03:25:53 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\FileZilla
[2009.12.03 20:20:36 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\RagTime
[2009.09.18 14:09:12 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Template
[2010.09.13 00:40:09 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.09.13 16:41:26 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5343E896-89C9-43C4-B38B-73BEB8CD58C2}.job
[2010.09.13 22:35:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E0E42B1F-2849-4B8D-A516-D66190011D5C}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< etsvcs >
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.04.03 21:57:15 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Adobe
[2010.06.04 10:29:41 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Corel
[2010.06.04 10:33:55 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\CorelHomeOffice
[2009.09.17 23:24:14 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\CyberLink
[2010.07.25 12:03:48 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\DivX
[2010.02.08 03:25:53 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\FileZilla
[2009.09.17 11:13:42 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Identities
[2009.09.17 12:34:34 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Macromedia
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Media Center Programs
[2009.12.06 17:28:42 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Media Player Classic
[2010.05.23 14:59:41 | 000,000,000 | --SD | M] -- C:\Users\Jimmy\AppData\Roaming\Microsoft
[2009.09.17 12:38:11 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Mozilla
[2009.09.21 19:13:49 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Nero
[2009.12.03 20:20:36 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\RagTime
[2010.03.03 17:46:02 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Real
[2010.05.23 14:48:43 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Skype
[2010.05.23 10:03:19 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\skypePM
[2009.09.18 14:09:12 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Template
[2009.09.19 16:14:43 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.04.04 17:03:35 | 000,177,024 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\m0chm78r.default\FlashGot.exe
[2010.06.17 13:54:59 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Jimmy\AppData\Roaming\Real\Update\setup3.10\setup.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.05.03 17:32:29 | 000,000,385 | ---- | M] () -- C:\10099.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.03.11 16:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009.03.11 16:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.03.11 16:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Programme\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009.02.11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.09.22 23:48:19 | 000,716,272 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.04.10 23:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.10 23:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< End of report >
         
--- --- ---


Extras.TXT:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.09.2010 22:35:34 - Run 2
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Users\Jimmy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 433,53 Gb Total Space | 361,81 Gb Free Space | 83,46% Space Free | Partition Type: NTFS
Drive D: | 32,22 Gb Total Space | 17,55 Gb Free Space | 54,48% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3,73 Gb Total Space | 0,64 Gb Free Space | 17,11% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JIMMY-PC
Current User Name: Jimmy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4163552127-872894075-1681724628-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4163552127-872894075-1681724628-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{058F3C86-7564-4988-905F-30B8E0CCAB33}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{16EAF33A-D818-46CD-B250-F158D50ECEDA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1DAE327E-B0FF-49B6-A2D0-45383C543889}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2EC2817E-8F8A-4E16-B75E-0109F55D04AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{380412A6-5475-412B-9E2B-5EE0E1558B37}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3993375B-DCDD-4096-A783-58791490ADAD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{465B67F3-7036-4AE7-997D-7BBEA6344252}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B2F923E-AD3A-4872-928C-02C0640E8337}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4BA183E2-D003-48A6-B6DF-5966A0751A49}" = lport=138 | protocol=17 | dir=in | app=system | 
"{55D1877E-9DCC-4597-A5F6-0BA3B0C61094}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{58339FB5-C704-4D10-BF19-FDC1EC30BEEF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{64D9DC43-2039-478E-A1CA-3F727E6BEE85}" = lport=445 | protocol=6 | dir=in | app=system | 
"{64EFCFF8-0338-427B-9891-460AF89221C0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6B2465ED-128B-4B8D-B4C3-C9B5AEDFD2B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{74799244-D050-4E71-9696-61B4E14656D1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7A3AAD00-E780-46A9-B94C-5DF4ACE276BF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{82999C3C-7B15-44BB-A766-8A1D24F30A7F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{865E4305-C836-4159-ACF5-B9229B83681E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9ECB82AC-BB76-4682-9214-32A3A7674027}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AAB9E97F-18C4-4B2F-8C20-1317833F3BCE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AED83EF6-ABEB-4011-AAD4-D8C3F806AC36}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B71CFBEA-71B9-4FAB-8079-C67B3CEE6CC5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CDA8DD31-6B13-4230-8123-D1439E55DAF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D14ECBA1-A3F2-49C4-AE18-0E840556D2E2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D519CC83-7D29-4905-AE1D-A934CFB610ED}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E474A8CC-E124-4CC5-AE67-BD8C3FE1EF20}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E6C2E02B-F99D-4610-9104-87E2FB8D43B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EF8DB51D-DAE7-42AB-A88F-5359BA4FEAFA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F3EEAFE0-140B-4C8B-B10C-854E9DF23E2B}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0694711B-11F4-40AB-A039-FCBCFD279830}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{08C19248-BB11-4A7F-8F70-C90CA79805CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1039ECC3-8712-485F-A6E2-33AE1EAA8430}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe | 
"{28C960FD-5978-4A3A-96A9-5BCBE7A8641E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2CC4EEAF-45DB-4F93-BEB6-5C7A715A03A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{34E5B323-F847-46CF-B071-50B255A5635D}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe | 
"{393481C9-82AF-4DF0-AA09-524517BB37EC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3EBE6B19-49B3-4AF1-BD82-84E477ED08BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{490661A8-AE39-4A5A-8C97-6EC67D39019F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{499F371A-639B-4A50-9237-E84036051E4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4B33745D-1083-48CF-82C1-F6E67127BC72}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{56557CD8-40BE-41F9-8070-BE4BC0B32B5F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{68EC4703-B90E-4AD2-B469-8CD6A0248B5F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{799981C2-B717-4CE2-8D7B-65BF31020349}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7C89804A-D966-4884-BC6A-160F0D389CD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8155B751-9ACE-4E3F-BAD4-7342A7E22DC9}" = protocol=6 | dir=out | app=system | 
"{8DF446B6-02DE-45FB-A088-4BC043AEB62C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{906AB818-50B9-4EB2-9C10-2F929C7BEEB8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{94EA1FDE-E17B-4632-8AEC-771B64DEFB9F}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe | 
"{9BBCFDF7-FFE6-425A-A2FF-D53807B81051}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C1E1F7CF-D18C-4ABD-BDC1-38AA86437463}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C4E73B70-5D94-4F46-BCE3-E486E59CD402}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe | 
"{CBC567D4-D312-40E7-8141-163169B5611D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DD59E4F1-1D0D-4470-A210-A86848A1888C}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | 
"{EBC5C811-FF9F-40E9-BFC5-1C02BA6B5ACF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F1F6439C-DCE1-438A-9337-57F058ED78BB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FB5E1C9D-FA50-4A2C-A897-986B45FC6F49}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"TCP Query User{1E891177-9309-4930-8DAF-E29710B75A3D}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{6C563F4B-4247-4AE3-9028-E3656784DBE2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{A9CF2462-977F-49D4-AE21-9E64AB58F141}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{D4AC4E7A-649C-4904-A8BE-4C9A660B0B66}C:\program files\ragtime 6.5\win32\ragtime 6.5.exe" = protocol=6 | dir=in | app=c:\program files\ragtime 6.5\win32\ragtime 6.5.exe | 
"TCP Query User{EC0C2A08-C515-481B-9DD9-EE330023273E}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{EFBEA0EB-F981-4CEA-8C3A-478DB9F27E2A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{002077AC-EB14-41C0-8CB2-550C6800BDFF}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{06FB32EE-04BE-43D1-95AD-BB7DF6F9E0D6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{2E1C2AA2-FE3A-4243-BBCA-94798FB7002D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{3C209B25-EF52-4C3B-B9E2-1F2B5C276665}C:\program files\ragtime 6.5\win32\ragtime 6.5.exe" = protocol=17 | dir=in | app=c:\program files\ragtime 6.5\win32\ragtime 6.5.exe | 
"UDP Query User{450007AD-1581-43AC-B2F9-57454A6510D7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{7CA175F9-EDD1-4B23-8382-1570D8D8EB0C}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"_{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DC6A3E2-6EC3-412E-91AB-6F49301421A8}" = Connection Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99591F66-BBF6-4CC7-BC7C-8BB488BD2F9A}" = RagTime 6.5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C1EA0EB-0E03-407E-A8CB-35667746FEA8}" = Connection Manager
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AE9F7747-0350-4E02-B115-6A2C92F5FA54}" = Corel Home Office
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cucusoft YouTube Mate (Downloader+Player+Converter)_is1" = Cucusoft YouTube Mate 7.17
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.3.0.1
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.6 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Win2day Poker" = Win2day Poker
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4163552127-872894075-1681724628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.09.2010 16:11:05 | Computer Name = Jimmy-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 13.09.2010 16:11:30 | Computer Name = Jimmy-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 13.09.2010 16:11:54 | Computer Name = Jimmy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.09.2010 16:14:36 | Computer Name = Jimmy-PC | Source = Wininit | ID = 1015
Description = Ein kritischer Systemprozess C:\Windows\system32\lsm.exe ist fehlgeschlagen
 mit den Statuscode 1. Der Computer muss neu gestartet werden.
 
Error - 13.09.2010 16:15:01 | Computer Name = Jimmy-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description = 
 
Error - 13.09.2010 16:16:37 | Computer Name = Jimmy-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 13.09.2010 16:17:02 | Computer Name = Jimmy-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 13.09.2010 16:17:08 | Computer Name = Jimmy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.09.2010 16:17:10 | Computer Name = Jimmy-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 13.09.2010 16:36:16 | Computer Name = Jimmy-PC | Source = SPP | ID = 16387
Description = 
 
[ Media Center Events ]
Error - 17.06.2010 14:50:49 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 17.06.2010 14:56:32 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 17.06.2010 14:56:37 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 17.06.2010 14:58:57 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 21.07.2010 14:04:11 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 53
Description = Ereignisinformationen: TV-Programmdienst: Unerwarteter Fehler. Der
 TV-Programmlistendienst ist zurzeit nicht verfügbar. Wiederholen Sie den Vorgang
 später. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton 
 
Error - 22.07.2010 16:06:35 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 13
Description = Ereignisinformationen: Fehler beim Downloaden neuer TV-Programmdaten.
 Überprüfen Sie die Internetverbindungseinstellungen. Wenn die Verbindung über einen
 Firewall oder Proxyserver hergestellt wird, stellen Sie sicher, dass dieser ordnungsgemäß
 konfiguriert ist. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton

 
Error - 23.07.2010 13:06:24 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 34
Description = Ereignisinformationen: Ermittlungsdienst: Unerwarteter Fehler. Der
 TV-Programmlistendienst ist zurzeit nicht verfügbar. Wiederholen Sie den Vorgang
 später. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton 
 
Error - 08.08.2010 14:13:05 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 13
Description = Ereignisinformationen: Fehler beim Downloaden neuer TV-Programmdaten.
 Überprüfen Sie die Internetverbindungseinstellungen. Wenn die Verbindung über einen
 Firewall oder Proxyserver hergestellt wird, stellen Sie sicher, dass dieser ordnungsgemäß
 konfiguriert ist. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton

 
Error - 08.08.2010 14:13:05 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 13
Description = Ereignisinformationen: Fehler beim Downloaden neuer TV-Programmdaten.
 Überprüfen Sie die Internetverbindungseinstellungen. Wenn die Verbindung über einen
 Firewall oder Proxyserver hergestellt wird, stellen Sie sicher, dass dieser ordnungsgemäß
 konfiguriert ist. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton

 
Error - 12.09.2010 12:10:58 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 34
Description = Ereignisinformationen: Ermittlungsdienst: Unerwarteter Fehler. Der
 TV-Programmlistendienst ist zurzeit nicht verfügbar. Wiederholen Sie den Vorgang
 später. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton 
 
[ System Events ]
Error - 13.09.2010 16:11:54 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 13.09.2010 16:11:54 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 13.09.2010 16:11:54 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 13.09.2010 16:11:54 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 13.09.2010 16:11:54 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 13.09.2010 16:16:24 | Computer Name = Jimmy-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.09.2010 um 22:14:13 unerwartet heruntergefahren.
 
Error - 13.09.2010 16:17:09 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.09.2010 16:17:09 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 13.09.2010 16:17:09 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 13.09.2010 16:17:10 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 13.09.2010, 22:58   #4
KeinenNick
 
Virus stört Firefox und alle Antivirus Progs. - Standard

Virus stört Firefox und alle Antivirus Progs.



Vielleicht hilft auch das weiter: Mir fällt auf das sich in unregelmäßigen Abständen Firefox mit Yahoo öffnet ohne das man was macht.

Lg

Alt 14.09.2010, 12:09   #5
markusg
/// Malware-holic
 
Virus stört Firefox und alle Antivirus Progs. - Standard

Virus stört Firefox und alle Antivirus Progs.



deinstaliere spybot, es stört die reinigung.
starte neu.
deinstaliere adaware, nutzt die gleiche engine wie avira, starte neu.
toolbars sind ein sicherheitsrisiko, und machen den browser langsamer, deinstaliere:
windows live toolbar.

• Starte bitte die OTL.exe.
• Kopiere nun das Folgende in die Textbox.

:OTL
DRV - (WPN111) -- C:\Windows\System32\DRIVERS\WPN111v.sys File not found
DRV - (Trufos) -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys File not found
DRV - (Profos) -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEFv=18q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O33 - MountPoints2\{4648e6e7-bf44-11df-a0fc-001f162806af}\Shell\AutoRun\command - "" = I:\Startme.exe -- File not found
O33 - MountPoints2\{6f1c4ab6-a369-11de-8f38-001f162806af}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ccefcf2e-e409-11de-846c-001f162806af}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\{dd53f965-a7c1-11de-8551-001f162806af}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
:Files
:Commands
[purity]
[resethosts]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix


Alt 14.09.2010, 20:03   #6
KeinenNick
 
Virus stört Firefox und alle Antivirus Progs. - Standard

Virus stört Firefox und alle Antivirus Progs.



All processes killed
========== OTL ==========
Service WPN111 stopped successfully!
Service WPN111 deleted successfully!
File C:\Windows\System32\DRIVERS\WPN111v.sys File not found not found.
Service Trufos stopped successfully!
Service Trufos deleted successfully!
File C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys File not found not found.
Service Profos stopped successfully!
Service Profos deleted successfully!
File C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys File not found not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File C:\Windows\System32\DRIVERS\ipinip.sys File not found not found.
Prefs.js: "Fast Browser Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEFv=18q=" removed from browser.search.defaulturl
Prefs.js: "Fast Browser Search" removed from browser.search.order.1
Prefs.js: "Fast Browser Search" removed from browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LMgrOSD deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4648e6e7-bf44-11df-a0fc-001f162806af}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4648e6e7-bf44-11df-a0fc-001f162806af}\ not found.
File I:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f1c4ab6-a369-11de-8f38-001f162806af}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f1c4ab6-a369-11de-8f38-001f162806af}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccefcf2e-e409-11de-846c-001f162806af}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccefcf2e-e409-11de-846c-001f162806af}\ not found.
File G:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd53f965-a7c1-11de-8551-001f162806af}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd53f965-a7c1-11de-8551-001f162806af}\ not found.
File F:\Setup.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Eva
->Flash cache emptied: 1462 bytes

User: Jimmy
->Flash cache emptied: 46449 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes

Alt 14.09.2010, 20:06   #7
markusg
/// Malware-holic
 
Virus stört Firefox und alle Antivirus Progs. - Standard

Virus stört Firefox und alle Antivirus Progs.



das ist nicht komplett

Alt 14.09.2010, 22:16   #8
KeinenNick
 
Virus stört Firefox und alle Antivirus Progs. - Standard

Virus stört Firefox und alle Antivirus Progs.



Dieses File kommt aber nach dem Neustart nachdem ich auf "Run Fix" geklickt hab.

Alt 14.09.2010, 22:31   #9
KeinenNick
 
Virus stört Firefox und alle Antivirus Progs. - Standard

Virus stört Firefox und alle Antivirus Progs.



ComboFix lässt sich nicht starten.... weder im Normal noch im abgesicherten Modus.

Lg

Alt 15.09.2010, 11:48   #10
markusg
/// Malware-holic
 
Virus stört Firefox und alle Antivirus Progs. - Standard

Virus stört Firefox und alle Antivirus Progs.



lösche combofix.exe lad es erneut runter, rechtsklick auf den download link, ziehl speichern unter, lösche den namen combofix.exe
und benenne es in
1123.com
um
starte es dann erneut.

Alt 16.09.2010, 18:10   #11
KeinenNick
 
Virus stört Firefox und alle Antivirus Progs. - Standard

Virus stört Firefox und alle Antivirus Progs.



Combofix Logfile:
Code:
ATTFilter
ComboFix 10-09-14.01 - Jimmy 16.09.2010  17:55:53.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.3036.2216 [GMT 2:00]
ausgeführt von:: c:\users\Jimmy\Desktop\12345.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\10099.exe

Infizierte Kopie von c:\windows\system32\drivers\disk.sys wurde gefunden und desinfiziert 
Kopie von - Kitty had a snack :p wurde wiederhergestellt 
.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-16 bis 2010-09-16  ))))))))))))))))))))))))))))))
.

2010-09-16 16:06 . 2010-09-16 16:06	--------	d-----w-	c:\users\Jimmy\AppData\Local\temp
2010-09-13 19:43 . 2010-09-14 20:14	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-09-13 19:43 . 2010-09-13 19:43	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-09-12 18:58 . 2010-09-15 10:19	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-12 15:01 . 2010-09-14 17:43	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-09-12 14:59 . 2010-09-14 17:43	--------	d-----w-	c:\programdata\Lavasoft
2010-08-22 13:05 . 2010-08-22 13:20	--------	d-----w-	c:\program files\JDownloader

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 15:53 . 2009-07-22 09:09	79117	----a-w-	c:\programdata\nvModes.dat
2010-09-16 15:52 . 2009-07-23 02:43	12	----a-w-	c:\windows\bthservsdp.dat
2010-09-15 18:54 . 2009-09-18 12:09	21066	----a-w-	c:\users\Jimmy\AppData\Roaming\wklnhst.dat
2010-09-14 20:22 . 2009-09-17 09:14	88256	----a-w-	c:\users\Jimmy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-13 16:39 . 2009-07-22 16:39	623280	----a-w-	c:\windows\system32\perfh007.dat
2010-09-13 16:39 . 2009-07-22 16:39	125378	----a-w-	c:\windows\system32\perfc007.dat
2010-09-12 22:43 . 2010-02-28 20:18	--------	d-----w-	c:\programdata\FLEXnet
2010-08-12 11:10 . 2009-07-22 13:27	--------	d-----w-	c:\program files\Microsoft Works
2010-08-12 11:04 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-07-25 10:03 . 2010-05-30 12:41	--------	d-----w-	c:\users\Jimmy\AppData\Roaming\DivX
2010-06-26 06:05 . 2010-08-11 14:43	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 14:43	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-11 14:43	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-11 14:43	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 14:43	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-11 14:43	36864	----a-w-	c:\windows\system32\rtutils.dll
2009-09-29 18:18 . 2009-09-29 18:16	88	--sh--r-	c:\windows\System32\253D7348A0.sys
2010-06-04 08:25 . 2009-09-29 18:16	2828	--sha-w-	c:\windows\System32\KGyGaAvL.sys
2009-03-11 14:14 . 2009-03-11 14:09	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Z810SysStart"="c:\program files\Connection Manager\sysctrl.exe" [2008-08-22 307200]
"SpybotSD TeaTimer"="g:\spybot - search & destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-01 13789728]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-29 450660]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-04-10 191488]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-07-07 343552]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2009-08-05 413696]
"Z810SysStart"="c:\program files\Connection Manager\sysctrl.exe" [2008-08-22 307200]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-09-22 21:55	4608	----a-w-	c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46	1135912	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07	1828136	----a-w-	c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu]
2009-02-25 12:40	218408	------w-	c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44	3883840	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-02-22 09:40	207504	----a-w-	c:\program files\pdf24\pdf24.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2009-04-15 21:54	50472	------w-	c:\program files\HomeCinema\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-09-02 13:27	25623336	----a-r-	c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-29 13:51	198160	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2uvc]
2008-08-28 13:03	233472	----a-w-	c:\windows\tsnp2uvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-05-19 20:16	222504	------w-	c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Z810PNP]
2008-10-09 21:37	118784	----a-w-	c:\program files\Connection Manager\SamsungPnPServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4163552127-872894075-1681724628-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca3bd359d9d810;Google Update Service (gupdate1ca3bd359d9d810);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 133104]
R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]
R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]
R3 fspad_wlh32;Finger-sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2009-06-17 41984]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-03-04 113152]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-09-22 716272]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-03-12 113504]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-07-27 508416]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 22:23]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 22:23]

2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{5343E896-89C9-43C4-B38B-73BEB8CD58C2}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]

2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{E0E42B1F-2849-4B8D-A516-D66190011D5C}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com/
FF - ProfilePath - c:\users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\m0chm78r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={B264E225-5D95-4611-67ED-51BC5777389A}&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-snp2uvc - c:\windows\vsnp2uvc.exe
AddRemove-_{E1A63F75-1F72-4450-980D-434496FFC646} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {E1A63F75-1F72-4450-980D-434496FFC646}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-16 18:06
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Z810SysStart = c:\program files\Connection Manager\sysctrl.exe?????????}????????????l??????@??t????}???????????}???????r??v>???}???????????}??????????????????????v???? ??v?m?????????va??v?%??????>???????$???????????????p??????????????v???v????????????????????????L???-R?v 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  Z810SysStart = c:\program files\Connection Manager\sysctrl.exe?????????}????????????l??????@??t????}???????????}???????r??v>???}???????????}??????????????????????v???? ??v?m?????????va??v?%??????>???????$???????????????p??????????????v???v????????????????????????L???-R?v 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-16  18:08:41
ComboFix-quarantined-files.txt  2010-09-16 16:08

Vor Suchlauf: 7 Verzeichnis(se), 423.336.833.024 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 423.274.045.440 Bytes frei

- - End Of File - - 4524F6ED3170B4C7D4C269F13CE865EA
         
--- --- ---

Alt 16.09.2010, 18:20   #12
markusg
/// Malware-holic
 
Virus stört Firefox und alle Antivirus Progs. - Standard

Virus stört Firefox und alle Antivirus Progs.



rechtsklick avira schirm, guard deaktivieren.
öffne mein computer, c:
qoobox rechtsklick auf quarantain und zu quarantain.zip oder rar hinzufügen. das archiv hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html
deinstaliere spybot, starte neu.
download malwarebytes.
http://www.trojaner-board.de/51187-anleitung-malwarebytes-anti-malware.html
instalieren, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme, auch avira aus, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde löschen, avira + internet ein, log posten.

Alt 16.09.2010, 21:01   #13
KeinenNick
 
Virus stört Firefox und alle Antivirus Progs. - Standard

Virus stört Firefox und alle Antivirus Progs.



Datei Upload hab ich so ausgeführt wie in der Anleitung beschrieben. Weiß aber nicht ob des funktioniert hat.
Firefox funzt wieder ganz normal!
Nachmals vielen Dank für deine Unterstützung!




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4629

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

16.09.2010 20:57:17
mbam-log-2010-09-16 (20-57-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 304834
Laufzeit: 1 Stunde(n), 21 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 16.09.2010, 21:03   #14
markusg
/// Malware-holic
 
Virus stört Firefox und alle Antivirus Progs. - Standard

Virus stört Firefox und alle Antivirus Progs.



das ist ja schon mal n anfang
avira
http://www.trojaner-board.de/54192-a...tellungen.html
avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm.
klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten.

Antwort

Themen zu Virus stört Firefox und alle Antivirus Progs.
adware, antivir, antivirus, bedanken, e-mail, firefox, lap top, malwarebytes, ordner, plagegeist, problem, programm, progs, recycle.bin, scan, sobald, sofort, software, stürtzt, stürzen, sämtliche, viren, virus, vista, website, wenige, win, win vista



Ähnliche Themen: Virus stört Firefox und alle Antivirus Progs.


  1. Langsamer Firefox stört!
    Plagegeister aller Art und deren Bekämpfung - 10.12.2015 (106)
  2. Firefox stürzt fast alle 10min ab
    Plagegeister aller Art und deren Bekämpfung - 02.11.2015 (9)
  3. Firefox Add-Ons sind nicht alle aktuell
    Alles rund um Windows - 06.10.2015 (3)
  4. Avira Antivirus: "Gleicher Schutz für alle!"
    Nachrichten - 02.07.2014 (0)
  5. Deal Finder Firefox stört beim surfen wie löschen?
    Plagegeister aller Art und deren Bekämpfung - 17.01.2014 (17)
  6. Win 7 Antivirus 2012 meldet Trojaner, blockiert alle Programme
    Log-Analyse und Auswertung - 29.12.2011 (11)
  7. Virus der Internet stört?
    Log-Analyse und Auswertung - 22.09.2011 (1)
  8. Antivirus: zeigt alle 10 Sekunden Virus an (Recycle.Bin\...)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2011 (1)
  9. Virus der alle Antivirus Seiten blockiert!
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (20)
  10. Firefox lädt nicht alle Seiten
    Log-Analyse und Auswertung - 08.10.2010 (18)
  11. Antivirus löscht unter anderem Firefox
    Plagegeister aller Art und deren Bekämpfung - 01.01.2009 (3)
  12. ein mir unbekanter plagegeist deaktiviert mir alle antivirus programme
    Mülltonne - 23.11.2008 (0)
  13. FireFox öffnet alle paar Minuten neuen Tab
    Mülltonne - 22.10.2008 (0)
  14. Firefox Werbefenster alle 30 Sekunden/HJT Log-File
    Log-Analyse und Auswertung - 16.07.2008 (0)
  15. Virus -> exe Dateien der Antiviren-Progs weg
    Plagegeister aller Art und deren Bekämpfung - 10.11.2007 (8)
  16. Hilfe ich hab nen Virus und der löscht alle Antivirus Dateien!
    Plagegeister aller Art und deren Bekämpfung - 07.02.2007 (11)
  17. Virus Entdeckt in allen Progs!!
    Plagegeister aller Art und deren Bekämpfung - 28.05.2004 (12)

Zum Thema Virus stört Firefox und alle Antivirus Progs. - Irgendein "Plagegeist" hat sich auf meinem Lap Top eingenistet. Seit dem fuktionieren nur mehr wenige Websiten mit Firefox, kein E-mail Abruf und sämtliche Software die ich gegen Viren hab stürtzt - Virus stört Firefox und alle Antivirus Progs....
Archiv
Du betrachtest: Virus stört Firefox und alle Antivirus Progs. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.