Adware.Agent und TR/Trash.Gen Trojan gefunden und bei Gmer was falsch gemacht :-(

cosinus · 12.02.2011, 15:30

Updates sollte man über Systemsteuerung deinstallieren deinstallieren können, genauso wie die Programme auch.

Opel-Vectra · 12.02.2011, 15:48

Danke! Habe ich gefunden und bin dabei die Updates zu entfernen. Dass da 'ne Warnmeldung kommt, dass folgende Programme (so ziemlich alles, was ich auf dem Rechner habe) anschliessend nicht mehr funktionieren wuerde, kann ich ignorieren, oder?!?

Was soll ich als naechsten Schritt machen?

Opel-Vectra · 12.02.2011, 15:58

ok, das einzige zu entfernende Updte war das fuer IE 8, die anderen Updates sind in der Systemsteuerung nicht zu finden!

cosinus · 12.02.2011, 18:59

Und der Rechner stürzt jetzt noch wenn das Kabelmodem angeschlossen wird?

Was ist mit Combofix?

Opel-Vectra · 13.02.2011, 02:21

Hey Arne,

Danke!!! der PC laeuft derzeit wieder mit Internetanschluss ohne abzustuerzen

Habe Combofix laufen lassen, aber es ging wieder was daneben *frequent hard head banging against the desk* - was sollte man auch anderes von jemandem erwarten, der 10-Stunden-Schichten im Baumarkt schiebt. Gottseidank, sind morgen nur 8 Stunden angesagt...

Habe erst den Avira ausgeschaltet, nachdem ich die cofi.exe angeklickt hatte und der Combofix noch beim Vorbereiten war. War mir nicht sicher, ob ich haette abbrechen und neu starten sollen. Oder vielleicht noch mal neu durchlaufen lassen. Falls ich das besser machen sollte, wirst Du es mir bestimmt mitteilen, oder? :-(

Werde die MBAMs gleich noch nachladen.

Hier aber zuerst der Combofix-log:

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-02-12.01 - Owner 12.02.2011  18:39:46.6.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.893.536 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\cofi.exe
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {83877DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {83AA4814-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {8460B6DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {846C4DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {849226DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {84B16B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000246-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {838DCA1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {838E57AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8415C464-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84180594-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {841BE6D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {841C6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {841D9A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {841DC9B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {841DD5EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {841E9C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8420B23C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8424CC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8424DA24-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8428E5E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {842A989C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {842B29DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {842B3A9C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {842BEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {842C1A54-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {842DBAB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {842EE35C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8434AB64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8436B50C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8436E44C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {843D4A84-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {843DC88C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {843E1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {843E48EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {843F1C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8441FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {844566DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8446072C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84463A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84463C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8447689C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8448465C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8448BC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {844B5DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {844B6C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84515C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8452BC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84534DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845618CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8457BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8459ACCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845B2584-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845B5A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845BAA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845BE3DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845BEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845C935C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845DA914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845DFC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845E289C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845E3284-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845E589C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845E94D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845E9A14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845EB734-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845EFB64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845EFDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845F27BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {845FFC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84600054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8460089C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8460534C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846076DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8460841C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8460AC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84613DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84614A34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8461A8EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8461D3A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846229A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84626894-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8462D89C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8463FA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8464936C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8464F6DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8465299C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8465480C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8465789C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8465ADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8465D6FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846677E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8466BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8466CA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84678C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84680C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846836C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84687C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846898AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8468B3AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846907D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84692A14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846934AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8469353C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8469462C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8469A504-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8469F28C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8469FC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846A2604-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846A451C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846A5514-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846A78D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846A7B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846A8524-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846AB55C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846ABB5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846B2DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846B451C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846B561C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846B8B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846B9594-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846C143C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846C535C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846CD5C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846D19A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846D5A6C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846D67E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846DC974-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846DE324-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846E25B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846E4DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846E5464-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846EE854-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846F59A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846F8394-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846FB89C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {846FE5D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8470ADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {847118AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84715484-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84717494-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84719A54-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8471C6AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8471E4A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84720394-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {847206DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8472335C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {847247F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8472772C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84727814-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84727A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84729C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8472C7FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84734504-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84736374-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84736444-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84737A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84739AA4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84742DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84749464-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8474A664-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8474B054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {847526EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8475D624-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84760A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84760DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84762A3C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84765DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84769344-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {847776DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8479689C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {847AFDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {847B0994-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {847B0C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {847C9C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {847F0C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {847FE8AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {847FEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {847FF83C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8480154C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84801DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8480335C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84804764-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84805794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {848066DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8480D69C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8481388C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84813B1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84816DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8481A334-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8482483C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8482BA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8482C534-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8482CB64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8482E3AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8482E74C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8482F564-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {848314AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84836CA4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8484189C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8484589C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84849A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8484C634-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8485137C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84852574-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84853334-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {848581CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8485F7F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8486380C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84864CE4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84866804-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84873A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8487563C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84876A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8487C644-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8488A7AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84890C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {848979DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {848995EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {848A02BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {848A051C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {848B389C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {848C228C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {848DB834-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {848EFDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {848F089C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84911814-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8491B624-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8491E654-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84928784-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84934524-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84A3F054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84A49754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84A4D674-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84A6E774-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84A6E7D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84A71494-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84A73DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84A7A704-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84A8B6D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84A8C2FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84A8F894-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84A9065C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84A92DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84AA7DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84B49B80-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84B6381C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84B66374-FFA4-00DE-0D24-347CA8A3377C}
.

(((((((((((((((((((((((((   Files Created from 2011-01-13 to 2011-02-13  )))))))))))))))))))))))))))))))
.

2011-02-12 00:39 . 2011-02-12 02:10	--------	d-----w-	C:\cc-cleaner-backup
2011-02-11 23:51 . 2010-12-20 23:59	55296	----a-w-	c:\windows\system32\SET3D.tmp
2011-02-11 23:51 . 2010-12-20 23:59	916480	----a-w-	c:\windows\system32\SET37.tmp
2011-02-11 23:51 . 2010-12-20 23:59	602112	----a-w-	c:\windows\system32\SET3E.tmp
2011-02-11 23:51 . 2010-12-20 23:59	1210880	----a-w-	c:\windows\system32\SET38.tmp
2011-02-11 23:51 . 2010-12-20 23:59	5961216	----a-w-	c:\windows\system32\SET3C.tmp
2011-02-11 13:15 . 2011-02-11 13:15	--------	d-----w-	c:\windows\Internet Logs
2011-02-08 16:03 . 2011-02-08 16:03	--------	d-----w-	c:\program files\ERUNT
2011-01-19 19:08 . 2011-01-19 22:17	--------	d-----w-	c:\documents and settings\Owner\Application Data\skypePM
2011-01-19 19:07 . 2011-01-19 19:07	--------	d-----w-	c:\program files\Common Files\Skype
2011-01-19 19:07 . 2011-01-19 19:07	--------	d-----r-	c:\program files\Skype
2011-01-19 19:07 . 2011-01-20 02:23	--------	d-----w-	c:\documents and settings\Owner\Application Data\Skype
2011-01-19 19:07 . 2011-01-19 19:07	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype
2011-01-19 14:07 . 2011-01-19 14:07	--------	d-----w-	c:\windows\system32\windows media
2011-01-19 14:07 . 2011-01-19 14:07	--------	d-----w-	c:\program files\Windows Media-Komponenten

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2006-06-17 09:23	439296	------w-	c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-06-17 09:23	290048	----a-w-	c:\windows\system32\atmfd.dll
2011-01-01 15:06 . 2010-04-09 21:18	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-12-31 13:10 . 2006-06-17 09:23	1854976	------w-	c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2006-06-17 09:23	301568	----a-w-	c:\windows\system32\kerberos.dll
2010-12-21 00:09 . 2010-01-23 06:05	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2010-01-23 06:05	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2006-06-17 09:23	730112	------w-	c:\windows\system32\lsasrv.dll
2010-12-09 15:15 . 2006-06-17 09:23	718336	------w-	c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2006-06-17 09:23	33280	------w-	c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2006-06-17 09:23	2148864	------w-	c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 05:59	2027008	------w-	c:\windows\system32\ntkrnlpa.exe
2010-11-24 12:09 . 2009-05-18 14:26	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2006-06-17 09:38	81920	------w-	c:\windows\system32\isign32.dll
2006-05-03 10:06	163328	--sh--r-	c:\windows\system32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\system32\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"CHotkey"="zHotkey.exe" [2004-12-09 550912]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"phc700"="c:\windows\vphc700.exe" [2005-07-21 339968]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TrayMin700.exe.lnk - c:\program files\Philips\SPC 700NC PC Camera\TrayMin700.exe [2007-4-16 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avi Player]
2007-09-05 08:38	629760	----a-w-	c:\program files\Avi Player\AviPlayer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [29.09.2008 20:41 38448]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [09.04.2010 15:18 135336]
R3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys [16.04.2007 23:07 541568]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 12:16 130384]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [17.06.2006 03:23 14336]
S3 notecable;NoteCable Driver (WDM);c:\windows\system32\drivers\notcable.sys --> c:\windows\system32\drivers\notcable.sys [?]
S3 VVBETHERNET;Efficient Networks Virtual Bus Ethernet driver;c:\windows\system32\drivers\vvbetht.sys [17.12.2001 11:58 15309]
S3 VvBusUsb;Efficient Networks USB Virtual Bus driver;c:\windows\system32\drivers\vvbususb.sys [24.11.2006 22:35 50911]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [17.06.2006 03:23 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 12:16 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
WINRM	REG_MULTI_SZ   	WINRM
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2006-11-25 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]

2006-11-25 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5212
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {040361A0-1658-4FA5-A6C0-410E2A06E3FB} = 66.133.150.12,170.215.255.114
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z693kmx8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://d-strueber.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Owner\Application Data\Move Networks
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-02-12 18:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1712)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-12  18:58:30
ComboFix-quarantined-files.txt  2011-02-13 00:58
ComboFix2.txt  2010-10-13 20:15

Pre-Run: 151.139.266.560 bytes free
Post-Run: 151.103.365.120 bytes free

- - End Of File - - 3FD7D0105A3B48A801FB649FC3EE26CF

--- --- ---

Opel-Vectra · 13.02.2011, 02:37

Logfiles von MBAM:

################## 19.11.2009 - Anfang #########################

Malwarebytes' Anti-Malware 1.41
Database version: 3195
Windows 5.1.2600 Service Pack 3

19.11.2009 03:42:32
mbam-log-2009-11-19 (03-42-32).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 237488
Time elapsed: 1 hour(s), 23 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP549\A0107142.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

################## 19.11.2009 - Ende ###########################

################## 26.03.2010 - Anfang #########################

Malwarebytes' Anti-Malware 1.44
Database version: 3919
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26.03.2010 23:51:12
mbam-log-2010-03-26 (23-51-12).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 249747
Time elapsed: 1 hour(s), 17 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\getdo (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Application Data\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.

################## 26.03.2010 - Ende ###########################

################## 01.04.2010 - Anfang #########################

Malwarebytes' Anti-Malware 1.45
Malwarebytes

Database version: 3940

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01.04.2010 04:03:41
mbam-log-2010-04-01 (04-03-41).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 220095
Time elapsed: 1 hour(s), 17 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\helper (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

################## 01.04.2010 - Ende ###########################

################## 12.09.2010 - Anfang #########################

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4597

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12.09.2010 00:18:16
mbam-log-2010-09-12 (00-18-16).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 244546
Time elapsed: 1 hour(s), 9 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\eRightSoft\SUPER\spk\MKV_ax.spk (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.

################## 12.09.2010 - Ende ###########################

################## 22.09.2010 - Anfang #########################

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4672

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.09.2010 12:54:20
mbam-log-2010-09-22 (12-54-20).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 247183
Time elapsed: 1 hour(s), 11 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\i386\Apps\App12649\googledesktopsetup_en_release_s_r3intl_sign_c2172891_030306_160544.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

################## 22.09.2010 - Ende ###########################

################## 05.02.2011 - Anfang #########################

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5682

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05.02.2011 04:54:14
mbam-log-2011-02-05 (04-54-14).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 272944
Time elapsed: 1 hour(s), 11 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{4e015214-6bb0-4181-b365-456cf1dec069}\RP69\A0015219.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\zz downloads\aviplayersetup_3-0.exe (Adware.Agent) -> Quarantined and deleted successfully.

################## 05.02.2011 - Ende ###########################

cosinus · 13.02.2011, 20:34

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur einige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Opel-Vectra · 13.02.2011, 21:59

Hey Arne,

wollte kurz berichten, dass ich heute morgen versucht habe, meinen PC hochzufahren, nachdem er gestern ja wieder problemlos ohne abzustuerzen lief. Habe ihn also mit angeschlossener Internetverbindung hochgefahren, 8 Minuten bis zum Log-In_screen gewartet, eingelogt, 6 weitere Minuten gewartet bis der Desktop aufgebaut war und versucht Firefox zu oeffnen und der Rechner stuerzte sofort ab.

Hab dann wieder die Internetverbindung (Power zum Modem) unterbrochen, den Rechner hochgefahren, 8 Minuten bis Log-In, 6 weitere Minuten bis der Desktop aufgebaut war und die Nachricht "The ystem has recovered from a serious error" erhalten. Diesmal mit der Error signatur:

BCCode : 1000007f BCP1 : 0000000D BCP2 : 00000000 BCP3 : 00000000
BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

Nutzen Dir diese Signaturen irgendwas oder kann ich es mir sparen, sie von meinem PC abzuschreiben und in den Labtop einzugeben?

Beim Runterfahren erhielt ich wieder die Option, Windows updates zu installieren. Hab das natuerlich nicht gemacht. Dann Rechner wieder hochgefahren (ohne Modem), gewartet, eingelogt, gewartet, Firefox eingeschaltet, kein Problem! Modem wieder angeschlossen. Kein Problem. Komisch... Rechner wieder runtergefahren, modem abgeschaltet – auf Antwort gewartet.

Rechner wieder hochgefahren (14 Minuten), Firefox gestartet, Modem angeschlossen, neuen GMER runtergeladen, alle Programme geschlossen, Internetverbindung gekappt. Gmer gestrtet. Da nach 4 Minuten immer noch \Device\Ide\Pcilde2 angezeigt wurde (bevor ich Scan starten konnte) und derRechner nichts mehr getan hat, habe ich versucht, das Program ueber das X oben rechts zu schliessen aber auch dort passierte nichts. Habe versucht ueber Strg+Alt+Del den Windows Task Manager zu oeffnen. 5 Minuten gewartet. Keine Reaktion. Windows-Taste gedrueckt, keine Reaktion. On/Off am Rechner fuer Shut-Down gedrueckt. 5 Minuten gewartet. Keine Reaktion. On/Off 5 Sekunden gehalten.

Rechner in SafeMode hochgefahren. Gmer gesucht, nicht gefunden, da "Owner"-Desktop fuer andere User gesperrt ist.

PC runtergefahren, erneut hochgefahren (14 Minuten). Owner Desktop freigegeben (Properties => Sharing=> Haken entfernt bei "Make this Folder private". Erneut GMER ausgefuehrt. Diese mal konnte ich "scan" starten. Unter dem Reiter Rootkit/Malware wurde etwas angezeigt (hab' aber nicht aufgeschrieben, was es war – irgendwas mit Win und Filter oder Scan). Hab dann Scan geklickt und der GMER stuerzte wieder ab. Gmer blieb bei Sections: c:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS stecken. Im oberen Fenster wurde folgendes angezeigt:
SSDT B0DF4F9E ZwCreateKey
SSDT B0DF1F94 ZwCreateThread
SSDT B0DF4FA3 ZwDeleteKey
SSDT B0DF4FAD ZwDeleteValueKey
SSDT B0DF4FB2 ZwLoadKey
SSDT B0DF4F80 ZwOpenProcess
SSDT B0DF4F85 ZwOpenThread
SSDT B0DF4FBC ZwReplaceKey
SSDT B0DF$FB7 ZwRestoreKey
SSDT B0DF4FA8 ZwSetValueKey

Wieder versucht das Programm zu beenden (Not Responding). Wie vorher... Mit 5Sec On/Off ausgeschltet.

Rechner in Safe-Mode hochgefahren. Gmer gesucht, gefunden, gestartet, nichts unter dem Reiter Rootkit/Malware angezeigt. Scan ausgefuehrt. Ohne irgendwas im Fenster anzuzeigen bei Sections C:\WINDOWS\system32\drivers\ohci1394.sys steckengeblieben. 5 Minuten gewartet. Keine Reaktion auf gar nichts! Ueber 5sec On/Off abgeschaltet.

Fahre den Rechenr gerade erneut hoch und werde mit OSAM forfahren. Wollte aber borher dieses Update posten. Vielleicht hilft es ja???

Opel-Vectra · 13.02.2011, 22:18

Arne,

habe jetzt den Pc wieder normal gestartet (ohne Modem), Firefox geoeffnet, Modem angeschlossen, osam herunter geladen. Nun habe ich auf dem Desktop osam_autorun_manager_5_0_portable.rar kann damit aber ncihts anfangen. Klicke auf "open" und ich werde auf 'ne shell.windows.com Seite geleitet und komme von dort auf winzip.com/lanar.htm oofe Frage: ich hab' Winzip schon auf meinem Rechner. Soll ich es mir hier erneut runterladen? Kennst Du ein besseres Programm?

Danke!

Opel-Vectra · 14.02.2011, 05:43

Arne,

Sorry, war 'ne doofe Frage. Bin um 22:05 schreiend wieder aus dem Bett gesprungen weil ich mich daran erinnert habe, WO(!!!) ich bei Euch von 7-zip gelesen habe. Runtergeladen, installiert. Die rar-Datei zu starten hat dann immer noch nicht funktioniert, aber nach starten von 7zip konnte ich die Datei entpacken und ENDLICH doch weitermachen.

Nun denn, hier ist der Log:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 22:36:50 on 13.02.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FINDFAST.CPL" - "Microsoft Corporation" - C:\WINDOWS\system32\FINDFAST.CPL
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"MLCFG32.CPL" - "Microsoft Corporation" - C:\WINDOWS\system32\MLCFG32.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys  (File not found)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys  (File not found)
"Cdr4_xp" (Cdr4_xp) - "Sonic Solutions" - C:\WINDOWS\system32\drivers\Cdr4_xp.sys
"Cdralw2k" (Cdralw2k) - "Sonic Solutions" - C:\WINDOWS\system32\drivers\Cdralw2k.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Efficient Networks USB Virtual Bus driver" (VvBusUsb) - "Virata" - C:\WINDOWS\System32\drivers\vvbususb.sys
"Efficient Networks Virtual Bus Ethernet driver" (VVBETHERNET) - "Virata" - C:\WINDOWS\System32\DRIVERS\vvbEthT.sys
"hotcore3" (hotcore3) - "Paragon Software Group" - C:\WINDOWS\System32\drivers\hotcore3.sys
"Lbd" (Lbd) - ? - C:\WINDOWS\System32\DRIVERS\Lbd.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MagicTune" (MagicTune) - ? - C:\WINDOWS\System32\drivers\MTiCtwl.sys  (File found, but it contains no detailed information)
"MHN driver" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys
"NCPro" (NCPro) - ? - C:\WINDOWS\system32\drivers\MTictwl.sys  (File found, but it contains no detailed information)
"NoteCable Driver (WDM)" (notecable) - ? - C:\WINDOWS\System32\drivers\notcable.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"UIM Drive Backup Image Plugin" (Uim_IM) - "Paragon" - C:\WINDOWS\System32\Drivers\Uim_IM.sys
"Universal Image Mounter Controller" (UimBus) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\UimBus.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} "Browser Customizations" - ? - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension" - ? - deskpan.dll  (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" - ? -   (File not found | COM-object registry key not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\soa800.dll
{640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll
{cc86590a-b60a-48e6-996b-41d25ed39a1e} "Portable Media Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "SampleView" - "XSS" - C:\WINDOWS\system32\ShellvRTF.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{E0D79300-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll
{E0D79301-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll
{E0D79302-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "get_atlcom Class" - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\gp.ocx / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{5C051655-FCD5-4969-9182-770EA5AA5565} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "{7530BFB8-7293-4D34-9923-61A11451AFC5}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
"TrayMin700.exe.lnk" - ? - C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Power2GoExpress" - ? - NA  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CHotkey" - ? - zHotkey.exe
"OpwareSE4" - "ScanSoft, Inc." - "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"readericon" - "Alcor Micro, Corp." - C:\Program Files\Digital Media Reader\readericon45G.exe
"Recguard" - ? - %WINDIR%\SMINST\RECGUARD.EXE
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WrtMon.exe" - ? - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll
"getPlus(R) Helper 3004" (nosGetPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jqs.exe
"MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer Branding" - ? - C:\WINDOWS\system32\iedkcs32.dll
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} "Internet Explorer Machine Accelerators" - ? - C:\WINDOWS\system32\iedkcs32.dll
{7B849a69-220F-451E-B3FE-2CB811AF94AE} "Internet Explorer User Accelerators" - ? - C:\WINDOWS\system32\iedkcs32.dll
{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer Zonemapping" - ? - C:\WINDOWS\system32\iedkcs32.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

Opel-Vectra · 14.02.2011, 06:53

So, und hier noch der Log zum MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 184):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7B82000 \WINDOWS\system32\KDCOM.DLL
0xF7A92000 \WINDOWS\system32\BOOTVID.dll
0xF7553000 ACPI.sys
0xF7B84000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7542000 pci.sys
0xF7682000 isapnp.sys
0xF7692000 ohci1394.sys
0xF76A2000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A96000 compbatt.sys
0xF7A9A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7C4A000 pciide.sys
0xF7902000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7B86000 aliide.sys
0xF7B88000 cmdide.sys
0xF7B8A000 toside.sys
0xF7B8C000 viaide.sys
0xF7B8E000 intelide.sys
0xF7524000 pcmcia.sys
0xF76B2000 MountMgr.sys
0xF7505000 ftdisk.sys
0xF7B90000 dmload.sys
0xF74DF000 dmio.sys
0xF7A9E000 ACPIEC.sys
0xF7C4B000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF790A000 PartMgr.sys
0xF7912000 hotcore3.sys
0xF76C2000 VolSnap.sys
0xF7AA2000 cpqarray.sys
0xF74C7000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF74AF000 atapi.sys
0xF7AA6000 aha154x.sys
0xF791A000 sparrow.sys
0xF7AAA000 symc810.sys
0xF76D2000 aic78xx.sys
0xF7AAE000 dac960nt.sys
0xF76E2000 ql10wnt.sys
0xF7AB2000 amsint.sys
0xF7922000 asc.sys
0xF7AB6000 asc3550.sys
0xF792A000 mraid35x.sys
0xF7932000 i2omp.sys
0xF7ABA000 ini910u.sys
0xF76F2000 ql1240.sys
0xF7702000 aic78u2.sys
0xF793A000 symc8xx.sys
0xF7942000 sym_hi.sys
0xF794A000 sym_u3.sys
0xF7952000 ABP480N5.SYS
0xF795A000 asc3350p.sys
0xF7B92000 cd20xrnt.sys
0xF7712000 ultra.sys
0xF7496000 adpu160m.sys
0xF7962000 dpti2o.sys
0xF7722000 ql1080.sys
0xF7732000 ql1280.sys
0xF7742000 ql12160.sys
0xF796A000 perc2.sys
0xF7B94000 perc2hib.sys
0xF7972000 hpn.sys
0xF7ABE000 cbidf2k.sys
0xF746A000 dac2w2k.sys
0xF7752000 disk.sys
0xF7762000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF744A000 fltmgr.sys
0xF7438000 sr.sys
0xF7772000 PxHelp20.sys
0xF7421000 KSecDD.sys
0xF740E000 WudfPf.sys
0xF7381000 Ntfs.sys
0xF7354000 NDIS.sys
0xF7782000 sisagp.sys
0xF7792000 viaagp.sys
0xF733A000 Mup.sys
0xF77A2000 alim1541.sys
0xF77B2000 amdagp.sys
0xF77C2000 agp440.sys
0xF77D2000 agpCPQ.sys
0xF72BA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF636C000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6358000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6511000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6334000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF6509000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF72AA000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF729A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77F2000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6311000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7221000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF62E9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7802000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF6501000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF64F9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF62D5000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7812000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7219000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF62B5000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF627C000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF617F000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xF60CF000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF64F1000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7DC2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7822000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B4A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF60B8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7832000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7842000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF64E9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF60A7000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7852000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF64E1000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A1A000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6077000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7862000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7BE6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6019000 \SystemRoot\system32\DRIVERS\update.sys
0xF65D2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7A22000 \SystemRoot\system32\DRIVERS\UimBus.sys
0xF5FFB000 \SystemRoot\System32\Drivers\Uim_IM.sys
0xF7BE8000 \SystemRoot\System32\Drivers\UimFIO.SYS
0xF7882000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF78B2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BEA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xED6DC000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xED6B8000 \SystemRoot\system32\drivers\portcls.sys
0xF78D2000 \SystemRoot\system32\drivers\drmk.sys
0xF79BA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF726A000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79C2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7D4D000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7D4E000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF7C1C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D4F000 \SystemRoot\System32\Drivers\Null.SYS
0xF7C1E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7239000 \SystemRoot\system32\drivers\MTictwl.sys
0xEC571000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xEC569000 \SystemRoot\System32\drivers\vga.sys
0xF7C20000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C22000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xEC561000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEC559000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7231000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB746A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB7411000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB73E9000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB73C3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEBEA5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB72A9000 \SystemRoot\System32\drivers\afd.sys
0xEBE95000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB727E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB720E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xEBE85000 \SystemRoot\System32\Drivers\Fips.SYS
0xB3750000 \SystemRoot\system32\DRIVERS\phc700.sys
0xB4EFB000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xB4EEB000 \SystemRoot\system32\drivers\usbaudio.sys
0xB2D5A000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7BC0000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xAFFCF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF6AF5000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAFFB7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BA0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB0380000 \SystemRoot\System32\drivers\Dxapi.sys
0xB4720000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CD7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF093000 \SystemRoot\System32\atikvmag.dll
0xBF0C9000 \SystemRoot\System32\ati3duag.dll
0xBF345000 \SystemRoot\System32\ativvaxx.dll
0xBF418000 \SystemRoot\System32\ATMFD.DLL
0xADE91000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF7C02000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xADD10000 \SystemRoot\System32\Drivers\HTTP.sys
0xADD71000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xADBA7000 \SystemRoot\system32\DRIVERS\srv.sys
0xADA2A000 \SystemRoot\system32\drivers\wdmaud.sys
0xED648000 \SystemRoot\system32\drivers\sysaudio.sys
0xADE6D000 \SystemRoot\system32\DRIVERS\usb8023.sys
0xEB9E2000 \SystemRoot\system32\DRIVERS\RNDISMP.SYS
0xAD414000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
592 C:\WINDOWS\system32\smss.exe
656 csrss.exe
684 C:\WINDOWS\system32\winlogon.exe
728 C:\WINDOWS\system32\services.exe
740 C:\WINDOWS\system32\lsass.exe
920 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
960 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1084 C:\WINDOWS\system32\ati2evxx.exe
1100 C:\WINDOWS\system32\svchost.exe
1176 svchost.exe
1256 C:\WINDOWS\system32\svchost.exe
1320 C:\WINDOWS\system32\svchost.exe
1332 svchost.exe
1432 C:\WINDOWS\system32\spoolsv.exe
1488 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1568 C:\WINDOWS\ehome\ehrecvr.exe
1584 C:\WINDOWS\ehome\ehSched.exe
1668 C:\Program Files\Java\jre6\bin\jqs.exe
1776 svchost.exe
1832 svchost.exe
1952 mcrdsvc.exe
308 C:\WINDOWS\system32\dllhost.exe
468 C:\WINDOWS\system32\ati2evxx.exe
644 alg.exe
1128 C:\WINDOWS\explorer.exe
2184 C:\WINDOWS\ehome\ehtray.exe
2192 C:\Program Files\Digital Media Reader\readericon45G.exe
2200 C:\WINDOWS\RTHDCPL.exe
2208 C:\WINDOWS\zHotkey.exe
2232 C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
2240 C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
2264 C:\WINDOWS\vphc700.exe
2288 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2300 C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
2508 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2524 C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
2884 C:\WINDOWS\system32\wuauclt.exe
1236 C:\Program Files\Mozilla Firefox\firefox.exe
1456 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`52c5e600 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD2000BB-22RDA0, Rev: 20.00K20

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Gateway MBR code detected
SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD

Done!

cosinus · 14.02.2011, 09:09

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Opel-Vectra · 14.02.2011, 15:32

Hey Arne, habe den Rechner mit angeschlossenem Modem hochgefahren wobei er wieder direkt nach dem Log-In noch bevor der Desktop dargestellt wurde, abgestuerzt ist und wieder anfing zu booten. Habe den PC jetzt im Safemode mit Internetverbindung hochgefahren. Kann ich beide scans im Safemode durchfuehren oder waere es besser, das im normalen Modus zu tun? - Danke!

cosinus · 14.02.2011, 16:29

Ja Safemode geht auch. Ich dachte der stürzte jetzt nicht mehr ab?

Stürzt der auch ab, wenn ein anderes USB-Gerät am selben USB-Port hängt?
Anderen USB-Port für das Kabelmodem schon getestet?

Opel-Vectra · 15.02.2011, 06:48

Hey Arne,

na sowas, nun wurde dieses Keyboard umgeschaltet und y und z sind vertauscht. Koennte das was mit dem Virenfund yu tun haben, der da von SAS gefunden wurde. Kann jetyt auch nicht das Frageyeichen finden - so ein aerger...

Sorry! Hier aber schnell die logs aus dem Safemode. War heute lange arbeiten. Es ist jetyt kury vor Mitternacht hier und ich muss morgen wieder um 04-00Uhr frueh hoch. Koennte morgen frueh vor der Arbeit noch versuchen den PC normal hoch zu fahren - ohne Modem - und dann MBAM oder SAS laufen lassen, wenn ich bei der Arbeit bin, wenn Du glaubst dass das was hilft.

Ich konnte uebrigens noch nicht mit anderen USB-anschluessen experimentieren. Immerhin dauert es ueber 14 Minuten bis der PC hoch gefahren ist - normal sind es MAXIMAL UNTER 3 Minuten gewesen. Ich hoffe, dass wir da auch wieder hinkommen, wenn alles wieder okay ist...

Bin ehrlich etwas besorgt, irgendwas knuspert hier schon wieder im Hintergrund richtig intensiv auf der Festplatrte rum. Vielleicht doch noch nicht alles sauber(Fragezeichen)

Ich musste uebrigens nachdem ich SAS laufen liess neu booten.

Okaz, genug, hier die Logs, yuerst SAS

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 02/14/2011 at 09:22 PM

Application Version : 4.48.1000

Core Rules Database Version : 6392
Trace Rules Database Version: 4204

Scan type : Complete Scan
Total Scan Time : 09:53:17

Memory items scanned : 251
Memory threats detected : 0
Registry items scanned : 6711
Registry threats detected : 1
File items scanned : 108760
File threats detected : 2

Trojan.Agent/Gen
C:\PROGRAM FILES\AVI PLAYER\AVIPLAYER.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\AviPlayer.exe
C:\DOCUMENTS AND SETTINGS\OWNER\START MENU\PROGRAMS\VIDEO SOUND GRAFIK\AVI PLAYER\AVI PLAYER.LNK

und hier noch MBAM - der hat aber nichts gefunden

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5760

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

14.02.2011 10:19:39
mbam-log-2011-02-14 (10-19-39).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 277884
Time elapsed: 3 hour(s), 22 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

12.02.2011, 15:30	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Adware.Agent und TR/Trash.Gen Trojan gefunden und bei Gmer was falsch gemacht :-( Updates sollte man über Systemsteuerung deinstallieren deinstallieren können, genauso wie die Programme auch. __________________ Logfiles bitte immer in CODE-Tags posten

12.02.2011, 18:59	#19
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Adware.Agent und TR/Trash.Gen Trojan gefunden und bei Gmer was falsch gemacht :-( Und der Rechner stürzt jetzt noch wenn das Kabelmodem angeschlossen wird? Was ist mit Combofix? __________________ Logfiles bitte immer in CODE-Tags posten

14.02.2011, 09:09	#27
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Adware.Agent und TR/Trash.Gen Trojan gefunden und bei Gmer was falsch gemacht :-( Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

14.02.2011, 16:29	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Adware.Agent und TR/Trash.Gen Trojan gefunden und bei Gmer was falsch gemacht :-( Ja Safemode geht auch. Ich dachte der stürzte jetzt nicht mehr ab? Stürzt der auch ab, wenn ein anderes USB-Gerät am selben USB-Port hängt? Anderen USB-Port für das Kabelmodem schon getestet? __________________ Logfiles bitte immer in CODE-Tags posten

Adware.Agent und TR/Trash.Gen Trojan gefunden und bei Gmer was falsch gemacht :-(

Plagegeister aller Art und deren Bekämpfung: Adware.Agent und TR/Trash.Gen Trojan gefunden und bei Gmer was falsch gemacht :-(