Internetseiten öffnen sich von selbst

PcInfected · 29.10.2010, 08:25

Hallo Leute,
Habe das Problem, das wenn ich manchmal im Internet bin, sich einfach so irgendwelche Seiten öffnen, meist VideoDictionary.com.
Habe avast! und Malwarebyts komplett durchlaufen lassen, und beide haben nichts gefunden. Was könnte das sein ?

Chris4You · 29.10.2010, 09:17

Hi,

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris
Ps.: Bin erst wieder morgen online (frühestens)...

PcInfected · 29.10.2010, 10:13

Das hier ist die Extras.Txt Logfile von OTL :

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 29.10.2010 10:56:05 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Dokumente und Einstellungen\Earny\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 33,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,53 Gb Total Space | 17,76 Gb Free Space | 47,32% Space Free | Partition Type: NTFS
Drive D: | 34,56 Gb Total Space | 34,09 Gb Free Space | 98,64% Space Free | Partition Type: NTFS
Drive E: | 2,44 Gb Total Space | 0,45 Gb Free Space | 18,36% Space Free | Partition Type: FAT32
 
Computer Name: WERNER | User Name: Earny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\Messenger\msmsgs.exe" = %ProgramFiles%\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\HP\HP Software Update\HPWUCli.exe" = C:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Earny\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe" = C:\Dokumente und Einstellungen\Earny\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- File not found
"C:\Programme\AVG\AVG10\avgmfapx.exe" = C:\Programme\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- File not found
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine -- File not found
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Disabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D8536A5-CB40-1EE1-DABD-DDB078E97AFB}" = netdesignerPRO
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{71310568-C4A9-4E84-A2DA-40823D28F4BF}" = netdesigner
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{763E8D6C-0098-4FF4-801A-3F311D2D9D80}" = Apple Mobile Device Support
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{974C05A0-C76C-4724-A9A2-11D5D1355729}" = iTunes
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AFDC0E03-F491-4A80-9EBE-46FD05FA53DD}" = SymNet
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F325CF11-27CE-4872-8022-6E9EB27DF24F}" = NAVShortcut
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2)
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.4)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast5" = avast! Free Antivirus
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Image Converter_is1" = AVS Image Converter 1.1.3.71
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Updater" = Google Updater
"HP Photo & Imaging" = HP Image Zone 4.2
"hp psc 1310 series_Driver" = hp psc 1310 series
"HyperCam 2" = HyperCam 2
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSNINST" = MSN
"netdesigner" = netdesigner 
"netfoto.ch.AD8D60F8E4A090C6E6ED2EA5F019293CE7B5FB4D.1" = netdesignerPRO
"Nokia PC Suite" = Nokia PC Suite
"Python 1.5 combined Win32 extensions" = Python 1.5 combined Win32 extensions
"Python 1.5.2 (final)" = Python 1.5.2 (final)
"S3" = UniChrome Graphics Driver and Utilities
"Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows
"Uninstall_is1" = Uninstall 1.0.0.1
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"I-Doser v4" = I-Doser v4
"OpenOffice.org 1.1.4" = OpenOffice.org 1.1.4
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.10.2010 09:22:26 | Computer Name = WERNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul shmedia.dll, Version 6.0.2900.5512, Fehleradresse 0x0000ac54.
 
Error - 27.10.2010 09:22:31 | Computer Name = WERNER | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich 735618682.
 
Error - 27.10.2010 09:22:48 | Computer Name = WERNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul shmedia.dll, Version 6.0.2900.5512, Fehleradresse 0x0000ac54.
 
Error - 27.10.2010 09:23:16 | Computer Name = WERNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul shmedia.dll, Version 6.0.2900.5512, Fehleradresse 0x0000ac54.
 
Error - 27.10.2010 09:23:26 | Computer Name = WERNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul shmedia.dll, Version 6.0.2900.5512, Fehleradresse 0x0000ac54.
 
Error - 28.10.2010 08:27:21 | Computer Name = WERNER | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 28.10.2010 08:27:48 | Computer Name = WERNER | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 28.10.2010 13:23:37 | Computer Name = WERNER | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 28.10.2010 13:23:50 | Computer Name = WERNER | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 29.10.2010 02:50:27 | Computer Name = WERNER | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
[ System Events ]
Error - 29.10.2010 00:17:15 | Computer Name = WERNER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 29.10.2010 00:17:15 | Computer Name = WERNER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Guard NT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 29.10.2010 00:17:15 | Computer Name = WERNER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SYMTDI
 
Error - 29.10.2010 02:50:17 | Computer Name = WERNER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "WSearch"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error - 29.10.2010 02:51:03 | Computer Name = WERNER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 29.10.2010 02:51:03 | Computer Name = WERNER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Guard NT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 29.10.2010 02:51:03 | Computer Name = WERNER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SYMTDI
 
Error - 29.10.2010 03:09:29 | Computer Name = WERNER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 29.10.2010 04:24:08 | Computer Name = WERNER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 29.10.2010 04:44:39 | Computer Name = WERNER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
 
< End of report >

--- --- ---

Und das die OTL.Txt Logfile auch von OTL:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.10.2010 10:56:05 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Dokumente und Einstellungen\Earny\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 33,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,53 Gb Total Space | 17,76 Gb Free Space | 47,32% Space Free | Partition Type: NTFS
Drive D: | 34,56 Gb Total Space | 34,09 Gb Free Space | 98,64% Space Free | Partition Type: NTFS
Drive E: | 2,44 Gb Total Space | 0,45 Gb Free Space | 18,36% Space Free | Partition Type: FAT32
 
Computer Name: WERNER | User Name: Earny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Earny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Google\Google Updater\GoogleUpdater.exe (Google)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Earny\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SNDSrvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe File not found
SRV - (NSCService) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE File not found
SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE File not found
SRV - (LiveUpdate Notice Service) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (Guard NT) -- C:\Programme\Aon\AonVirenchecker\GuardNT\guardNt.exe File not found
SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe File not found
SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe File not found
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (avast! Web Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NTGUARD) -- C:\Programme\Aon\AonVirenchecker\GuardNT\NTGUARD.SYS File not found
DRV - (mdxgthkn) -- C:\DOKUME~1\Earny\LOKALE~1\Temp\mdxgthkn.sys File not found
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys File not found
DRV - (cmuda) -- C:\WINDOWS\System32\drivers\cmuda.sys File not found
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (SVKP) -- C:\WINDOWS\system32\SVKP.sys (AntiCracking)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (netrcacm) -- C:\WINDOWS\system32\drivers\netrcacm.sys (Thomson Inc.)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = MSN Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.msn.de/spresults.aspx?q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.vol.at/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.29 06:19:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.29 06:19:38 | 000,000,000 | ---D | M]
 
[2010.03.17 20:03:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Mozilla\Extensions
[2010.10.28 22:14:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Mozilla\Firefox\Profiles\k0tygsyi.default\extensions
[2010.08.18 19:11:14 | 000,000,000 | ---D | M] (Stylish) -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Mozilla\Firefox\Profiles\k0tygsyi.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.10.10 12:49:39 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Mozilla\Firefox\Profiles\k0tygsyi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.08.02 17:02:56 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Mozilla\Firefox\Profiles\k0tygsyi.default\searchplugins\conduit.xml
[2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Mozilla\Firefox\Profiles\k0tygsyi.default\searchplugins\icqplugin.xml
[2010.08.28 00:18:08 | 000,010,017 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Mozilla\Firefox\Profiles\k0tygsyi.default\searchplugins\mywebsearch.xml
[2010.10.28 22:14:57 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.10.23 22:42:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.12 22:24:52 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.12 22:24:52 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.12 22:24:52 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.12 22:24:52 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.12 22:24:52 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.19 07:08:38 | 000,002,791 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 217.23.7.114 www.google.com 
O1 - Hosts: 217.23.7.114 google.com 
O1 - Hosts: 217.23.7.114 google.com.au 
O1 - Hosts: 217.23.7.114 www.google.com.au
O1 - Hosts: 217.23.7.114 google.be 
O1 - Hosts: 217.23.7.114 www.google.be
O1 - Hosts: 217.23.7.114 google.com.br 
O1 - Hosts: 217.23.7.114 www.google.com.br
O1 - Hosts: 217.23.7.114 google.ca 
O1 - Hosts: 38 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UserFaultCheck]  File not found
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe (Google)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 10
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 0 = msseces.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = MSASCui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = ekrn.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = egui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = avgnt.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = avcenter.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = avscan.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = avgfrw.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = avgui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = avgtray.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = avgscanx.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = avgcfgex.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = avgemc.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = avgchsvx.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = avgcmgr.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = avgwdsvc.exe
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab (EPUImageControl Class)
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} hxxp://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096728815609 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://194.183.159.63/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} hxxp://download.energyfactor.com/dialer/it/activex_259_it.exe (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.183.128.35 194.183.128.36
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - hxxp://de.wrs.yahoo.com/S=2114718014/K=tornadoes/v=2/SID=e/l=IVS/;_ylt=Ah5Bs5sjBO8.jcaBupWnfp8.CQx.;_ylu=X3oDMTA4NDgyNWN0BHNlYwNwcm9m/SIG=12dpkm4qn/EXP=1118245652/*-http%3A//www.steveroach.com/Images/Thumbnails/Tornadoes.jpg
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Earny\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Earny\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.19 21:44:16 | 000,000,659 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004.10.02 14:15:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.29 10:55:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Earny\Desktop\OTL.exe
[2010.10.29 08:23:55 | 000,000,000 | ---D | C] -- C:\Programme\TrendMicro
[2010.10.28 17:46:56 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar
[2010.10.28 17:46:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010.10.28 17:46:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\ICQ
[2010.10.28 17:46:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Earny\Lokale Einstellungen\Anwendungsdaten\AOL
[2010.10.28 17:45:59 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2010.10.26 19:20:55 | 000,000,000 | ---D | C] -- C:\Programme\MSECache
[2010.10.26 19:19:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fighters
[2010.10.26 19:14:41 | 063,363,736 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Earny\Desktop\PowerPointViewer_14.0.4730.1010.exe
[2010.10.24 03:02:01 | 000,000,000 | ---D | C] -- C:\Download
[2010.10.24 03:01:52 | 000,000,000 | ---D | C] -- C:\Nexon
[2010.10.23 22:42:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.10.23 22:42:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.10.23 22:42:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.10.17 16:17:01 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2010.10.17 16:16:53 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.10.16 14:12:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2010.10.16 14:12:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010.10.16 14:12:14 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media-Komponenten
[2010.10.16 14:09:28 | 000,137,216 | ---- | C] (Hyperionics) -- C:\Programme\CamRes2.dll
[2010.10.16 14:09:28 | 000,044,032 | ---- | C] (Hyperionics) -- C:\Programme\MClick2.dll
[2010.10.16 14:09:27 | 000,925,080 | ---- | C] (Hyperionics) -- C:\Programme\HyCam2.exe
[2010.10.16 14:09:27 | 000,078,248 | ---- | C] (Hyperionics) -- C:\Programme\UnHyCam2.exe
[2010.10.16 13:51:17 | 000,000,000 | ---D | C] -- C:\Programme\HyCam2
[2010.10.16 13:48:19 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.10.16 13:48:18 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.10.16 13:48:16 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.10.16 13:48:15 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.10.16 13:48:12 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.10.16 13:48:12 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.10.16 13:48:12 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.10.16 13:47:55 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.10.16 13:47:55 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010.10.16 13:12:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\AVG10
[2010.10.16 13:07:06 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2010.10.16 13:05:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2010.10.16 12:53:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2010.10.15 13:44:13 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010.10.15 13:44:13 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010.10.15 13:44:03 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010.10.12 14:39:48 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Earny\Recent
[2010.10.06 21:11:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010.10.06 21:02:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
[2010.10.06 19:32:27 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMCT232.OCX
[2010.10.06 19:32:27 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMCTLde.DLL
[2010.10.06 19:32:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGDE.DLL
[2010.10.06 19:32:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMCT2DE.dll
[2010.10.06 19:32:26 | 001,351,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.ocx
[2010.10.02 23:01:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Adobe
[2010.10.02 23:00:57 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2010.10.01 14:57:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Adobe(2)
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.29 10:53:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Earny\Desktop\OTL.exe
[2010.10.29 10:52:17 | 002,415,383 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Desktop\SDC11613.JPG
[2010.10.29 10:33:05 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.29 10:33:04 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.29 08:52:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.29 08:49:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.29 08:49:47 | 1308,151,808 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.29 08:48:45 | 000,001,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2010.10.28 20:11:27 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.10.28 17:47:00 | 000,001,455 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ICQ7.2.lnk
[2010.10.28 16:13:02 | 000,008,783 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\.recently-used.xbel
[2010.10.27 19:23:55 | 004,169,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Desktop\Kelly Clarkson - Behind These Hazel Eyes.mp3
[2010.10.27 16:05:23 | 004,016,256 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Desktop\James Cottriall - Unbreakable (full. new. + lyrics) [HD].mp3
[2010.10.27 15:53:09 | 001,732,322 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0007.avi
[2010.10.27 15:51:08 | 014,706,330 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0006.avi
[2010.10.27 15:49:38 | 004,169,614 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0005.avi
[2010.10.27 15:45:46 | 011,873,542 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0004.avi
[2010.10.27 15:43:41 | 000,031,232 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.27 15:43:34 | 057,950,356 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0003.avi
[2010.10.27 15:41:36 | 002,628,050 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0002.avi
[2010.10.27 15:41:11 | 000,842,914 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0001.avi
[2010.10.27 15:39:22 | 000,848,004 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0032.avi
[2010.10.27 15:38:14 | 001,488,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0031.avi
[2010.10.27 15:35:19 | 136,454,484 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0030.avi
[2010.10.27 15:21:48 | 004,397,184 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Desktop\Gavin Rossdale - Love Remains the Same (with Lyrics).mp3
[2010.10.26 19:58:54 | 000,193,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.26 19:18:58 | 063,363,736 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Earny\Desktop\PowerPointViewer_14.0.4730.1010.exe
[2010.10.24 00:27:31 | 000,001,570 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.10.17 16:17:01 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.10.17 11:32:23 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.10.16 13:48:19 | 000,001,668 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2010.10.16 13:48:13 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.10.15 21:24:31 | 000,086,205 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Desktop\Redcyancow.jpg
[2010.10.15 20:31:40 | 000,114,722 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Desktop\20100110162152!Cow-icon.png
[2010.10.15 18:27:21 | 000,029,721 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Desktop\MixedCow.32FarmCash.png
[2010.10.15 17:52:19 | 000,000,784 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GIMP 2.lnk
[2010.10.07 12:39:52 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\Default.rdp
[2010.10.06 21:02:18 | 000,000,896 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk
[2010.10.06 17:37:35 | 000,485,478 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.10.06 17:37:35 | 000,442,780 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.06 17:37:35 | 000,095,352 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.10.06 17:37:35 | 000,072,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.29 10:51:34 | 002,415,383 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Desktop\SDC11613.JPG
[2010.10.28 17:47:00 | 000,001,455 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ICQ7.2.lnk
[2010.10.28 16:13:02 | 000,008,783 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\.recently-used.xbel
[2010.10.27 16:10:11 | 004,169,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Desktop\Kelly Clarkson - Behind These Hazel Eyes.mp3
[2010.10.27 16:05:40 | 004,016,256 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Desktop\James Cottriall - Unbreakable (full. new. + lyrics) [HD].mp3
[2010.10.27 15:52:52 | 001,732,322 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0007.avi
[2010.10.27 15:50:41 | 014,706,330 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0006.avi
[2010.10.27 15:49:27 | 004,169,614 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0005.avi
[2010.10.27 15:45:20 | 011,873,542 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0004.avi
[2010.10.27 15:42:09 | 057,950,356 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0003.avi
[2010.10.27 15:41:28 | 002,628,050 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0002.avi
[2010.10.27 15:41:03 | 000,842,914 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0001.avi
[2010.10.27 15:39:14 | 000,848,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0032.avi
[2010.10.27 15:37:59 | 001,488,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0031.avi
[2010.10.27 15:30:23 | 136,454,484 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0030.avi
[2010.10.27 14:00:46 | 004,397,184 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Desktop\Gavin Rossdale - Love Remains the Same (with Lyrics).mp3
[2010.10.17 16:17:01 | 000,001,872 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.10.16 14:09:28 | 000,199,268 | ---- | C] () -- C:\Programme\HyCam2.chm
[2010.10.16 14:09:28 | 000,005,784 | ---- | C] () -- C:\Programme\HyCam2.tlb
[2010.10.16 14:09:28 | 000,001,186 | ---- | C] () -- C:\Programme\16-44100d.wav
[2010.10.16 14:09:28 | 000,000,956 | ---- | C] () -- C:\Programme\16-44100u.wav
[2010.10.16 14:09:28 | 000,000,652 | ---- | C] () -- C:\Programme\16-22050d.wav
[2010.10.16 14:09:28 | 000,000,587 | ---- | C] () -- C:\Programme\8-44100d.wav
[2010.10.16 14:09:28 | 000,000,442 | ---- | C] () -- C:\Programme\16-22050u.wav
[2010.10.16 14:09:28 | 000,000,421 | ---- | C] () -- C:\Programme\8-44100u.wav
[2010.10.16 14:09:28 | 000,000,340 | ---- | C] () -- C:\Programme\16-11025d.wav
[2010.10.16 14:09:28 | 000,000,326 | ---- | C] () -- C:\Programme\16-11025u.wav
[2010.10.16 14:09:28 | 000,000,317 | ---- | C] () -- C:\Programme\8-22050d.wav
[2010.10.16 14:09:28 | 000,000,260 | ---- | C] () -- C:\Programme\16-8000d.wav
[2010.10.16 14:09:28 | 000,000,225 | ---- | C] () -- C:\Programme\8-22050u.wav
[2010.10.16 14:09:28 | 000,000,220 | ---- | C] () -- C:\Programme\16-8000u.wav
[2010.10.16 14:09:28 | 000,000,183 | ---- | C] () -- C:\Programme\8-11025d.wav
[2010.10.16 14:09:28 | 000,000,151 | ---- | C] () -- C:\Programme\8-8000d.wav
[2010.10.16 14:09:28 | 000,000,135 | ---- | C] () -- C:\Programme\8-11025u.wav
[2010.10.16 14:09:28 | 000,000,127 | ---- | C] () -- C:\Programme\8-8000u.wav
[2010.10.16 14:09:27 | 000,002,521 | ---- | C] () -- C:\Programme\agreement.txt
[2010.10.16 14:09:27 | 000,002,018 | ---- | C] () -- C:\Programme\readme.txt
[2010.10.16 14:09:27 | 000,000,055 | ---- | C] () -- C:\Programme\HomePage.url
[2010.10.16 13:48:19 | 000,001,668 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2010.10.15 21:24:30 | 000,086,205 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Desktop\Redcyancow.jpg
[2010.10.15 20:31:39 | 000,114,722 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Desktop\20100110162152!Cow-icon.png
[2010.10.15 18:26:51 | 000,029,721 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Desktop\MixedCow.32FarmCash.png
[2010.10.15 17:52:19 | 000,000,784 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GIMP 2.lnk
[2010.10.15 13:46:03 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.10.07 20:31:33 | 000,001,570 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.10.07 12:39:52 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\Default.rdp
[2010.10.06 21:02:18 | 000,000,896 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk
[2008.01.01 20:02:41 | 000,000,113 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007.09.28 18:41:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.08.07 17:41:38 | 000,001,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007.03.09 17:29:41 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007.02.05 15:48:36 | 000,016,828 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007.02.05 15:48:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007.02.05 15:48:28 | 000,016,562 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2006.12.19 19:23:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006.12.15 18:53:18 | 000,031,232 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.04.06 19:44:35 | 000,007,053 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006.04.06 19:44:35 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006.03.31 13:57:53 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.01.29 20:46:46 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2005.12.27 12:15:17 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005.11.23 20:54:08 | 000,000,101 | ---- | C] () -- C:\WINDOWS\EasyCash.ini
[2005.11.23 20:51:37 | 000,000,387 | ---- | C] () -- C:\WINDOWS\EasyCT.INI
[2005.07.10 14:50:27 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2005.06.07 17:37:36 | 000,000,475 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.04.03 20:34:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NokiaContentCopier.INI
[2005.02.15 20:49:10 | 000,000,077 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\sversion.ini
[2005.01.29 19:09:32 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005.01.29 18:36:29 | 000,007,127 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2004.10.04 21:02:58 | 000,018,646 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004.10.03 16:03:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.10.02 16:18:45 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004.10.02 16:18:45 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004.10.02 16:18:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004.10.02 16:18:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004.10.02 16:18:45 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004.10.02 15:08:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.10.02 14:26:04 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2004.10.02 14:26:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2004.10.02 14:25:45 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004.10.02 14:23:46 | 000,000,962 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.10.02 14:12:31 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.10.02 13:37:21 | 000,001,978 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004.06.28 22:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:27AAAD97
@Alternate Data Stream - 106 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2

< End of report >

--- --- ---

Hier noch die Logfile von TDSSKiller :

2010/10/29 11:19:59.0984 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/29 11:19:59.0984 ================================================================================
2010/10/29 11:19:59.0984 SystemInfo:
2010/10/29 11:19:59.0984
2010/10/29 11:19:59.0984 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/29 11:19:59.0984 Product type: Workstation
2010/10/29 11:19:59.0984 ComputerName: WERNER
2010/10/29 11:19:59.0984 UserName: Earny
2010/10/29 11:19:59.0984 Windows directory: C:\WINDOWS
2010/10/29 11:19:59.0984 System windows directory: C:\WINDOWS
2010/10/29 11:19:59.0984 Processor architecture: Intel x86
2010/10/29 11:19:59.0984 Number of processors: 1
2010/10/29 11:19:59.0984 Page size: 0x1000
2010/10/29 11:19:59.0984 Boot type: Normal boot
2010/10/29 11:19:59.0984 ================================================================================
2010/10/29 11:20:00.0750 Initialize success
2010/10/29 11:20:08.0421 ================================================================================
2010/10/29 11:20:08.0421 Scan started
2010/10/29 11:20:08.0421 Mode: Manual;
2010/10/29 11:20:08.0421 ================================================================================
2010/10/29 11:20:10.0734 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/10/29 11:20:11.0328 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/29 11:20:11.0687 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/29 11:20:12.0156 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/29 11:20:12.0546 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/29 11:20:13.0671 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2010/10/29 11:20:13.0937 ALCXWDM (a886a879d2d05d942c3565c4d451ec23) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/10/29 11:20:14.0734 AmdK7 (3a0dafac778236559c14c7203fb550eb) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2010/10/29 11:20:15.0343 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/29 11:20:16.0265 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/10/29 11:20:16.0625 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/10/29 11:20:16.0984 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/10/29 11:20:17.0140 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/10/29 11:20:17.0468 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/10/29 11:20:17.0890 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/29 11:20:18.0359 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/29 11:20:18.0859 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/29 11:20:19.0031 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/29 11:20:19.0468 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/10/29 11:20:19.0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/29 11:20:20.0109 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/29 11:20:20.0359 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/29 11:20:20.0812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/29 11:20:21.0156 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/29 11:20:21.0531 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/29 11:20:22.0640 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/29 11:20:23.0062 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/29 11:20:23.0875 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/29 11:20:24.0234 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/29 11:20:24.0500 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/29 11:20:24.0953 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/29 11:20:25.0171 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/10/29 11:20:25.0625 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/29 11:20:25.0875 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/29 11:20:26.0187 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2010/10/29 11:20:26.0468 FETNDISB (cc6b6df3c35c20531492e1b700f700fa) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
2010/10/29 11:20:26.0687 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/29 11:20:26.0906 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/29 11:20:27.0093 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/29 11:20:27.0625 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/10/29 11:20:27.0921 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/29 11:20:28.0062 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/29 11:20:28.0312 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/10/29 11:20:28.0562 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/29 11:20:29.0000 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/29 11:20:29.0187 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/29 11:20:29.0750 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/10/29 11:20:30.0000 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/10/29 11:20:30.0281 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/10/29 11:20:30.0640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/29 11:20:31.0468 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/29 11:20:31.0890 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/29 11:20:33.0203 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/29 11:20:33.0609 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/29 11:20:33.0875 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/29 11:20:34.0187 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/29 11:20:34.0500 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/29 11:20:34.0859 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/29 11:20:35.0203 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/29 11:20:35.0578 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/10/29 11:20:35.0890 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/29 11:20:36.0078 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/29 11:20:36.0468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/29 11:20:36.0781 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/29 11:20:37.0468 MBAMSwissArmy (7364d8a830f91c487f430a57fdbd2bbb) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010/10/29 11:20:37.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/29 11:20:38.0359 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/29 11:20:38.0687 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/29 11:20:39.0000 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/29 11:20:39.0343 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/29 11:20:39.0968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/29 11:20:40.0390 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/29 11:20:40.0828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/29 11:20:41.0171 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/29 11:20:41.0515 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/29 11:20:41.0875 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/29 11:20:42.0156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/29 11:20:42.0453 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/29 11:20:42.0734 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/10/29 11:20:43.0015 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/29 11:20:43.0250 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/29 11:20:43.0687 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/29 11:20:43.0984 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/29 11:20:44.0312 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/29 11:20:44.0671 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/29 11:20:45.0000 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/29 11:20:45.0328 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/29 11:20:45.0640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/29 11:20:45.0953 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/29 11:20:46.0296 netrcacm (b128ccc0e4586628d5d6f6a8f1d0778d) C:\WINDOWS\system32\DRIVERS\netrcacm.sys
2010/10/29 11:20:46.0500 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/29 11:20:46.0781 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/10/29 11:20:47.0109 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/10/29 11:20:47.0437 nmwcdnsu (02120406f27f5895dfce4c640e6ee237) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2010/10/29 11:20:47.0765 nmwcdnsuc (9c5de8b7cf5680307bbdf512c9258ecc) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2010/10/29 11:20:48.0046 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/29 11:20:48.0468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/29 11:20:49.0062 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/29 11:20:49.0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/29 11:20:49.0703 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/29 11:20:49.0968 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/29 11:20:50.0343 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/29 11:20:50.0671 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/29 11:20:50.0890 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/29 11:20:51.0171 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/10/29 11:20:51.0468 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/29 11:20:52.0171 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/29 11:20:54.0234 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2010/10/29 11:20:54.0765 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/29 11:20:55.0187 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
2010/10/29 11:20:55.0484 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/29 11:20:55.0750 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/29 11:20:55.0968 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/29 11:20:57.0453 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/29 11:20:57.0718 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/29 11:20:58.0078 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/29 11:20:58.0359 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/29 11:20:58.0671 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/29 11:20:58.0984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/29 11:20:59.0375 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/29 11:20:59.0703 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/29 11:21:00.0125 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/29 11:21:00.0546 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/29 11:21:00.0843 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/29 11:21:01.0234 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/29 11:21:01.0765 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/29 11:21:02.0406 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/29 11:21:02.0765 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/29 11:21:03.0062 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/29 11:21:03.0406 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/10/29 11:21:03.0734 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/29 11:21:03.0968 SVKP (f05028b163b92c302a74409d683ac9b0) C:\WINDOWS\system32\SVKP.sys
2010/10/29 11:21:04.0265 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/29 11:21:04.0562 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/29 11:21:05.0203 SYMDNS (61a932f6e04c1d125659ec5f9a158cc1) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2010/10/29 11:21:05.0500 SYMFW (033a6a91aa4162540c1e39a0d5c563c8) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2010/10/29 11:21:05.0734 SYMIDS (071f8c6c95d8b632e73dcdbf865d8e46) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2010/10/29 11:21:06.0156 SYMNDIS (a6bbadd2472ffc5b6ce3198e13ee0e74) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2010/10/29 11:21:06.0656 SYMREDRV (df5514802a2e0a478e29be2e33360807) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/10/29 11:21:07.0015 SYMTDI (9da226bc68389fbd6ec0e01286e7639c) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/10/29 11:21:07.0828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/29 11:21:08.0234 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/29 11:21:08.0593 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/29 11:21:08.0906 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/29 11:21:09.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/29 11:21:09.0796 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2010/10/29 11:21:10.0015 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/29 11:21:10.0703 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/29 11:21:11.0078 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/10/29 11:21:11.0468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/29 11:21:11.0781 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/29 11:21:12.0109 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/29 11:21:12.0421 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/29 11:21:12.0734 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/29 11:21:13.0000 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2010/10/29 11:21:13.0343 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/10/29 11:21:13.0687 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/29 11:21:13.0875 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/29 11:21:14.0281 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/29 11:21:14.0531 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2010/10/29 11:21:14.0875 viagfx (949f86f5a8e493574bbb830c3d18e4a9) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2010/10/29 11:21:15.0218 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/29 11:21:15.0515 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/29 11:21:15.0843 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/29 11:21:16.0234 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/10/29 11:21:17.0031 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/29 11:21:17.0500 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/10/29 11:21:17.0796 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/29 11:21:18.0062 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/29 11:21:18.0406 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/29 11:21:18.0687 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/29 11:21:19.0484 ================================================================================
2010/10/29 11:21:19.0484 Scan finished
2010/10/29 11:21:19.0484 ================================================================================

Habe Malwarebytes noch einmal durchlaufen lassen und bekam überraschenderweise 16 Bedrohungen gemeldet:

Hier die Logfile:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4985

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29.10.2010 11:47:12
mbam-log-2010-10-29 (11-47-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 241680
Laufzeit: 2 Stunde(n), 38 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 16
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 (Security.Hijack) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Chris4You · 30.10.2010, 15:33

Hi,

Dein Hostfile wurde manipuliert, ich lasse es von OTL "zurücksetzen"!

OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
SRV - (SNDSrvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe File not found
SRV - (NSCService) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE File not found
SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE File not found
SRV - (LiveUpdate Notice Service) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (Guard NT) -- C:\Programme\Aon\AonVirenchecker\GuardNT\guardNt.exe File not found
SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe File not found
SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe File not found
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
DRV - (NTGUARD) -- C:\Programme\Aon\AonVirenchecker\GuardNT\NTGUARD.SYS File not found
DRV - (mdxgthkn) -- C:\DOKUME~1\Earny\LOKALE~1\Temp\mdxgthkn.sys File not found
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys File not found
DRV - (cmuda) -- C:\WINDOWS\System32\drivers\cmuda.sys File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [UserFaultCheck]  File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 0 = msseces.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = MSASCui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = ekrn.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = egui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = avgnt.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = avcenter.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = avscan.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = avgfrw.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = avgui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = avgtray.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = avgscanx.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = avgcfgex.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = avgemc.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = avgchsvx.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = avgcmgr.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = avgwdsvc.exe
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} hxxp://download.energyfactor.com/dialer/it/activex_259_it.exe (Reg Error: Key error.)
@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:27AAAD97
@Alternate Data Stream - 106 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2


:REG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = dword:0x00
"AntiVirusOverride" = dword:0x00

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[resethosts]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Einige der Reg-Keys hat MAM schon entfernt, ich lass sie aber noch mal entfernen (gibt dann einen Fehler von OTL weil er sie nicht finden kann)...

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren!

Dr. Web (zur Sicherheit)...
http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris

PcInfected · 30.10.2010, 18:21

So, die Logfile von OTL nachdem ich den PC neustarten musste ist die hier :
All processes killed
========== OTL ==========
Service SNDSrvc stopped successfully!
Service SNDSrvc deleted successfully!
File C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe File not found not found.
Service NSCService stopped successfully!
Service NSCService deleted successfully!
File C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE File not found not found.
Service LiveUpdate stopped successfully!
Service LiveUpdate deleted successfully!
File C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE File not found not found.
Service LiveUpdate Notice Service stopped successfully!
Service LiveUpdate Notice Service deleted successfully!
File C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe File not found not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File C:\WINDOWS\System32\hidserv.dll File not found not found.
Service Guard NT stopped successfully!
Service Guard NT deleted successfully!
File C:\Programme\Aon\AonVirenchecker\GuardNT\guardNt.exe File not found not found.
Service ccSetMgr stopped successfully!
Service ccSetMgr deleted successfully!
File C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe File not found not found.
Service ccEvtMgr stopped successfully!
Service ccEvtMgr deleted successfully!
File C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe File not found not found.
Service Automatisches LiveUpdate - Scheduler stopped successfully!
Service Automatisches LiveUpdate - Scheduler deleted successfully!
File C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe File not found not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File C:\WINDOWS\System32\appmgmts.dll File not found not found.
Service NTGUARD stopped successfully!
Service NTGUARD deleted successfully!
File C:\Programme\Aon\AonVirenchecker\GuardNT\NTGUARD.SYS File not found not found.
Service mdxgthkn stopped successfully!
Service mdxgthkn deleted successfully!
File C:\DOKUME~1\Earny\LOKALE~1\Temp\mdxgthkn.sys File not found not found.
Service EraserUtilRebootDrv stopped successfully!
Service EraserUtilRebootDrv deleted successfully!
File C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys File not found not found.
Service cmuda stopped successfully!
Service cmuda deleted successfully!
File C:\WINDOWS\System32\drivers\cmuda.sys File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\0 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\1 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\2 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\3 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\4 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\5 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\6 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\7 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\8 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\9 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\10 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\11 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\12 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\13 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\14 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\15 not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {FFFF0001-0001-101A-A3C9-08002B2F49FC}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FFFF0001-0001-101A-A3C9-08002B2F49FC}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FFFF0001-0001-101A-A3C9-08002B2F49FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFF0001-0001-101A-A3C9-08002B2F49FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FFFF0001-0001-101A-A3C9-08002B2F49FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFF0001-0001-101A-A3C9-08002B2F49FC}\ not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:27AAAD97 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

FC5A2B2 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 114822 bytes
->Flash cache emptied: 41703 bytes

User: Earny
->Temp folder emptied: 48686152 bytes
->Temporary Internet Files folder emptied: 93787806 bytes
->Java cache emptied: 139639 bytes
->FireFox cache emptied: 106266407 bytes
->Google Chrome cache emptied: 12913016 bytes
->Flash cache emptied: 17355 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 15319555 bytes
->Flash cache emptied: 434 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 63426787 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 557720 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 326,00 mb

Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Earny
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.1 log created on 10302010_190626

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

So, nun von GMER bei Rootkits/Malware :

GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit quick scan 2010-10-30 19:21:14
Windows 5.1.2600 Service Pack 3
Running: 180t0fk1.exe; Driver: C:\DOKUME~1\Earny\LOKALE~1\Temp\uxtdqpog.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB8376BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xB83769D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xB8376B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

GMER Scannt noch gerade.

Chris4You · 30.10.2010, 18:48

Hi,

das sieht schon mal nicht schlecht aus....

chris

PcInfected · 30.10.2010, 19:55

So, hier nun der Bericht von GMER:

GMER 1.0.15.15477 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-30 20:56:45
Windows 5.1.2600 Service Pack 3
Running: 180t0fk1.exe; Driver: C:\DOKUME~1\Earny\LOKALE~1\Temp\uxtdqpog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xB8369CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xB8369BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xB836A160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xB836A08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xB8369782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xB8369C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xB83696C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xB8369726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xB8369DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB836A22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xB8369D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xB8369EE6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB8376BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xB83769D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xB8376B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP B8373FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP B83769D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP B8376BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP B83725D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A3B73 7 Bytes JMP B8376B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB9733900]

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[188] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programme\Mozilla Firefox\firefox.exe[2004] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1100] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[1100] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Chris4You · 30.10.2010, 21:19

Hi,

GMER sieht unauffällig aus, was macht der Rechner?

Lass noch CureIT laufen, log wie beschrieben posten (Cureit läuft länger... ev. über nach laufen lassen)...

Schauen wir mal nach dem MBR (obwohl GMER und der Killer tun das auch ;o)...

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.

Vista und Win7 User mit Rechtsklick "als Administrator starten"

Das Tool braucht nur eine Sekunde.

Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste bitte den Inhalt des .txt Dokumentes

chris

PcInfected · 30.10.2010, 23:30

Hier die Logfile von MBR-Check

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xBA058000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xBA047000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA5AC000 viaide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xBA028000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xBA010000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9FF0000 fltmgr.sys
0xB9FDE000 sr.sys
0xBA118000 PxHelp20.sys
0xB9FC7000 KSecDD.sys
0xB9FB4000 WudfPf.sys
0xB9F27000 Ntfs.sys
0xB9EFA000 NDIS.sys
0xBA128000 uagp35.sys
0xBA338000 viaagp1.sys
0xB9EE0000 Mup.sys
0xBA138000 AVGIDSEH.Sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\amdk7.sys
0xB93E5000 \SystemRoot\system32\DRIVERS\vtmini.sys
0xB93D1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA1D8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA428000 \SystemRoot\system32\drivers\iviaspi.sys
0xBA5A4000 \SystemRoot\system32\drivers\pfc.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA208000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB93AE000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA430000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xBA438000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB938A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA440000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB92F4000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB92D0000 \SystemRoot\system32\drivers\portcls.sys
0xBA218000 \SystemRoot\system32\drivers\drmk.sys
0xB926E000 \SystemRoot\system32\drivers\ALCXSENS.SYS
0xBA228000 \SystemRoot\system32\DRIVERS\fetnd5b.sys
0xBA448000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA238000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9EB8000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB925A000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA248000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB9EB4000 \SystemRoot\system32\DRIVERS\PS2.sys
0xBA450000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA730000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA258000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9EB0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9243000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA268000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA278000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA458000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9232000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA288000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA460000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA468000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA298000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA470000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5CA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB91D4000 \SystemRoot\system32\DRIVERS\update.sys
0xB9E9C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA2A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA2B8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5CC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA5CE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA799000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5D0000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA488000 \SystemRoot\System32\drivers\vga.sys
0xBA5D2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5D4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA490000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA498000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA534000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB8171000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB8118000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA2D8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB80F0000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB80CE000 \SystemRoot\System32\drivers\afd.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB8003000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB7F6B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA2F8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB7F45000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA308000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA318000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA55C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB95F7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA560000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB7F1E000 \SystemRoot\System32\Drivers\aswSP.SYS
0xBA368000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB7EFA000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB7EE2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5D8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA584000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA370000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA736000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\vtdisp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB55D2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB563A000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xB55B6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB5313000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB5146000 \SystemRoot\system32\drivers\wdmaud.sys
0xB53CA000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA628000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB4EE8000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA74B000 \??\C:\WINDOWS\system32\SVKP.sys
0xBA360000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB4AF0000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB4104000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 42):
0 System Idle Process
4 System
936 C:\WINDOWS\system32\smss.exe
1060 csrss.exe
1084 C:\WINDOWS\system32\winlogon.exe
1132

Denke übrigens das das Problem behoben ist, haben sich keine Webseiten mehr einfachso geöffnet.

Chris4You · 02.11.2010, 08:43

Hi,

das Log ist nicht vollständig, bitte nochmal posten!

chris

PcInfected · 02.11.2010, 12:47

Das ist die Logfile von MBR:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 125):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xBA058000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xBA047000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA5AC000 viaide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xBA028000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xBA010000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9FF0000 fltmgr.sys
0xB9FDE000 sr.sys
0xBA118000 PxHelp20.sys
0xB9FC7000 KSecDD.sys
0xB9FB4000 WudfPf.sys
0xB9F27000 Ntfs.sys
0xB9EFA000 NDIS.sys
0xBA128000 uagp35.sys
0xBA338000 viaagp1.sys
0xB9EE0000 Mup.sys
0xBA138000 AVGIDSEH.Sys
0xBA198000 \SystemRoot\system32\DRIVERS\amdk7.sys
0xB9506000 \SystemRoot\system32\DRIVERS\vtmini.sys
0xB94F2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA1A8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA418000 \SystemRoot\system32\drivers\iviaspi.sys
0xBA598000 \SystemRoot\system32\drivers\pfc.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB94CF000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA420000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xBA428000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB94AB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA430000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9415000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB93F1000 \SystemRoot\system32\drivers\portcls.sys
0xBA1E8000 \SystemRoot\system32\drivers\drmk.sys
0xB938F000 \SystemRoot\system32\drivers\ALCXSENS.SYS
0xBA208000 \SystemRoot\system32\DRIVERS\fetnd5b.sys
0xBA438000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA218000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA5A0000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB937B000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA228000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA5A4000 \SystemRoot\system32\DRIVERS\PS2.sys
0xBA448000

Chris4You · 02.11.2010, 14:31

Hi,

teile das Log mal in zwei Posts auf oder fasse es in [code]-Tags...
(Ein "/" dann vor das Wort code zum Abschluß....)->[/ code] (Aber ohne Blank dazwischen...)

chris

Internetseiten öffnen sich von selbst

Plagegeister aller Art und deren Bekämpfung: Internetseiten öffnen sich von selbst