Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   durchschauen, drvmonitor.exe war drauf (https://www.trojaner-board.de/96312-durchschauen-drvmonitor-exe-war-drauf.html)

chouch 06.03.2011 19:06
durchschauen, drvmonitor.exe war drauf
 
Hallo liebes Forum!

Ich hatte die Tage den drvmonitor.exe im Ordner "Auto Protect" im Laufwerk C.
Hab den dann in Eigenregie mit abgesichertem Modus und Ubuntu löschen können, ist jetzt auch längere Zeit nicht mehr gekommen. Kam wohl über ICQ Autoannahme von nem Kollegen, diese habe ich jetzt deaktiviert.

Wäre cool, wenn ihr nochmal drüberschauen könntet, nur dass ich sicher sein kann, dass er weg ist.

Hab jetzt mal OTL nach der Anleitung durchlaufen lassen

Extras
Code:
OTL Extras logfile created on: 06.03.2011 18:10:50 - Run 1
OTL by OldTimer - Version 3.2.22.2    Folder = C:\Dokumente und Einstellungen\k\Desktop\MFTools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 209,45 Gb Total Space | 100,97 Gb Free Space | 48,20% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 15,75 Gb Free Space | 5,28% Space Free | Partition Type: NTFS
Drive G: | 1,86 Gb Total Space | 1,86 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: S-810I8BKMSFIW3 | User Name: k | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2025429265-2000478354-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\aWinampRC Free Server\aWinampRC Free Server.exe" = C:\Programme\aWinampRC Free Server\aWinampRC Free Server.exe:*:Enabled:aWinampRC Free Server -- ()
"C:\Programme\Midway Games\Stranglehold\Binaries\Retail-Stranglehold.exe" = C:\Programme\Midway Games\Stranglehold\Binaries\Retail-Stranglehold.exe:*:Enabled:Stranglehold -- (Midway Home Entertainment Inc)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3159 Banner Remover 1.0
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F53608F-F1AA-466F-862E-6DAEFEDAC7A3}_is1" = aWinampRC Free Server version 1.3
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB}" = LG Android Driver
"{621FCD24-4498-4324-A81E-07D331376EDF}" = PixiePack Codec Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ArtResize_is1" = ArtResize 1.1.0
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon RAW Codec" = Canon RAW Codec
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DPP" = Canon Utilities Digital Photo Professional 3.4
"Foxit Reader" = Foxit Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mp3tag" = Mp3tag v2.45
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Steam App 550" = Left 4 Dead 2
"VLC media player" = VLC media player 1.1.6
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMV9APDMOE" = Windows Media Video 9 Advanced Profile Codec
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2025429265-2000478354-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.11.2010 04:54:26 | Computer Name = S-810I8BKMSFIW3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung daemon.exe, Version 4.30.4.27, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 30.11.2010 04:54:27 | Computer Name = S-810I8BKMSFIW3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung daemon.exe, Version 4.30.4.27, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 30.11.2010 04:54:27 | Computer Name = S-810I8BKMSFIW3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung daemon.exe, Version 4.30.4.27, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 30.11.2010 04:54:27 | Computer Name = S-810I8BKMSFIW3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung daemon.exe, Version 4.30.4.27, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 30.11.2010 13:24:49 | Computer Name = S-810I8BKMSFIW3 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung r6vegas2_game.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul physxcore.dll, Version 0.0.0.0, Fehleradresse 0x00267720.
 
Error - 30.11.2010 13:25:57 | Computer Name = S-810I8BKMSFIW3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung R6Vegas2_Game.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.12.2010 13:52:47 | Computer Name = S-810I8BKMSFIW3 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung prototypef.exe, Version 1.0.0.1, fehlgeschlagenes
 Modul msvcr80.dll, Version 8.0.50727.4053, Fehleradresse 0x000172e5.
 
Error - 11.12.2010 06:38:02 | Computer Name = S-810I8BKMSFIW3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung R6Vegas2_Game.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 04.01.2011 15:41:44 | Computer Name = S-810I8BKMSFIW3 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dppstamp.exe, Version 3.4.0.0, fehlgeschlagenes
 Modul ntdll.dll, Version 5.1.2600.5512, Fehleradresse 0x0001b1fa.
 
Error - 07.01.2011 14:08:07 | Computer Name = S-810I8BKMSFIW3 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 40dshuttercount.exe, P2 1.0.0.0, P3 48e0b967,
 P4 40dshuttercount, P5 1.0.0.0, P6 48e0b967, P7 6f, P8 0, P9 system.dllnotfoundexception,
 P10 NIL.
 
[ System Events ]
Error - 02.03.2011 17:01:58 | Computer Name = S-810I8BKMSFIW3 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
  %%126
 
Error - 02.03.2011 17:01:58 | Computer Name = S-810I8BKMSFIW3 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
  %%126
 
Error - 02.03.2011 17:04:02 | Computer Name = S-810I8BKMSFIW3 | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC80.CRT" konnte nicht gefunden
 werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
 installiert. 
 
Error - 02.03.2011 17:04:02 | Computer Name = S-810I8BKMSFIW3 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC80.CRT fehlgeschlagen.
Referenzfehlermeldung:
 Die referenzierte Assemblierung ist nicht auf dem Computer installiert.  .
 
Error - 02.03.2011 17:04:02 | Computer Name = S-810I8BKMSFIW3 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\Dokumente und Einstellungen\All
 Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.exe fehlgeschlagen.  Referenzfehlermeldung:
 Der Vorgang wurde erfolgreich beendet.  .
 
Error - 03.03.2011 02:06:11 | Computer Name = S-810I8BKMSFIW3 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 03.03.2011 13:10:02 | Computer Name = S-810I8BKMSFIW3 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 04.03.2011 03:30:01 | Computer Name = S-810I8BKMSFIW3 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 05.03.2011 05:06:31 | Computer Name = S-810I8BKMSFIW3 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 06.03.2011 08:19:53 | Computer Name = S-810I8BKMSFIW3 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
 
< End of report >
OTL
Code:
OTL logfile created on: 06.03.2011 18:10:50 - Run 1
OTL by OldTimer - Version 3.2.22.2    Folder = C:\Dokumente und Einstellungen\k\Desktop\MFTools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 209,45 Gb Total Space | 100,97 Gb Free Space | 48,20% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 15,75 Gb Free Space | 5,28% Space Free | Partition Type: NTFS
Drive G: | 1,86 Gb Total Space | 1,86 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: S-810I8BKMSFIW3 | User Name: k | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\k\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Winamp\winamp.exe (Nullsoft)
PRC - C:\WINDOWS\system32\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\k\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Creative Audio Engine Licensing Service) -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\lgandadb.sys (Google Inc)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTEXFIFX.SYS) -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTEXFIFX) -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTHWIUT.SYS) -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT) -- C:\WINDOWS\system32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT.SYS) -- C:\WINDOWS\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (CT20XUT) -- C:\WINDOWS\system32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (vmm) -- C:\WINDOWS\system32\drivers\VMM.sys (Microsoft Corporation)
DRV - (VPCNetS2) -- C:\WINDOWS\system32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2025429265-2000478354-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {aede9b05-c23c-479b-a90e-9146ed62d377}:1.2
 
 
[2010.09.28 05:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Mozilla\Extensions
[2011.02.12 13:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Mozilla\Firefox\Profiles\c3mxubmz.default\extensions
[2011.01.03 10:15:33 | 000,000,000 | ---D | M] (Reload Tab On Double-Click) -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Mozilla\Firefox\Profiles\c3mxubmz.default\extensions\{aede9b05-c23c-479b-a90e-9146ed62d377}
[2010.12.25 15:45:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Mozilla\Firefox\Profiles\c3mxubmz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.02 22:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.29 13:21:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.11.29 13:21:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.11.29 13:21:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.18 12:23:11 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.07.20 17:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll
 
O1 HOSTS File: ([2011.01.07 19:02:38 | 000,001,499 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1                                activate.adobe.com
O1 - Hosts: 127.0.0.1                                practivate.adobe.com
O1 - Hosts: 127.0.0.1                                ereg.adobe.com
O1 - Hosts: 127.0.0.1                                activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1                                wip3.adobe.com
O1 - Hosts: 127.0.0.1                                3dns-3.adobe.com
O1 - Hosts: 127.0.0.1                                3dns-2.adobe.com
O1 - Hosts: 127.0.0.1                                adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1                                adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1                                adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1                                ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1                                activate-sea.adobe.com
O1 - Hosts: 127.0.0.1                                wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1                                activate-sjc0.adobe.com
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025429265-2000478354-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{711a9ec8-e663-11df-83d0-00241ddec51b}\Shell\AutoRun\command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{711a9ec8-e663-11df-83d0-00241ddec51b}\Shell\Explore\Command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{711a9ec8-e663-11df-83d0-00241ddec51b}\Shell\Open\Command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{8c4e3250-dc1e-11df-83be-00241ddec51b}\Shell\AutoRun\command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{8c4e3250-dc1e-11df-83be-00241ddec51b}\Shell\Explore\Command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{8c4e3250-dc1e-11df-83be-00241ddec51b}\Shell\Open\Command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{b9ebcee6-ee25-11df-83e2-00241ddec51b}\Shell\AutoRun\command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{b9ebcee6-ee25-11df-83e2-00241ddec51b}\Shell\Explore\Command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{b9ebcee6-ee25-11df-83e2-00241ddec51b}\Shell\Open\Command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{dc73579a-dfb1-11df-83c1-00241ddec51b}\Shell\AutoRun\command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{dc73579a-dfb1-11df-83c1-00241ddec51b}\Shell\Explore\Command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{dc73579a-dfb1-11df-83c1-00241ddec51b}\Shell\Open\Command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{de04dc81-d49d-11df-83b9-00241ddec51b}\Shell\AutoRun\command - "" = I:\AutoRun\AutoStart.exe
O33 - MountPoints2\{de04dc81-d49d-11df-83b9-00241ddec51b}\Shell\Explore\Command - "" = I:\AutoRun\AutoStart.exe
O33 - MountPoints2\{de04dc81-d49d-11df-83b9-00241ddec51b}\Shell\Open\Command - "" = I:\AutoRun\AutoStart.exe
O33 - MountPoints2\{f3df0632-e44c-11df-83c8-00241ddec51b}\Shell\AutoRun\command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{f3df0632-e44c-11df-83c8-00241ddec51b}\Shell\Explore\Command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{f3df0632-e44c-11df-83c8-00241ddec51b}\Shell\Open\Command - "" = H:\AutoRun\AutoStart.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.06 14:23:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Desktop\Neuer Ordner
[2011.03.04 21:36:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Desktop\MFTools
[2011.03.04 21:24:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Malwarebytes
[2011.03.04 21:23:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.03.04 21:23:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.03.04 21:23:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.03.04 21:23:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.03.04 21:23:54 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.04 10:41:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Desktop\crop_high
[2011.03.02 22:04:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011.02.28 10:15:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Eigene Dateien\Stranglehold
[2011.02.28 10:15:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Midway
[2011.02.28 10:15:02 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\SecuROM
[2011.02.28 10:11:25 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstdecod.dll
[2011.02.28 10:11:25 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2011.02.28 10:11:25 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2011.02.28 10:11:25 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2011.02.28 10:11:25 | 000,010,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2011.02.28 10:11:24 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll
[2011.02.28 10:11:24 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2011.02.28 10:11:24 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2011.02.28 10:11:24 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2011.02.28 10:11:24 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2011.02.28 10:11:24 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2011.02.28 10:11:24 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2011.02.28 10:11:24 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2011.02.28 10:11:24 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2011.02.28 10:11:24 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2011.02.28 10:11:24 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax
[2011.02.28 10:11:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2011.02.28 10:11:24 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2011.02.28 10:11:24 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2011.02.28 10:11:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2011.02.28 10:11:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2011.02.28 10:11:24 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2011.02.28 10:11:24 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2011.02.28 10:11:23 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qedit.dll
[2011.02.28 10:11:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax
[2011.02.28 10:11:23 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2011.02.28 10:11:22 | 001,962,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quartz.dll
[2011.02.28 10:11:22 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2011.02.28 10:11:22 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2011.02.28 10:11:22 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qdv.dll
[2011.02.28 10:11:22 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qcap.dll
[2011.02.28 10:11:22 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\devenum.dll
[2011.02.28 10:11:21 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.dll
[2011.02.28 10:11:21 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmsynth.dll
[2011.02.28 10:11:21 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmstyle.dll
[2011.02.28 10:11:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmloader.dll
[2011.02.28 10:11:20 | 001,201,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8.dll
[2011.02.28 10:11:20 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput8.dll
[2011.02.28 10:11:20 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll
[2011.02.28 10:11:20 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmscript.dll
[2011.02.28 10:11:20 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmcompos.dll
[2011.02.28 10:11:20 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmband.dll
[2011.02.28 10:11:20 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dswave.dll
[2011.02.28 10:11:19 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiag.exe
[2011.02.28 10:11:18 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe
[2011.02.28 10:11:17 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmoprp.dll
[2011.02.28 10:11:17 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll
[2011.02.28 10:11:17 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll
[2011.02.28 10:11:17 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvvox.dll
[2011.02.28 10:11:17 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvsetup.exe
[2011.02.28 10:11:17 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvacm.dll
[2011.02.28 10:11:15 | 001,189,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll
[2011.02.28 10:11:15 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2011.02.28 10:11:15 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhupnp.dll
[2011.02.28 10:11:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhpast.dll
[2011.02.28 10:11:15 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pid.dll
[2011.02.28 10:11:15 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnsvr.exe
[2011.02.28 10:11:15 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8thk.dll
[2011.02.28 10:11:15 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnlobby.dll
[2011.02.28 10:11:15 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnaddr.dll
[2011.02.28 10:11:14 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll
[2011.02.28 10:11:14 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll
[2011.02.28 10:11:14 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound.dll
[2011.02.28 10:11:14 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\joy.cpl
[2011.02.28 10:11:14 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpwsockx.dll
[2011.02.28 10:11:14 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpmodemx.dll
[2011.02.28 10:11:13 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim700.dll
[2011.02.28 10:11:13 | 000,648,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput.dll
[2011.02.28 10:11:13 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddraw.dll
[2011.02.28 10:11:13 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll
[2011.02.28 10:11:13 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplaysvr.exe
[2011.02.28 10:11:13 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrawex.dll
[2011.02.28 10:10:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Midway Games
[2011.02.28 09:43:56 | 000,000,000 | ---D | C] -- C:\Programme\Midway Games
[2011.02.23 14:01:39 | 000,000,000 | ---D | C] -- C:\Programme\mp3DirectCut
[2011.02.23 09:38:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\inkscape
[2011.02.23 09:35:42 | 000,000,000 | ---D | C] -- C:\Programme\Inkscape
[2011.02.22 16:01:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Avira
[2011.02.22 16:00:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.02.22 15:49:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011.02.22 15:48:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.02.22 15:48:44 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.02.22 15:48:44 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.02.22 15:48:44 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011.02.22 15:48:44 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011.02.22 15:48:43 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.02.22 15:48:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2011.02.21 14:27:11 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.3
[2011.02.20 15:43:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Media Player Classic
[2011.02.20 15:43:49 | 004,411,392 | ---- | C] (Gabest) -- C:\mplayerc.exe
[2011.02.16 11:34:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\uTorrent
[2011.02.15 22:11:47 | 000,000,000 | ---D | C] -- C:\Programme\HijackThis
[2011.02.12 13:38:37 | 000,000,000 | ---D | C] -- C:\Programme\RapidSolution
[2011.02.12 12:12:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Eigene Dateien\Eigene virtuelle Computer
[2011.02.12 11:31:31 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Virtual PC
[2011.02.12 10:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\GetRightToGo
[2011.02.11 22:15:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\CrashRpt
[2011.02.11 21:30:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Engelmann Media
[2011.02.11 21:28:46 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2011.02.11 21:27:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011.02.11 21:27:15 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild
[2011.02.11 21:27:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011.02.11 21:27:08 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies
[2011.02.11 21:26:41 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011.02.11 21:26:41 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011.02.11 21:26:41 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011.02.11 21:26:41 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011.02.11 21:26:41 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011.02.11 21:26:41 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011.02.11 19:34:34 | 000,000,000 | ---D | C] -- C:\Programme\PixiePack Codec Pack
[2011.02.11 19:33:02 | 000,037,920 | ---- | C] (RapidSolution Software AG) -- C:\WINDOWS\System32\drivers\tbhsd.sys
[2011.02.11 19:33:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Tunebite
[2011.02.11 17:48:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2011.02.11 17:47:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\RapidSolution
[2011.02.11 17:02:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Mp3tag
[2011.02.11 17:02:31 | 000,000,000 | ---D | C] -- C:\Programme\Mp3tag
[2011.02.11 14:29:57 | 000,000,000 | ---D | C] -- C:\Napster
[2011.02.11 14:16:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Roxio
[2011.02.11 14:13:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Napster
[2011.02.11 14:13:23 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Roxio Shared
[2011.02.11 14:13:23 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Napster Shared
[2011.02.11 14:12:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster
[2011.02.11 14:12:35 | 000,000,000 | ---D | C] -- C:\Programme\Napster
[2011.02.11 14:12:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\InstallShield
[2011.02.11 13:24:20 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\k\UserData
[2009.06.03 18:56:56 | 000,012,800 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.06 13:19:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.03.06 13:19:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.03.05 19:36:28 | 000,053,416 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000005-60071102}.rfx
[2011.03.05 19:36:28 | 000,053,416 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000006-00001102-00000005-60071102}.rfx
[2011.03.05 19:36:28 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000006-00001102-00000005-60071102}.rfx
[2011.03.05 11:14:05 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\k\Eigene Dateien\Default.rdp
[2011.03.04 21:37:06 | 000,296,448 | ---- | M] () -- C:\Dokumente und Einstellungen\k\Desktop\g2m3e4r.exe
[2011.03.04 21:36:59 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\k\Desktop\defogger.exe
[2011.03.04 14:06:21 | 000,000,485 | ---- | M] () -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\artresize.ini
[2011.03.04 10:46:04 | 015,679,686 | ---- | M] () -- C:\Dokumente und Einstellungen\k\Desktop\IMG_0708.CR2
[2011.03.04 10:41:18 | 004,252,725 | ---- | M] () -- C:\Dokumente und Einstellungen\k\Desktop\IMG_0708.JPG
[2011.03.02 22:08:51 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-2000478354-839522115-1004Core.job
[2011.03.02 22:08:48 | 000,001,192 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-2000478354-839522115-1004UA.job
[2011.02.28 20:53:20 | 000,029,184 | ---- | M] () -- C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.26 09:02:57 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2011.02.23 20:07:06 | 000,002,411 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011.02.23 14:25:39 | 003,816,012 | ---- | M] () -- C:\Dokumente und Einstellungen\k\Desktop\Sebastian_Ingrosso_-_Day_and_Night_Insomnia_Sensation_2010_Bootleg.mp3
[2011.02.23 12:31:58 | 419,037,563 | ---- | M] () -- C:\Dokumente und Einstellungen\k\Desktop\Mr_White,_Sebastian_Ingrosso,_Fedde_Le_Grand,_Funkagenda_-_Sensation_White_(Germany-NYE)_31-12-2010.mp3
[2011.02.23 09:46:24 | 000,000,218 | ---- | M] () -- C:\Dokumente und Einstellungen\k\.recently-used.xbel
[2011.02.22 12:36:28 | 002,165,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.02.12 13:59:26 | 000,000,016 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011.02.12 11:32:41 | 000,453,656 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.02.12 11:32:41 | 000,435,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.02.12 11:32:41 | 000,081,636 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.02.12 11:32:41 | 000,068,830 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.02.11 21:26:58 | 000,000,222 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011.02.11 14:13:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.05 11:14:05 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\k\Eigene Dateien\Default.rdp
[2011.03.04 21:37:00 | 000,296,448 | ---- | C] () -- C:\Dokumente und Einstellungen\k\Desktop\g2m3e4r.exe
[2011.03.04 21:36:58 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\k\Desktop\defogger.exe
[2011.03.04 10:40:41 | 004,252,725 | ---- | C] () -- C:\Dokumente und Einstellungen\k\Desktop\IMG_0708.JPG
[2011.03.04 10:34:50 | 015,679,686 | ---- | C] () -- C:\Dokumente und Einstellungen\k\Desktop\IMG_0708.CR2
[2011.02.28 10:11:25 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011.02.28 10:11:25 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011.02.28 10:11:25 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2011.02.28 10:11:25 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011.02.28 10:11:24 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2011.02.28 10:11:24 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011.02.28 10:11:23 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2011.02.28 10:11:22 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2011.02.28 10:11:22 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2011.02.28 10:11:22 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2011.02.28 10:11:22 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2011.02.23 14:25:39 | 003,816,012 | ---- | C] () -- C:\Dokumente und Einstellungen\k\Desktop\Sebastian_Ingrosso_-_Day_and_Night_Insomnia_Sensation_2010_Bootleg.mp3
[2011.02.23 14:06:47 | 419,037,563 | ---- | C] () -- C:\Dokumente und Einstellungen\k\Desktop\Mr_White,_Sebastian_Ingrosso,_Fedde_Le_Grand,_Funkagenda_-_Sensation_White_(Germany-NYE)_31-12-2010.mp3
[2011.02.23 09:46:24 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\k\.recently-used.xbel
[2011.02.12 13:59:26 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011.02.12 11:31:38 | 000,001,610 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Virtual PC.lnk
[2011.02.11 21:27:35 | 000,502,816 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.02.11 21:26:58 | 000,000,222 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011.01.07 16:47:15 | 000,013,576 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2010.11.28 20:19:50 | 000,000,485 | ---- | C] () -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\artresize.ini
[2010.11.21 01:39:53 | 000,725,064 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2010.11.21 01:39:52 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2010.11.21 01:39:52 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2010.11.04 16:17:53 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmdrvrmu.exe
[2010.11.04 16:17:53 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll
[2010.11.04 16:17:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CmiUSB2Uninstall.exe
[2010.11.04 16:17:53 | 000,001,946 | ---- | C] () -- C:\WINDOWS\Cmudau.ini
[2010.11.02 23:32:22 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.11.02 23:32:19 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010.11.02 23:32:10 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010.10.31 10:30:53 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010.10.31 10:30:53 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010.10.31 10:30:52 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2010.10.10 19:40:35 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010.10.10 19:40:35 | 000,002,411 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010.10.05 14:15:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2010.09.28 06:23:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.09.28 06:22:20 | 002,165,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.09.28 05:46:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.09.28 05:41:56 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010.09.28 05:38:23 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010.09.28 05:38:22 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010.09.28 05:38:22 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.09.28 05:37:50 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.09.28 05:31:50 | 000,029,184 | ---- | C] () -- C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.28 05:29:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.09.28 05:26:31 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.06.03 20:00:30 | 000,026,928 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009.06.03 20:00:28 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009.06.03 19:19:42 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2009.06.03 19:04:50 | 000,321,512 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2009.06.03 19:04:50 | 000,056,509 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2009.06.03 19:00:34 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2009.06.03 18:57:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2009.05.26 17:56:08 | 000,000,297 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2007.08.23 19:30:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006.12.31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.06.09 14:20:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL
[2002.08.29 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002.08.29 13:00:00 | 000,453,656 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2002.08.29 13:00:00 | 000,435,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002.08.29 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002.08.29 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2002.08.29 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002.08.29 13:00:00 | 000,081,636 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2002.08.29 13:00:00 | 000,068,830 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002.08.29 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002.08.29 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2002.08.29 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002.08.29 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002.08.29 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.09.04 10:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.09.04 10:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
 
========== Purity Check ==========
 
 

< End of report >
Malwarebytes gibt Folgendes aus:

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5954

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

06.03.2011 19:04:08
mbam-log-2011-03-06 (19-04-05).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150471
Laufzeit: 3 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Gibt es hier eigentlich keine Spoiler?

Danke fürs anschauen. :dankeschoen:

cosinus 07.03.2011 18:56
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.

Zitat:
Gibt es hier eigentlich keine Spoiler?
Wozu? :dummguck:

chouch 07.03.2011 19:05
Zitat:
Zitat von cosinus (Beitrag 627563)
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.



Wozu? :dummguck:
Nein. Direkt nach dem Scannen kann ich nicht auf Logdateien klicken und wenn ich es einfach so starte ist unter Logdateien gar nichts gelistet, auch nicht die gespeicherten Logdateien.

Fände ich übersichtlicher.

cosinus 07.03.2011 19:24
Also hast du erst 1x mit MBAM gescannt oder schon öfter?
mach mal einen Vollscan.

chouch 07.03.2011 21:09
Vorhin das zweite mal den Quickscan.
Hier der Fullscan.

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5981

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

07.03.2011 21:09:02
mbam-log-2011-03-07 (21-08-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 246350
Laufzeit: 37 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
d:\system volume information\_restore{4a6e2646-800d-405c-b3b0-b3dd5be4af9a}\RP166\A0033794.exe (PUP.PSWFinder) -> No action taken.
d:\system volume information\_restore{4a6e2646-800d-405c-b3b0-b3dd5be4af9a}\RP166\A0033795.exe (Malware.Packer) -> No action taken.
d:\system volume information\_restore{4a6e2646-800d-405c-b3b0-b3dd5be4af9a}\RP166\A0033796.exe (Backdoor.RBot) -> No action taken.
d:\system volume information\_restore{4a6e2646-800d-405c-b3b0-b3dd5be4af9a}\RP166\A0033797.exe (Trojan.Downloader) -> No action taken.
d:\system volume information\_restore{4a6e2646-800d-405c-b3b0-b3dd5be4af9a}\RP166\A0033798.exe (Trojan.AntiLeechPlugin) -> No action taken.
Hab jetzt nochmal gescannt und alle Dateien unter Quarantäne gestellt, hoffe das war nicht verkehrt?

cosinus 08.03.2011 09:16
Ist so ok, Entfernung muss sein ;)
mach bitte frische Logs mit OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

chouch 08.03.2011 09:58
In der deutschen Version die ich habe, heißt es "Minimal-Ausgabe", sowie "Benutze SafeList" und "Scan", kann ja mal jemand ändern, falls jemand des Englischen nicht mächtig ist, wäre das vielleicht nützlich.

Hier die 2 Logs.
Extras
Code:
OTL Extras logfile created on: 08.03.2011 09:55:35 - Run 2
OTL by OldTimer - Version 3.2.22.2    Folder = C:\Dokumente und Einstellungen\k\Desktop\MFTools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 209,45 Gb Total Space | 100,53 Gb Free Space | 48,00% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 15,75 Gb Free Space | 5,28% Space Free | Partition Type: NTFS
Drive G: | 1,86 Gb Total Space | 1,86 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: S-810I8BKMSFIW3 | User Name: k | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\aWinampRC Free Server\aWinampRC Free Server.exe" = C:\Programme\aWinampRC Free Server\aWinampRC Free Server.exe:*:Enabled:aWinampRC Free Server -- ()
"C:\Programme\Midway Games\Stranglehold\Binaries\Retail-Stranglehold.exe" = C:\Programme\Midway Games\Stranglehold\Binaries\Retail-Stranglehold.exe:*:Enabled:Stranglehold -- (Midway Home Entertainment Inc)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3159 Banner Remover 1.0
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F53608F-F1AA-466F-862E-6DAEFEDAC7A3}_is1" = aWinampRC Free Server version 1.3
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB}" = LG Android Driver
"{621FCD24-4498-4324-A81E-07D331376EDF}" = PixiePack Codec Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ArtResize_is1" = ArtResize 1.1.0
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon RAW Codec" = Canon RAW Codec
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DPP" = Canon Utilities Digital Photo Professional 3.4
"Foxit Reader" = Foxit Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mp3tag" = Mp3tag v2.45
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Steam App 550" = Left 4 Dead 2
"VLC media player" = VLC media player 1.1.6
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMV9APDMOE" = Windows Media Video 9 Advanced Profile Codec
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.11.2010 04:54:26 | Computer Name = S-810I8BKMSFIW3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung daemon.exe, Version 4.30.4.27, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 30.11.2010 04:54:27 | Computer Name = S-810I8BKMSFIW3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung daemon.exe, Version 4.30.4.27, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 30.11.2010 04:54:27 | Computer Name = S-810I8BKMSFIW3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung daemon.exe, Version 4.30.4.27, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 30.11.2010 04:54:27 | Computer Name = S-810I8BKMSFIW3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung daemon.exe, Version 4.30.4.27, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 30.11.2010 13:24:49 | Computer Name = S-810I8BKMSFIW3 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung r6vegas2_game.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul physxcore.dll, Version 0.0.0.0, Fehleradresse 0x00267720.
 
Error - 30.11.2010 13:25:57 | Computer Name = S-810I8BKMSFIW3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung R6Vegas2_Game.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.12.2010 13:52:47 | Computer Name = S-810I8BKMSFIW3 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung prototypef.exe, Version 1.0.0.1, fehlgeschlagenes
 Modul msvcr80.dll, Version 8.0.50727.4053, Fehleradresse 0x000172e5.
 
Error - 11.12.2010 06:38:02 | Computer Name = S-810I8BKMSFIW3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung R6Vegas2_Game.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 04.01.2011 15:41:44 | Computer Name = S-810I8BKMSFIW3 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dppstamp.exe, Version 3.4.0.0, fehlgeschlagenes
 Modul ntdll.dll, Version 5.1.2600.5512, Fehleradresse 0x0001b1fa.
 
Error - 07.01.2011 14:08:07 | Computer Name = S-810I8BKMSFIW3 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 40dshuttercount.exe, P2 1.0.0.0, P3 48e0b967,
 P4 40dshuttercount, P5 1.0.0.0, P6 48e0b967, P7 6f, P8 0, P9 system.dllnotfoundexception,
 P10 NIL.
 
[ System Events ]
Error - 04.03.2011 03:30:01 | Computer Name = S-810I8BKMSFIW3 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 05.03.2011 05:06:31 | Computer Name = S-810I8BKMSFIW3 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 06.03.2011 08:19:53 | Computer Name = S-810I8BKMSFIW3 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 07.03.2011 04:10:41 | Computer Name = S-810I8BKMSFIW3 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 08.03.2011 05:20:47 | Computer Name = S-810I8BKMSFIW3 | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um -86456 Sekunden
geändert
 werden muss. Die Systemzeit kann durch den Zeitdienst um  maximal -54000 Sekunden
 geändert werden. Stellen Sie sicher, dass die Uhrzeit  und Zeitzone korrekt sind
und dass die Zeitquelle time.windows.com (ntp.m|0x1|192.168.2.22:123->207.46.232.182:123)
 funktionsfähig ist.
 
Error - 07.03.2011 09:46:31 | Computer Name = S-810I8BKMSFIW3 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 07.03.2011 16:14:52 | Computer Name = S-810I8BKMSFIW3 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 07.03.2011 17:04:38 | Computer Name = S-810I8BKMSFIW3 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 07.03.2011 17:05:06 | Computer Name = S-810I8BKMSFIW3 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 08.03.2011 03:19:17 | Computer Name = S-810I8BKMSFIW3 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
 
< End of report >
OTL
Code:
OTL logfile created on: 08.03.2011 09:55:35 - Run 2
OTL by OldTimer - Version 3.2.22.2    Folder = C:\Dokumente und Einstellungen\k\Desktop\MFTools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 209,45 Gb Total Space | 100,53 Gb Free Space | 48,00% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 15,75 Gb Free Space | 5,28% Space Free | Partition Type: NTFS
Drive G: | 1,86 Gb Total Space | 1,86 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: S-810I8BKMSFIW3 | User Name: k | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\k\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Winamp\winamp.exe (Nullsoft)
PRC - C:\WINDOWS\system32\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\k\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Creative Audio Engine Licensing Service) -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\lgandadb.sys (Google Inc)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTEXFIFX.SYS) -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTEXFIFX) -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTHWIUT.SYS) -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT) -- C:\WINDOWS\system32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT.SYS) -- C:\WINDOWS\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (CT20XUT) -- C:\WINDOWS\system32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (vmm) -- C:\WINDOWS\system32\drivers\VMM.sys (Microsoft Corporation)
DRV - (VPCNetS2) -- C:\WINDOWS\system32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {aede9b05-c23c-479b-a90e-9146ed62d377}:1.2
 
 
[2010.09.28 05:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Mozilla\Extensions
[2011.02.12 13:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Mozilla\Firefox\Profiles\c3mxubmz.default\extensions
[2011.01.03 10:15:33 | 000,000,000 | ---D | M] (Reload Tab On Double-Click) -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Mozilla\Firefox\Profiles\c3mxubmz.default\extensions\{aede9b05-c23c-479b-a90e-9146ed62d377}
[2010.12.25 15:45:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Mozilla\Firefox\Profiles\c3mxubmz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.02 22:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.29 13:21:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.11.29 13:21:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.11.29 13:21:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.18 12:23:11 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.07.20 17:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll
 
O1 HOSTS File: ([2011.01.07 19:02:38 | 000,001,499 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{711a9ec8-e663-11df-83d0-00241ddec51b}\Shell\AutoRun\command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{711a9ec8-e663-11df-83d0-00241ddec51b}\Shell\Explore\Command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{711a9ec8-e663-11df-83d0-00241ddec51b}\Shell\Open\Command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{8c4e3250-dc1e-11df-83be-00241ddec51b}\Shell\AutoRun\command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{8c4e3250-dc1e-11df-83be-00241ddec51b}\Shell\Explore\Command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{8c4e3250-dc1e-11df-83be-00241ddec51b}\Shell\Open\Command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{b9ebcee6-ee25-11df-83e2-00241ddec51b}\Shell\AutoRun\command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{b9ebcee6-ee25-11df-83e2-00241ddec51b}\Shell\Explore\Command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{b9ebcee6-ee25-11df-83e2-00241ddec51b}\Shell\Open\Command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{dc73579a-dfb1-11df-83c1-00241ddec51b}\Shell\AutoRun\command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{dc73579a-dfb1-11df-83c1-00241ddec51b}\Shell\Explore\Command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{dc73579a-dfb1-11df-83c1-00241ddec51b}\Shell\Open\Command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{de04dc81-d49d-11df-83b9-00241ddec51b}\Shell\AutoRun\command - "" = I:\AutoRun\AutoStart.exe
O33 - MountPoints2\{de04dc81-d49d-11df-83b9-00241ddec51b}\Shell\Explore\Command - "" = I:\AutoRun\AutoStart.exe
O33 - MountPoints2\{de04dc81-d49d-11df-83b9-00241ddec51b}\Shell\Open\Command - "" = I:\AutoRun\AutoStart.exe
O33 - MountPoints2\{f3df0632-e44c-11df-83c8-00241ddec51b}\Shell\AutoRun\command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{f3df0632-e44c-11df-83c8-00241ddec51b}\Shell\Explore\Command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{f3df0632-e44c-11df-83c8-00241ddec51b}\Shell\Open\Command - "" = H:\AutoRun\AutoStart.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.06 14:23:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Desktop\Neuer Ordner
[2011.03.04 21:36:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Desktop\MFTools
[2011.03.04 21:24:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Malwarebytes
[2011.03.04 21:23:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.03.04 21:23:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.03.04 21:23:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.03.04 21:23:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.03.04 21:23:54 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.04 10:41:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Desktop\crop_high
[2011.03.02 22:04:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011.02.28 10:15:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Eigene Dateien\Stranglehold
[2011.02.28 10:15:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Midway
[2011.02.28 10:15:02 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\SecuROM
[2011.02.28 10:11:25 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstdecod.dll
[2011.02.28 10:11:25 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2011.02.28 10:11:25 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2011.02.28 10:11:25 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2011.02.28 10:11:25 | 000,010,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2011.02.28 10:11:24 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll
[2011.02.28 10:11:24 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2011.02.28 10:11:24 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2011.02.28 10:11:24 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2011.02.28 10:11:24 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2011.02.28 10:11:24 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2011.02.28 10:11:24 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2011.02.28 10:11:24 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2011.02.28 10:11:24 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2011.02.28 10:11:24 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2011.02.28 10:11:24 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax
[2011.02.28 10:11:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2011.02.28 10:11:24 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2011.02.28 10:11:24 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2011.02.28 10:11:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2011.02.28 10:11:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2011.02.28 10:11:24 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2011.02.28 10:11:24 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2011.02.28 10:11:23 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qedit.dll
[2011.02.28 10:11:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax
[2011.02.28 10:11:23 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2011.02.28 10:11:22 | 001,962,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quartz.dll
[2011.02.28 10:11:22 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2011.02.28 10:11:22 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2011.02.28 10:11:22 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qdv.dll
[2011.02.28 10:11:22 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qcap.dll
[2011.02.28 10:11:22 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\devenum.dll
[2011.02.28 10:11:21 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.dll
[2011.02.28 10:11:21 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmsynth.dll
[2011.02.28 10:11:21 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmstyle.dll
[2011.02.28 10:11:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmloader.dll
[2011.02.28 10:11:20 | 001,201,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8.dll
[2011.02.28 10:11:20 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput8.dll
[2011.02.28 10:11:20 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll
[2011.02.28 10:11:20 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmscript.dll
[2011.02.28 10:11:20 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmcompos.dll
[2011.02.28 10:11:20 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmband.dll
[2011.02.28 10:11:20 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dswave.dll
[2011.02.28 10:11:19 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiag.exe
[2011.02.28 10:11:18 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe
[2011.02.28 10:11:17 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmoprp.dll
[2011.02.28 10:11:17 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll
[2011.02.28 10:11:17 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll
[2011.02.28 10:11:17 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvvox.dll
[2011.02.28 10:11:17 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvsetup.exe
[2011.02.28 10:11:17 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvacm.dll
[2011.02.28 10:11:15 | 001,189,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll
[2011.02.28 10:11:15 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2011.02.28 10:11:15 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhupnp.dll
[2011.02.28 10:11:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhpast.dll
[2011.02.28 10:11:15 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pid.dll
[2011.02.28 10:11:15 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnsvr.exe
[2011.02.28 10:11:15 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8thk.dll
[2011.02.28 10:11:15 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnlobby.dll
[2011.02.28 10:11:15 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnaddr.dll
[2011.02.28 10:11:14 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll
[2011.02.28 10:11:14 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll
[2011.02.28 10:11:14 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound.dll
[2011.02.28 10:11:14 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\joy.cpl
[2011.02.28 10:11:14 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpwsockx.dll
[2011.02.28 10:11:14 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpmodemx.dll
[2011.02.28 10:11:13 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim700.dll
[2011.02.28 10:11:13 | 000,648,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput.dll
[2011.02.28 10:11:13 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddraw.dll
[2011.02.28 10:11:13 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll
[2011.02.28 10:11:13 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplaysvr.exe
[2011.02.28 10:11:13 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrawex.dll
[2011.02.28 10:10:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Midway Games
[2011.02.28 09:43:56 | 000,000,000 | ---D | C] -- C:\Programme\Midway Games
[2011.02.23 14:01:39 | 000,000,000 | ---D | C] -- C:\Programme\mp3DirectCut
[2011.02.23 09:38:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\inkscape
[2011.02.23 09:35:42 | 000,000,000 | ---D | C] -- C:\Programme\Inkscape
[2011.02.22 16:01:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Avira
[2011.02.22 16:00:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.02.22 15:49:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011.02.22 15:48:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.02.22 15:48:44 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.02.22 15:48:44 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.02.22 15:48:44 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011.02.22 15:48:44 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011.02.22 15:48:43 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.02.22 15:48:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2011.02.21 14:27:11 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.3
[2011.02.20 15:43:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Media Player Classic
[2011.02.20 15:43:49 | 004,411,392 | ---- | C] (Gabest) -- C:\mplayerc.exe
[2011.02.16 11:34:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\uTorrent
[2011.02.15 22:11:47 | 000,000,000 | ---D | C] -- C:\Programme\HijackThis
[2011.02.12 13:38:37 | 000,000,000 | ---D | C] -- C:\Programme\RapidSolution
[2011.02.12 12:12:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Eigene Dateien\Eigene virtuelle Computer
[2011.02.12 11:31:31 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Virtual PC
[2011.02.12 10:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\GetRightToGo
[2011.02.11 22:15:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\CrashRpt
[2011.02.11 21:30:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Engelmann Media
[2011.02.11 21:28:46 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2011.02.11 21:27:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011.02.11 21:27:15 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild
[2011.02.11 21:27:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011.02.11 21:27:08 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies
[2011.02.11 21:26:41 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011.02.11 21:26:41 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011.02.11 21:26:41 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011.02.11 21:26:41 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011.02.11 21:26:41 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011.02.11 21:26:41 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011.02.11 19:34:34 | 000,000,000 | ---D | C] -- C:\Programme\PixiePack Codec Pack
[2011.02.11 19:33:02 | 000,037,920 | ---- | C] (RapidSolution Software AG) -- C:\WINDOWS\System32\drivers\tbhsd.sys
[2011.02.11 19:33:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Tunebite
[2011.02.11 17:48:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2011.02.11 17:47:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\RapidSolution
[2011.02.11 17:02:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Mp3tag
[2011.02.11 17:02:31 | 000,000,000 | ---D | C] -- C:\Programme\Mp3tag
[2011.02.11 14:29:57 | 000,000,000 | ---D | C] -- C:\Napster
[2011.02.11 14:16:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\Roxio
[2011.02.11 14:13:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Napster
[2011.02.11 14:13:23 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Roxio Shared
[2011.02.11 14:13:23 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Napster Shared
[2011.02.11 14:12:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster
[2011.02.11 14:12:35 | 000,000,000 | ---D | C] -- C:\Programme\Napster
[2011.02.11 14:12:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\InstallShield
[2011.02.11 13:24:20 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\k\UserData
[2009.06.03 18:56:56 | 000,012,800 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.08 08:18:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.03.07 23:10:06 | 000,053,416 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000005-60071102}.rfx
[2011.03.07 23:10:06 | 000,053,416 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000006-00001102-00000005-60071102}.rfx
[2011.03.07 23:10:06 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000006-00001102-00000005-60071102}.rfx
[2011.03.06 13:19:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.03.05 11:14:05 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\k\Eigene Dateien\Default.rdp
[2011.03.04 21:37:06 | 000,296,448 | ---- | M] () -- C:\Dokumente und Einstellungen\k\Desktop\g2m3e4r.exe
[2011.03.04 21:36:59 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\k\Desktop\defogger.exe
[2011.03.04 14:06:21 | 000,000,485 | ---- | M] () -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\artresize.ini
[2011.03.04 10:46:04 | 015,679,686 | ---- | M] () -- C:\Dokumente und Einstellungen\k\Desktop\IMG_0708.CR2
[2011.03.04 10:41:18 | 004,252,725 | ---- | M] () -- C:\Dokumente und Einstellungen\k\Desktop\IMG_0708.JPG
[2011.03.02 22:08:51 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-2000478354-839522115-1004Core.job
[2011.03.02 22:08:48 | 000,001,192 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-2000478354-839522115-1004UA.job
[2011.02.28 20:53:20 | 000,029,184 | ---- | M] () -- C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.26 09:02:57 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2011.02.23 20:07:06 | 000,002,411 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011.02.23 09:46:24 | 000,000,218 | ---- | M] () -- C:\Dokumente und Einstellungen\k\.recently-used.xbel
[2011.02.22 12:36:28 | 002,165,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.02.12 13:59:26 | 000,000,016 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011.02.12 11:32:41 | 000,453,656 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.02.12 11:32:41 | 000,435,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.02.12 11:32:41 | 000,081,636 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.02.12 11:32:41 | 000,068,830 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.02.11 21:26:58 | 000,000,222 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011.02.11 14:13:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.05 11:14:05 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\k\Eigene Dateien\Default.rdp
[2011.03.04 21:37:00 | 000,296,448 | ---- | C] () -- C:\Dokumente und Einstellungen\k\Desktop\g2m3e4r.exe
[2011.03.04 21:36:58 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\k\Desktop\defogger.exe
[2011.03.04 10:40:41 | 004,252,725 | ---- | C] () -- C:\Dokumente und Einstellungen\k\Desktop\IMG_0708.JPG
[2011.03.04 10:34:50 | 015,679,686 | ---- | C] () -- C:\Dokumente und Einstellungen\k\Desktop\IMG_0708.CR2
[2011.02.28 10:11:25 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011.02.28 10:11:25 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011.02.28 10:11:25 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2011.02.28 10:11:25 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011.02.28 10:11:24 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2011.02.28 10:11:24 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011.02.28 10:11:23 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2011.02.28 10:11:22 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2011.02.28 10:11:22 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2011.02.28 10:11:22 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2011.02.28 10:11:22 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2011.02.23 14:25:39 | 003,816,012 | ---- | C] () -- C:\Dokumente und
[2011.02.23 09:46:24 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\k\.recently-used.xbel
[2011.02.12 13:59:26 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011.02.12 11:31:38 | 000,001,610 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Virtual PC.lnk
[2011.02.11 21:27:35 | 000,502,816 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.02.11 21:26:58 | 000,000,222 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011.01.07 16:47:15 | 000,013,576 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2010.11.28 20:19:50 | 000,000,485 | ---- | C] () -- C:\Dokumente und Einstellungen\k\Anwendungsdaten\artresize.ini
[2010.11.21 01:39:53 | 000,725,064 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2010.11.21 01:39:52 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2010.11.21 01:39:52 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2010.11.04 16:17:53 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmdrvrmu.exe
[2010.11.04 16:17:53 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll
[2010.11.04 16:17:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CmiUSB2Uninstall.exe
[2010.11.04 16:17:53 | 000,001,946 | ---- | C] () -- C:\WINDOWS\Cmudau.ini
[2010.11.02 23:32:22 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.11.02 23:32:19 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010.11.02 23:32:10 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010.10.31 10:30:53 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010.10.31 10:30:53 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010.10.31 10:30:52 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2010.10.10 19:40:35 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010.10.10 19:40:35 | 000,002,411 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010.10.05 14:15:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2010.09.28 06:23:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.09.28 06:22:20 | 002,165,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.09.28 05:46:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.09.28 05:41:56 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010.09.28 05:38:23 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010.09.28 05:38:22 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010.09.28 05:38:22 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.09.28 05:37:50 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.09.28 05:31:50 | 000,029,184 | ---- | C] () -- C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.28 05:29:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.09.28 05:26:31 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.06.03 20:00:30 | 000,026,928 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009.06.03 20:00:28 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009.06.03 19:19:42 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2009.06.03 19:04:50 | 000,321,512 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2009.06.03 19:04:50 | 000,056,509 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2009.06.03 19:00:34 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2009.06.03 18:57:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2009.05.26 17:56:08 | 000,000,297 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2007.08.23 19:30:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006.12.31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.06.09 14:20:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL
[2002.08.29 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002.08.29 13:00:00 | 000,453,656 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2002.08.29 13:00:00 | 000,435,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002.08.29 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002.08.29 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2002.08.29 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002.08.29 13:00:00 | 000,081,636 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2002.08.29 13:00:00 | 000,068,830 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002.08.29 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002.08.29 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2002.08.29 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002.08.29 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002.08.29 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.09.04 10:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.09.04 10:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

< End of report >
Danke soweit mal für deine Hilfe! :abklatsch:

cosinus 08.03.2011 10:05
Zitat:
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
Warum werden o.g. Adobeseiten auf deinem Rechner gesperrt?

chouch 08.03.2011 10:10
Zitat:
Zitat von cosinus (Beitrag 627744)
Warum werden o.g. Adobeseiten auf deinem Rechner gesperrt?
Weiß ich nicht. Ich habe aktuell kein Adobeprodukt installiert.
Ist das denn weiter relevant, bzw. ein Sicherheitsrisiko?

cosinus 08.03.2011 11:36
Vergiss es, die Einträge sind im aktuelleren Log auch garnicht mehr da.

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{711a9ec8-e663-11df-83d0-00241ddec51b}\Shell\AutoRun\command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{711a9ec8-e663-11df-83d0-00241ddec51b}\Shell\Explore\Command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{711a9ec8-e663-11df-83d0-00241ddec51b}\Shell\Open\Command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{8c4e3250-dc1e-11df-83be-00241ddec51b}\Shell\AutoRun\command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{8c4e3250-dc1e-11df-83be-00241ddec51b}\Shell\Explore\Command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{8c4e3250-dc1e-11df-83be-00241ddec51b}\Shell\Open\Command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{b9ebcee6-ee25-11df-83e2-00241ddec51b}\Shell\AutoRun\command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{b9ebcee6-ee25-11df-83e2-00241ddec51b}\Shell\Explore\Command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{b9ebcee6-ee25-11df-83e2-00241ddec51b}\Shell\Open\Command - "" = G:\AutoRun\AutoStart.exe
O33 - MountPoints2\{dc73579a-dfb1-11df-83c1-00241ddec51b}\Shell\AutoRun\command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{dc73579a-dfb1-11df-83c1-00241ddec51b}\Shell\Explore\Command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{dc73579a-dfb1-11df-83c1-00241ddec51b}\Shell\Open\Command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{de04dc81-d49d-11df-83b9-00241ddec51b}\Shell\AutoRun\command - "" = I:\AutoRun\AutoStart.exe
O33 - MountPoints2\{de04dc81-d49d-11df-83b9-00241ddec51b}\Shell\Explore\Command - "" = I:\AutoRun\AutoStart.exe
O33 - MountPoints2\{de04dc81-d49d-11df-83b9-00241ddec51b}\Shell\Open\Command - "" = I:\AutoRun\AutoStart.exe
O33 - MountPoints2\{f3df0632-e44c-11df-83c8-00241ddec51b}\Shell\AutoRun\command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{f3df0632-e44c-11df-83c8-00241ddec51b}\Shell\Explore\Command - "" = H:\AutoRun\AutoStart.exe
O33 - MountPoints2\{f3df0632-e44c-11df-83c8-00241ddec51b}\Shell\Open\Command - "" = H:\AutoRun\AutoStart.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

chouch 09.03.2011 17:04
Hey!

Hier das Logfile.

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{711a9ec8-e663-11df-83d0-00241ddec51b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{711a9ec8-e663-11df-83d0-00241ddec51b}\ not found.
File G:\AutoRun\AutoStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{711a9ec8-e663-11df-83d0-00241ddec51b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{711a9ec8-e663-11df-83d0-00241ddec51b}\ not found.
File G:\AutoRun\AutoStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{711a9ec8-e663-11df-83d0-00241ddec51b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{711a9ec8-e663-11df-83d0-00241ddec51b}\ not found.
File G:\AutoRun\AutoStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c4e3250-dc1e-11df-83be-00241ddec51b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c4e3250-dc1e-11df-83be-00241ddec51b}\ not found.
File H:\AutoRun\AutoStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c4e3250-dc1e-11df-83be-00241ddec51b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c4e3250-dc1e-11df-83be-00241ddec51b}\ not found.
File H:\AutoRun\AutoStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c4e3250-dc1e-11df-83be-00241ddec51b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c4e3250-dc1e-11df-83be-00241ddec51b}\ not found.
File H:\AutoRun\AutoStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9ebcee6-ee25-11df-83e2-00241ddec51b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9ebcee6-ee25-11df-83e2-00241ddec51b}\ not found.
File G:\AutoRun\AutoStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9ebcee6-ee25-11df-83e2-00241ddec51b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9ebcee6-ee25-11df-83e2-00241ddec51b}\ not found.
File G:\AutoRun\AutoStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9ebcee6-ee25-11df-83e2-00241ddec51b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9ebcee6-ee25-11df-83e2-00241ddec51b}\ not found.
File G:\AutoRun\AutoStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc73579a-dfb1-11df-83c1-00241ddec51b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc73579a-dfb1-11df-83c1-00241ddec51b}\ not found.
File H:\AutoRun\AutoStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc73579a-dfb1-11df-83c1-00241ddec51b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc73579a-dfb1-11df-83c1-00241ddec51b}\ not found.
File H:\AutoRun\AutoStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc73579a-dfb1-11df-83c1-00241ddec51b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc73579a-dfb1-11df-83c1-00241ddec51b}\ not found.
File H:\AutoRun\AutoStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de04dc81-d49d-11df-83b9-00241ddec51b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de04dc81-d49d-11df-83b9-00241ddec51b}\ not found.
File I:\AutoRun\AutoStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de04dc81-d49d-11df-83b9-00241ddec51b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de04dc81-d49d-11df-83b9-00241ddec51b}\ not found.
File I:\AutoRun\AutoStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de04dc81-d49d-11df-83b9-00241ddec51b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de04dc81-d49d-11df-83b9-00241ddec51b}\ not found.
File I:\AutoRun\AutoStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3df0632-e44c-11df-83c8-00241ddec51b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3df0632-e44c-11df-83c8-00241ddec51b}\ not found.
File H:\AutoRun\AutoStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3df0632-e44c-11df-83c8-00241ddec51b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3df0632-e44c-11df-83c8-00241ddec51b}\ not found.
File H:\AutoRun\AutoStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3df0632-e44c-11df-83c8-00241ddec51b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3df0632-e44c-11df-83c8-00241ddec51b}\ not found.
File H:\AutoRun\AutoStart.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: k
->Temp folder emptied: 331367639 bytes
->Temporary Internet Files folder emptied: 791177315 bytes
->Java cache emptied: 248668 bytes
->FireFox cache emptied: 112602222 bytes
->Google Chrome cache emptied: 373808311 bytes
->Flash cache emptied: 16553 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119649 bytes
%systemroot%\System32 .tmp files removed: 1613751 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 123275283 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.655,00 mb
 
 
OTL by OldTimer - Version 3.2.22.2 log created on 03092011_165941

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 09.03.2011 21:54
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

chouch 09.03.2011 23:32
Habe alles nach Anleitung ausgeführt, CCleaner hat funkiotniert und ComboFix läuft jetzt schon seit über 20 Minuten, aber es tut sich nichts.
Im Fenster heißt es "suche nach infizerten Dateien...kann 10 Minuten dauern...bei stark infizierten Rechnern...kann sich verdoppeln"
Ist jetzt das zweite mal dass ich ComboFix starte und geht nicht...

edit: hab das jetzt seit ner knappen Stunde so stehen und es passiert nichts, bis auf eben das blaue fenster mit der Schrift drin, auch kein Fortschrittsbalken oder Ähnliches.

edit2: habe jetzt mal versucht das Fenster zu verschieben, dann hat sich das Programm aufgehängt und dann hatte mein PC nen kompletten Freeze, hab ihn jetzt ausgemacht... hoffe du hast noch ne Möglichkeit.

grüße

chouch 10.03.2011 11:12
Das editieren ist leider nicht mehr möglich, daher jetzt hier:
Habe festgestellt, dass die Windows Firewall an war, wohl durch das Malwarebytes.
Hab sie ausgemacht, jetzt läuft cofi.exe auch schon wieder seit ner halben Stunde...
50 Minuten, inzwischen...die Uhr läuft weiter, also wohl kein Freeze.

cosinus 10.03.2011 13:02
Hm, starte den Rechner neu, lad eine neue cofi.exe runter und probier es bitte nochmal.

chouch 10.03.2011 13:24
cofi.exe gelöscht
restart
cofi.exe erneut geladen
hängt wieder seit ner guten viertel stunde

cosinus 10.03.2011 13:32
Dann bitte erstmal Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

chouch 10.03.2011 15:12
Soooo, bin jetzt mit allem durch. Habe gmer einmal in c und einmal in d durchsuchen lassen.

GMER C
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-10 14:46:12
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-1a SAMSUNG_SP2504C rev.VT100-52
Running: ih4599ym.exe; Driver: C:\DOKUME~1\k\LOKALE~1\Temp\afniipog.sys


---- System - GMER 1.0.15 ----

SSDT      spve.sys                                                                                                            ZwCreateKey [0xB7EA70E0]
SSDT      spve.sys                                                                                                            ZwEnumerateKey [0xB7EC5CA4]
SSDT      spve.sys                                                                                                            ZwEnumerateValueKey [0xB7EC6032]
SSDT      spve.sys                                                                                                            ZwOpenKey [0xB7EA70C0]
SSDT      spve.sys                                                                                                            ZwQueryKey [0xB7EC610A]
SSDT      spve.sys                                                                                                            ZwQueryValueKey [0xB7EC5F8A]
SSDT      spve.sys                                                                                                            ZwSetValueKey [0xB7EC619C]

INT 0x63  ?                                                                                                                  8A54ABF8
INT 0x63  ?                                                                                                                  8A54ABF8
INT 0x73  ?                                                                                                                  8A36FF00
INT 0x73  ?                                                                                                                  8A36FF00
INT 0x73  ?                                                                                                                  8A36FF00
INT 0x73  ?                                                                                                                  8A36FF00
INT 0x82  ?                                                                                                                  8A54ABF8
INT 0x83  ?                                                                                                                  8A36FF00
INT 0x83  ?                                                                                                                  8A36FF00
INT 0xA4  ?                                                                                                                  8A36FF00
INT 0xB4  ?                                                                                                                  8A36FF00

---- Kernel code sections - GMER 1.0.15 ----

?        spve.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text    C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xB331B3A0, 0x5FE082, 0xE8000020]
.text    USBPORT.SYS!DllUnload                                                                                              B32A18AC 5 Bytes  JMP 8A36F4E0
.text    aj1tyqgr.SYS                                                                                                        B3150386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text    aj1tyqgr.SYS                                                                                                        B31503AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text    aj1tyqgr.SYS                                                                                                        B31503C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text    aj1tyqgr.SYS                                                                                                        B31503C9 1 Byte  [30]
.text    aj1tyqgr.SYS                                                                                                        B31503C9 11 Bytes  [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text    ...                                                                                                               

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT      atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [B7EA8042] spve.sys
IAT      atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [B7EA813E] spve.sys
IAT      atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                [B7EA80C0] spve.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                        [B7EA8800] spve.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                [B7EA86D6] spve.sys
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KfAcquireSpinLock]                                                18C4830E
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!READ_PORT_UCHAR]                                                  1C8D9E88
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KeGetCurrentIrql]                                                9E880000
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KfRaiseIrql]                                                      00001CA9
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KfLowerIrql]                                                      0E798366
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!HalGetInterruptVector]                                            74AAB000
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!HalTranslateBusAddress]                                          8186C636
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KeStallExecutionProcessor]                                        1A00001C
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KfReleaseSpinLock]                                                1C8386C6
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          C6020000
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!READ_PORT_USHORT]                                                001C8E86
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                        86C60200
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                00001CAA
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[WMILIB.SYS!WmiSystemControl]                                              8800001C
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[WMILIB.SYS!WmiCompleteRequest]                                            001CB19E
IAT      \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [B7EB7E9C] spve.sys

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                              8A5491F8
Device    \FileSystem\Fastfat \FatCdrom                                                                                      88972500
Device    \Driver\PCI_PNP8876 \Device\00000050                                                                                spve.sys
Device    \Driver\usbohci \Device\USBPDO-0                                                                                    8A390500
Device    \Driver\usbohci \Device\USBPDO-1                                                                                    8A390500
Device    \Driver\usbehci \Device\USBPDO-2                                                                                    8A3E31F8
Device    \Driver\usbohci \Device\USBPDO-3                                                                                    8A390500
Device    \Driver\usbohci \Device\USBPDO-4                                                                                    8A390500
Device    \Driver\usbehci \Device\USBPDO-5                                                                                    8A3E31F8
Device    \Driver\usbohci \Device\USBPDO-6                                                                                    8A390500
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8A4D71F8
Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8A4D71F8
Device    \Driver\Cdrom \Device\CdRom0                                                                                        8A370500
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                  [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                        [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                  [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort2                                                                                  [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort3                                                                                  [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a                                                                        [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22                                                                        [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                        [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\Cdrom \Device\CdRom1                                                                                        8A370500
Device    \Driver\Ftdisk \Device\HarddiskVolume3                                                                              8A4D71F8
Device    \Driver\Ftdisk \Device\HarddiskVolume4                                                                              8A4D71F8
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                            88C641F8
Device    \Driver\NetBT \Device\NetbiosSmb                                                                                    88C641F8
Device    \Driver\USBSTOR \Device\00000085                                                                                    88BFB500
Device    \Driver\USBSTOR \Device\00000086                                                                                    88BFB500
Device    \Driver\sptd \Device\1758955126                                                                                    spve.sys
Device    \Driver\usbohci \Device\USBFDO-0                                                                                    8A390500
Device    \Driver\usbohci \Device\USBFDO-1                                                                                    8A390500
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                  88C2C1F8
Device    \Driver\usbehci \Device\USBFDO-2                                                                                    8A3E31F8
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                        88C2C1F8
Device    \Driver\usbohci \Device\USBFDO-3                                                                                    8A390500
Device    \Driver\usbohci \Device\USBFDO-4                                                                                    8A390500
Device    \Driver\Ftdisk \Device\FtControl                                                                                    8A4D71F8
Device    \Driver\usbehci \Device\USBFDO-5                                                                                    8A3E31F8
Device    \Driver\usbohci \Device\USBFDO-6                                                                                    8A390500
Device    \Driver\aj1tyqgr \Device\Scsi\aj1tyqgr1                                                                            8A4091F8
Device    \FileSystem\Fastfat \Fat                                                                                            88972500
Device    \FileSystem\Cdfs \Cdfs                                                                                              88C00500

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x9B 0x3C 0x66 0x72 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x7D 0x7B 0x6A 0x04 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x01 0x37 0x5E 0x6F ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x9B 0x3C 0x66 0x72 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x7D 0x7B 0x6A 0x04 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x01 0x37 0x5E 0x6F ...
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout                                  15
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota                                    10000
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                                                  yes
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk                                                 
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout                                  90
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota                                    10000

---- EOF - GMER 1.0.15 ----
GMER D
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-10 14:54:01
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-1a SAMSUNG_SP2504C rev.VT100-52
Running: ih4599ym.exe; Driver: C:\DOKUME~1\k\LOKALE~1\Temp\afniipog.sys


---- System - GMER 1.0.15 ----

SSDT      spve.sys                                                                                                            ZwCreateKey [0xB7EA70E0]
SSDT      spve.sys                                                                                                            ZwEnumerateKey [0xB7EC5CA4]
SSDT      spve.sys                                                                                                            ZwEnumerateValueKey [0xB7EC6032]
SSDT      spve.sys                                                                                                            ZwOpenKey [0xB7EA70C0]
SSDT      spve.sys                                                                                                            ZwQueryKey [0xB7EC610A]
SSDT      spve.sys                                                                                                            ZwQueryValueKey [0xB7EC5F8A]
SSDT      spve.sys                                                                                                            ZwSetValueKey [0xB7EC619C]

INT 0x63  ?                                                                                                                  8A54ABF8
INT 0x63  ?                                                                                                                  8A54ABF8
INT 0x73  ?                                                                                                                  8A36FF00
INT 0x73  ?                                                                                                                  8A36FF00
INT 0x73  ?                                                                                                                  8A36FF00
INT 0x73  ?                                                                                                                  8A36FF00
INT 0x82  ?                                                                                                                  8A54ABF8
INT 0x83  ?                                                                                                                  8A36FF00
INT 0x83  ?                                                                                                                  8A36FF00
INT 0xA4  ?                                                                                                                  8A36FF00
INT 0xB4  ?                                                                                                                  8A36FF00

---- Kernel code sections - GMER 1.0.15 ----

?        spve.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text    C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xB331B3A0, 0x5FE082, 0xE8000020]
.text    USBPORT.SYS!DllUnload                                                                                              B32A18AC 5 Bytes  JMP 8A36F4E0
.text    aj1tyqgr.SYS                                                                                                        B3150386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text    aj1tyqgr.SYS                                                                                                        B31503AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text    aj1tyqgr.SYS                                                                                                        B31503C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text    aj1tyqgr.SYS                                                                                                        B31503C9 1 Byte  [30]
.text    aj1tyqgr.SYS                                                                                                        B31503C9 11 Bytes  [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text    ...                                                                                                               

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT      atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [B7EA8042] spve.sys
IAT      atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [B7EA813E] spve.sys
IAT      atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                [B7EA80C0] spve.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                        [B7EA8800] spve.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                [B7EA86D6] spve.sys
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KfAcquireSpinLock]                                                18C4830E
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!READ_PORT_UCHAR]                                                  1C8D9E88
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KeGetCurrentIrql]                                                9E880000
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KfRaiseIrql]                                                      00001CA9
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KfLowerIrql]                                                      0E798366
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!HalGetInterruptVector]                                            74AAB000
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!HalTranslateBusAddress]                                          8186C636
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KeStallExecutionProcessor]                                        1A00001C
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KfReleaseSpinLock]                                                1C8386C6
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          C6020000
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!READ_PORT_USHORT]                                                001C8E86
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                        86C60200
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                00001CAA
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[WMILIB.SYS!WmiSystemControl]                                              8800001C
IAT      \SystemRoot\System32\Drivers\aj1tyqgr.SYS[WMILIB.SYS!WmiCompleteRequest]                                            001CB19E
IAT      \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [B7EB7E9C] spve.sys

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                              8A5491F8
Device    \FileSystem\Fastfat \FatCdrom                                                                                      88972500
Device    \Driver\PCI_PNP8876 \Device\00000050                                                                                spve.sys
Device    \Driver\usbohci \Device\USBPDO-0                                                                                    8A390500
Device    \Driver\usbohci \Device\USBPDO-1                                                                                    8A390500
Device    \Driver\usbehci \Device\USBPDO-2                                                                                    8A3E31F8
Device    \Driver\usbohci \Device\USBPDO-3                                                                                    8A390500
Device    \Driver\usbohci \Device\USBPDO-4                                                                                    8A390500
Device    \Driver\usbehci \Device\USBPDO-5                                                                                    8A3E31F8
Device    \Driver\usbohci \Device\USBPDO-6                                                                                    8A390500
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8A4D71F8
Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8A4D71F8
Device    \Driver\Cdrom \Device\CdRom0                                                                                        8A370500
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                  [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                        [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                  [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort2                                                                                  [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort3                                                                                  [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a                                                                        [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22                                                                        [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                        [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\Cdrom \Device\CdRom1                                                                                        8A370500
Device    \Driver\Ftdisk \Device\HarddiskVolume3                                                                              8A4D71F8
Device    \Driver\Ftdisk \Device\HarddiskVolume4                                                                              8A4D71F8
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                            88C641F8
Device    \Driver\USBSTOR \Device\00000085                                                                                    88BFB500
Device    \Driver\NetBT \Device\NetbiosSmb                                                                                    88C641F8
Device    \Driver\USBSTOR \Device\00000086                                                                                    88BFB500
Device    \Driver\sptd \Device\1758955126                                                                                    spve.sys
Device    \Driver\usbohci \Device\USBFDO-0                                                                                    8A390500
Device    \Driver\usbohci \Device\USBFDO-1                                                                                    8A390500
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                  88C2C1F8
Device    \Driver\usbehci \Device\USBFDO-2                                                                                    8A3E31F8
Device    \Driver\usbohci \Device\USBFDO-3                                                                                    8A390500
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                        88C2C1F8
Device    \Driver\Ftdisk \Device\FtControl                                                                                    8A4D71F8
Device    \Driver\usbohci \Device\USBFDO-4                                                                                    8A390500
Device    \Driver\usbehci \Device\USBFDO-5                                                                                    8A3E31F8
Device    \Driver\usbohci \Device\USBFDO-6                                                                                    8A390500
Device    \Driver\aj1tyqgr \Device\Scsi\aj1tyqgr1                                                                            8A4091F8
Device    \FileSystem\Fastfat \Fat                                                                                            88972500
Device    \FileSystem\Cdfs \Cdfs                                                                                              88C00500

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x9B 0x3C 0x66 0x72 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x7D 0x7B 0x6A 0x04 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x01 0x37 0x5E 0x6F ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x9B 0x3C 0x66 0x72 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x7D 0x7B 0x6A 0x04 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x01 0x37 0x5E 0x6F ...
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout                                  15
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota                                    10000
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                                                  yes
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk                                                 
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout                                  90
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota                                    10000

---- EOF - GMER 1.0.15 ----
OSAM
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:08:32 on 10.03.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Google Inc. Google Chrome 0.0.0.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-2025429265-2000478354-839522115-1004Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-2025429265-2000478354-839522115-1004UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CreativeAudioConsole" - "Creative Technology Ltd" - C:\Programme\Creative\AudioCS\CTAudCS.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aba63rq6" (aba63rq6) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\aba63rq6.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"adfs" (adfs) - ? - C:\WINDOWS\system32\drivers\adfs.sys  (File not found)
"AEGIS Protocol (IEEE 802.1x) v3.2.0.3" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"C-Media USB Sound Interface" (cmudau) - ? - C:\WINDOWS\System32\drivers\cmudau.sys  (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\k\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DNINDIS5 NDIS Protocol Driver" (DNINDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\DNINDIS5.SYS
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pwdrvio" (pwdrvio) - ? - C:\WINDOWS\system32\pwdrvio.sys  (File found, but it contains no detailed information)
"pwdspio" (pwdspio) - ? - C:\WINDOWS\system32\pwdspio.sys  (File found, but it contains no detailed information)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys
"Virtual Machine Monitor" (vmm) - "Microsoft Corporation" - C:\WINDOWS\system32\Drivers\vmm.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"Wireless USB 2.0 Adapter with RangeMax Service" (WPN111) - ? - C:\WINDOWS\System32\DRIVERS\WPN111.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{621FCD24-4498-4324-A81E-07D331376EDF} "PixiePack Codec Pack 0.10.4" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe  (File found, but it contains no detailed information)
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -  (File not found | COM-object registry key not found)
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{8932AEFE-9DB6-4f43-AFB2-5682F55E773A} "VPCHostCopyHook" - "Microsoft Corporation" - C:\Programme\Microsoft Virtual PC\VPCShExH.DLL
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
DirectAnimation Java Classes "DirectAnimation Java Classes" - ? -  (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\dajava.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? -  (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\k\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Creative Audio Engine Licensing Service" (Creative Audio Engine Licensing Service) - "Creative Labs" - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe
"Creative Audio Service" (CTAudSvcService) - "Creative Technology Ltd" - C:\Programme\Creative\Shared Files\CTAudSvc.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
MBRCHECK
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows XP Home Edition
Windows Information:                Service Pack 3 (build 2600)
Logical Drives Mask:                0x0000007d

Kernel Drivers (total 129):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E5000 \WINDOWS\system32\hal.dll
  0xB85A8000 \WINDOWS\system32\KDCOM.DLL
  0xB84B8000 \WINDOWS\system32\BOOTVID.dll
  0xB7EA6000 spdr.sys
  0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
  0xB7E8E000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
  0xB7E5F000 ACPI.sys
  0xB7E4E000 pci.sys
  0xB80A8000 ohci1394.sys
  0xB80B8000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
  0xB80C8000 isapnp.sys
  0xB8670000 pciide.sys
  0xB8328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
  0xB80D8000 MountMgr.sys
  0xB7E2F000 ftdisk.sys
  0xB8330000 PartMgr.sys
  0xB80E8000 VolSnap.sys
  0xB7E17000 atapi.sys
  0xB80F8000 disk.sys
  0xB8108000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
  0xB7DF7000 fltmgr.sys
  0xB7DE5000 sr.sys
  0xB8118000 PxHelp20.sys
  0xB7DCE000 KSecDD.sys
  0xB7D41000 Ntfs.sys
  0xB7D14000 NDIS.sys
  0xB7CFA000 Mup.sys
  0xB8158000 \SystemRoot\System32\DRIVERS\processr.sys
  0xB855C000 \SystemRoot\System32\DRIVERS\wmiacpi.sys
  0xB331B000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xB3307000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xB32D0000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
  0xB8168000 \SystemRoot\System32\DRIVERS\imapi.sys
  0xB8178000 \SystemRoot\System32\DRIVERS\cdrom.sys
  0xB8188000 \SystemRoot\System32\DRIVERS\redbook.sys
  0xB32AD000 \SystemRoot\System32\DRIVERS\ks.sys
  0xB83A0000 \SystemRoot\System32\DRIVERS\usbohci.sys
  0xB3289000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
  0xB83A8000 \SystemRoot\System32\DRIVERS\usbehci.sys
  0xB3261000 \SystemRoot\System32\DRIVERS\HDAudBus.sys
  0xB31E1000 \SystemRoot\system32\drivers\ctaud2k.sys
  0xB31BD000 \SystemRoot\system32\drivers\portcls.sys
  0xB8198000 \SystemRoot\system32\drivers\drmk.sys
  0xB3188000 \SystemRoot\system32\drivers\ctoss2k.sys
  0xB83C0000 \SystemRoot\system32\drivers\ctprxy2k.sys
  0xB81A8000 \SystemRoot\System32\DRIVERS\nic1394.sys
  0xB3150000 \SystemRoot\System32\Drivers\aba63rq6.SYS
  0xB8438000 \SystemRoot\System32\DRIVERS\fdc.sys
  0xB81B8000 \SystemRoot\System32\DRIVERS\serial.sys
  0xB858C000 \SystemRoot\System32\DRIVERS\serenum.sys
  0xB313C000 \SystemRoot\System32\DRIVERS\parport.sys
  0xB81C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xB8450000 \SystemRoot\System32\DRIVERS\kbdclass.sys
  0xB312B000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys
  0xB87EF000 \SystemRoot\System32\DRIVERS\audstub.sys
  0xB81D8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
  0xB8598000 \SystemRoot\System32\DRIVERS\ndistapi.sys
  0xB3114000 \SystemRoot\System32\DRIVERS\ndiswan.sys
  0xB81E8000 \SystemRoot\System32\DRIVERS\raspppoe.sys
  0xB81F8000 \SystemRoot\System32\DRIVERS\raspptp.sys
  0xB8478000 \SystemRoot\System32\DRIVERS\TDI.SYS
  0xB3063000 \SystemRoot\System32\DRIVERS\psched.sys
  0xB8208000 \SystemRoot\System32\DRIVERS\msgpc.sys
  0xB8488000 \SystemRoot\System32\DRIVERS\ptilink.sys
  0xB8498000 \SystemRoot\System32\DRIVERS\raspti.sys
  0xB8218000 \SystemRoot\System32\DRIVERS\termdd.sys
  0xB84A0000 \SystemRoot\System32\DRIVERS\mouclass.sys
  0xB85B6000 \SystemRoot\System32\DRIVERS\swenum.sys
  0xB3005000 \SystemRoot\System32\DRIVERS\update.sys
  0xB7CD6000 \SystemRoot\System32\DRIVERS\mssmbios.sys
  0xB8228000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xB8248000 \SystemRoot\System32\DRIVERS\usbhub.sys
  0xB85C2000 \SystemRoot\System32\DRIVERS\USBD.SYS
  0xACB92000 \SystemRoot\system32\drivers\ha20x2k.sys
  0xACB62000 \SystemRoot\system32\drivers\emupia2k.sys
  0xACB39000 \SystemRoot\system32\drivers\ctsfm2k.sys
  0xACA9D000 \SystemRoot\system32\drivers\ctac32k.sys
  0xACA88000 \SystemRoot\System32\drivers\CTHWIUT.SYS
  0xACA5C000 \SystemRoot\System32\drivers\CT20XUT.SYS
  0xAC915000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
  0xB83B0000 \SystemRoot\System32\DRIVERS\flpydisk.sys
  0xB85CC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xB8700000 \SystemRoot\System32\Drivers\Null.SYS
  0xB85D0000 \SystemRoot\System32\Drivers\Beep.SYS
  0xB83D8000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
  0xB83E0000 \SystemRoot\System32\drivers\vga.sys
  0xB85D4000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xB85D8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xB83F0000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xB8400000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB857C000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0xAC8E2000 \SystemRoot\System32\DRIVERS\ipsec.sys
  0xAC889000 \SystemRoot\System32\DRIVERS\tcpip.sys
  0xAC839000 \SystemRoot\System32\DRIVERS\netbt.sys
  0xAC813000 \SystemRoot\System32\DRIVERS\ipnat.sys
  0xB8278000 \SystemRoot\System32\DRIVERS\wanarp.sys
  0xAC7F1000 \SystemRoot\System32\drivers\afd.sys
  0xB8288000 \SystemRoot\System32\DRIVERS\arp1394.sys
  0xB8298000 \SystemRoot\System32\DRIVERS\netbios.sys
  0xAC7B6000 \??\C:\WINDOWS\system32\Drivers\vmm.sys
  0xAC78B000 \SystemRoot\System32\DRIVERS\rdbss.sys
  0xAC71B000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
  0xB82A8000 \SystemRoot\System32\Drivers\Fips.SYS
  0xB8430000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0xB2FE1000 \SystemRoot\System32\DRIVERS\hidusb.sys
  0xB82E8000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
  0xB8448000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
  0xB0ED9000 \SystemRoot\System32\DRIVERS\mouhid.sys
  0xB82F8000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xAC63B000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xB85DE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xB0EC1000 \SystemRoot\System32\drivers\Dxapi.sys
  0xB8480000 \SystemRoot\System32\watchdog.sys
  0xBD000000 \SystemRoot\System32\drivers\dxg.sys
  0xB87F6000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBD012000 \SystemRoot\System32\nv4_disp.dll
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xAB9D9000 \SystemRoot\system32\DRIVERS\AegisP.sys
  0xAB9C9000 \SystemRoot\System32\DRIVERS\ndisuio.sys
  0xAB841000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xAB6AC000 \SystemRoot\System32\DRIVERS\mrxdav.sys
  0xB863A000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0xAB5F7000 \SystemRoot\system32\drivers\wdmaud.sys
  0xAC6DB000 \SystemRoot\system32\drivers\sysaudio.sys
  0xAB48F000 \SystemRoot\System32\DRIVERS\srv.sys
  0xAB0DE000 \SystemRoot\System32\Drivers\HTTP.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 30):
      0 System Idle Process
      4 System
    804 C:\WINDOWS\system32\smss.exe
    868 csrss.exe
    892 C:\WINDOWS\system32\winlogon.exe
    952 C:\WINDOWS\system32\services.exe
    964 C:\WINDOWS\system32\lsass.exe
    1136 C:\WINDOWS\system32\nvsvc32.exe
    1212 C:\WINDOWS\system32\svchost.exe
    1300 svchost.exe
    1424 C:\WINDOWS\system32\svchost.exe
    1544 svchost.exe
    1668 svchost.exe
    1828 C:\WINDOWS\system32\spoolsv.exe
    1920 C:\Programme\Creative\Shared Files\CTAudSvc.exe
    2008 C:\WINDOWS\explorer.exe
    144 C:\Programme\Java\jre6\bin\jqs.exe
    192 C:\WINDOWS\system32\svchost.exe
    228 wdfmgr.exe
    1936 C:\WINDOWS\system32\Ctxfihlp.exe
    332 C:\WINDOWS\system32\rundll32.exe
    392 C:\WINDOWS\system32\ctfmon.exe
    680 C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    1840 alg.exe
    1716 C:\WINDOWS\system32\wbem\wmiapsrv.exe
    776 wmiprvse.exe
    1564 C:\WINDOWS\system32\CTxfispi.exe
    2328 C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    2444 C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    2496 C:\Dokumente und Einstellungen\k\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive1 Model Number: SAMSUNGSP2504C, Rev: VT100-52
PhysicalDrive0 Model Number: SAMSUNGHD321KJ, Rev: CP100-12

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive1  Unknown MBR code
            SHA1: A2807BA7FD4C206EFECA81EE5D8474BD4DCD1035
    298 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 1F7D73C9E899CA12D634A5E0AF164DF7877E62ED


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
Danke!:applaus:

cosinus 10.03.2011 17:23
Zitat:
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: A2807BA7FD4C206EFECA81EE5D8474BD4DCD1035
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1F7D73C9E899CA12D634A5E0AF164DF7877E62ED
Hast Du noch andere Betriebssystem außer WinXP drauf?

Wenn nicht, also WinXP das einzige installierte System ist: Starte den Rechner neu und wähle im Bootmenü die Wiederherstellungskonsole aus.
Tipp dort den Befehl fixmbr ein (dann Enter, mit j bestätigen) danach den Befehl fixboot (dann Enter, mit j bestätigen)
Mit exit (dann enter drücken) wird der Rechner neu gestartet. Führe im normalen Windowsmodus MBRCheck nochmals aus und poste das neue Log.

Edit: Die Wiederherstellungskonsole ist bei dir vermutlich nicht installiert, combofix installiert die, aber das ist bei dir noch nicht durchgelaufen. Falls sie nicht installiert wurde, einfach von der Windows-CD booten und dort mit der taste R in die Wiederherstellungskonsole gehen.

chouch 10.03.2011 18:48
Das ist Ubuntu 10.10.

cosinus 10.03.2011 18:54
Hast du Ubuntu richtig parallel installiert oder über wubi?

chouch 10.03.2011 18:56
Zitat:
Zitat von cosinus (Beitrag 628660)
Hast du Ubuntu richtig parallel installiert oder über wubi?
Richtig. Mit Neustarten und dann von USB Stick booten und allen Schikanen.

cosinus 10.03.2011 19:00
Hm, dann sollte er eigentlich einen GRUB-MBR finden...
Den MBR darfst du auf keinen Fall über die Wiederherstellungskonsole fixen, weil sonst dein Ubuntu nicht mehr starten würde. Kann man reparieren, ist aber mit etwas Aufwand verbunden. Für solche Fälle solltest du aber Rescatux in der Tasche haben => Rescatux | Boot Problems Open Source Tools

mach mal bitte vorsichtshalber wegen des unbekannten MBR einen Durchgang mit diesem Tool von Kaspersky => http://www.trojaner-board.de/82358-t...entfernen.html

chouch 10.03.2011 19:09
Ich glaube ich hab mir das Grub mit dem ganzen cofi und immer system abschießen auch geschossen...normalerweise kam immer die auswahl zw. win und ubu, jetzt nicht mehr.
Mit Grub wiederherstellen kenn ich mich allerdings zum Glück halbwegs aus, musste ich schonmal machen. Außerdem leg ich nicht viel Wert auf die Installation, ist nix drin.

Code:
2011/03/10 19:06:43.0671 2536        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/10 19:06:44.0203 2536        ================================================================================
2011/03/10 19:06:44.0203 2536        SystemInfo:
2011/03/10 19:06:44.0203 2536       
2011/03/10 19:06:44.0203 2536        OS Version: 5.1.2600 ServicePack: 3.0
2011/03/10 19:06:44.0203 2536        Product type: Workstation
2011/03/10 19:06:44.0203 2536        ComputerName: S-810I8BKMSFIW3
2011/03/10 19:06:44.0203 2536        UserName: k
2011/03/10 19:06:44.0203 2536        Windows directory: C:\WINDOWS
2011/03/10 19:06:44.0203 2536        System windows directory: C:\WINDOWS
2011/03/10 19:06:44.0203 2536        Processor architecture: Intel x86
2011/03/10 19:06:44.0203 2536        Number of processors: 4
2011/03/10 19:06:44.0203 2536        Page size: 0x1000
2011/03/10 19:06:44.0203 2536        Boot type: Normal boot
2011/03/10 19:06:44.0203 2536        ================================================================================
2011/03/10 19:06:45.0265 2536        Initialize success
2011/03/10 19:06:51.0937 2432        ================================================================================
2011/03/10 19:06:51.0937 2432        Scan started
2011/03/10 19:06:51.0937 2432        Mode: Manual;
2011/03/10 19:06:51.0937 2432        ================================================================================
2011/03/10 19:06:52.0796 2432        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/10 19:06:52.0875 2432        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/10 19:06:53.0125 2432        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/10 19:06:53.0203 2432        AegisP          (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/03/10 19:06:53.0296 2432        AFD            (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2011/03/10 19:06:53.0796 2432        Andbus          (45039ad240754b3bd789668c2c986ea7) C:\WINDOWS\system32\DRIVERS\lgandbus.sys
2011/03/10 19:06:53.0859 2432        AndDiag        (f7ec18db02c9fb26aed52e0e1bb98960) C:\WINDOWS\system32\DRIVERS\lganddiag.sys
2011/03/10 19:06:53.0937 2432        AndGps          (6d79f0c7f33dd85f50d69c7d7efec9e0) C:\WINDOWS\system32\DRIVERS\lgandgps.sys
2011/03/10 19:06:54.0031 2432        ANDModem        (881837e816b948f7a94098add21afd7c) C:\WINDOWS\system32\DRIVERS\lgandmodem.sys
2011/03/10 19:06:54.0109 2432        androidusb      (54a40a58ff71936026f2e49ecfd487b8) C:\WINDOWS\system32\Drivers\lgandadb.sys
2011/03/10 19:06:54.0203 2432        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/10 19:06:54.0578 2432        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/10 19:06:54.0671 2432        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/10 19:06:54.0843 2432        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/10 19:06:54.0968 2432        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/10 19:06:55.0093 2432        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/10 19:06:55.0390 2432        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/10 19:06:55.0562 2432        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/10 19:06:55.0656 2432        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/10 19:06:55.0734 2432        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/10 19:06:56.0390 2432        CT20XUT        (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\WINDOWS\system32\drivers\CT20XUT.SYS
2011/03/10 19:06:56.0468 2432        CT20XUT.SYS    (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\WINDOWS\System32\drivers\CT20XUT.SYS
2011/03/10 19:06:56.0593 2432        ctac32k        (7ec5c5f0b0c14ec186074fd095f0f370) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/03/10 19:06:56.0703 2432        ctaud2k        (8dc02de5321499e6c1fe87e43d86a73b) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/03/10 19:06:56.0875 2432        CTEXFIFX        (d4c74f7228a2162171dee3087cc22fbf) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
2011/03/10 19:06:57.0000 2432        CTEXFIFX.SYS    (d4c74f7228a2162171dee3087cc22fbf) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
2011/03/10 19:06:57.0078 2432        CTHWIUT        (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\WINDOWS\system32\drivers\CTHWIUT.SYS
2011/03/10 19:06:57.0171 2432        CTHWIUT.SYS    (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\WINDOWS\System32\drivers\CTHWIUT.SYS
2011/03/10 19:06:57.0265 2432        ctprxy2k        (920b45bc9191f4e880ea2b75524d96ab) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/03/10 19:06:57.0359 2432        ctsfm2k        (eac70ef0b40df7b8178bf5e80b5f4277) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/03/10 19:06:57.0687 2432        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/10 19:06:57.0859 2432        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/10 19:06:57.0953 2432        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/10 19:06:58.0062 2432        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/10 19:06:58.0203 2432        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/10 19:06:58.0296 2432        DNINDIS5        (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
2011/03/10 19:06:58.0562 2432        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/10 19:06:58.0718 2432        emupia          (8b41f776beafda612cdf8ffa997b201e) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/03/10 19:06:58.0937 2432        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/10 19:06:59.0078 2432        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/10 19:06:59.0171 2432        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/10 19:06:59.0265 2432        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/10 19:06:59.0375 2432        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/10 19:06:59.0515 2432        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/10 19:06:59.0625 2432        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/10 19:06:59.0750 2432        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/10 19:06:59.0875 2432        ha20x2k        (eda33b1d4721470bb924f082cf66d06a) C:\WINDOWS\system32\drivers\ha20x2k.sys
2011/03/10 19:07:00.0031 2432        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/10 19:07:00.0218 2432        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/10 19:07:00.0515 2432        HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/10 19:07:00.0859 2432        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/10 19:07:01.0000 2432        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/10 19:07:01.0296 2432        ip6fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/10 19:07:01.0312 2432        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/10 19:07:01.0328 2432        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/10 19:07:01.0343 2432        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/10 19:07:01.0359 2432        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/10 19:07:01.0375 2432        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/10 19:07:01.0390 2432        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/10 19:07:01.0390 2432        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/10 19:07:01.0406 2432        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/10 19:07:01.0453 2432        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/10 19:07:01.0468 2432        KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/10 19:07:01.0500 2432        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/10 19:07:01.0515 2432        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/10 19:07:01.0531 2432        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/10 19:07:01.0578 2432        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/10 19:07:01.0593 2432        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/10 19:07:01.0609 2432        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/10 19:07:01.0625 2432        MRxSmb          (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/10 19:07:01.0656 2432        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/10 19:07:01.0671 2432        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/10 19:07:01.0687 2432        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/10 19:07:01.0687 2432        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/10 19:07:01.0703 2432        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/10 19:07:01.0718 2432        Mup            (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/10 19:07:01.0734 2432        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/10 19:07:01.0750 2432        NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/10 19:07:01.0781 2432        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/10 19:07:01.0781 2432        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/10 19:07:01.0796 2432        NDProxy        (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/10 19:07:01.0812 2432        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/10 19:07:01.0843 2432        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/10 19:07:01.0875 2432        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/10 19:07:01.0890 2432        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/10 19:07:01.0921 2432        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/10 19:07:01.0968 2432        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/10 19:07:02.0171 2432        nv              (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/10 19:07:02.0468 2432        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/10 19:07:02.0484 2432        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/10 19:07:02.0515 2432        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/10 19:07:02.0562 2432        ossrv          (ea7563de822696f1b9be9e589d33fa96) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/03/10 19:07:02.0625 2432        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/10 19:07:02.0625 2432        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/10 19:07:02.0671 2432        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/10 19:07:02.0671 2432        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/10 19:07:02.0703 2432        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/10 19:07:02.0734 2432        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/10 19:07:02.0812 2432        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/10 19:07:02.0828 2432        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/10 19:07:02.0828 2432        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/10 19:07:02.0843 2432        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/10 19:07:02.0906 2432        pwdrvio        (c50de6d0c04b230f185a13fde0f047fa) C:\WINDOWS\system32\pwdrvio.sys
2011/03/10 19:07:02.0921 2432        pwdspio        (cdc5704308222400ad606bcf87b006a5) C:\WINDOWS\system32\pwdspio.sys
2011/03/10 19:07:02.0937 2432        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/10 19:07:03.0000 2432        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/10 19:07:03.0000 2432        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/10 19:07:03.0015 2432        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/10 19:07:03.0015 2432        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/10 19:07:03.0031 2432        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/10 19:07:03.0046 2432        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/10 19:07:03.0093 2432        RDPWD          (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/10 19:07:03.0109 2432        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/10 19:07:03.0171 2432        RTLE8023xp      (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/03/10 19:07:03.0218 2432        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/10 19:07:03.0234 2432        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/10 19:07:03.0281 2432        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/10 19:07:03.0296 2432        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/10 19:07:03.0343 2432        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/10 19:07:03.0390 2432        sptd            (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2011/03/10 19:07:03.0390 2432        Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/03/10 19:07:03.0390 2432        sptd - detected Locked file (1)
2011/03/10 19:07:03.0406 2432        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/10 19:07:03.0437 2432        Srv            (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/10 19:07:03.0437 2432        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/10 19:07:03.0453 2432        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/10 19:07:03.0531 2432        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/10 19:07:03.0562 2432        tbhsd          (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
2011/03/10 19:07:03.0593 2432        Tcpip          (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/10 19:07:03.0625 2432        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/10 19:07:03.0640 2432        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/10 19:07:03.0671 2432        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/10 19:07:03.0703 2432        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/10 19:07:03.0734 2432        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/10 19:07:03.0781 2432        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/10 19:07:03.0812 2432        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/10 19:07:03.0828 2432        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/10 19:07:03.0859 2432        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/10 19:07:03.0875 2432        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/10 19:07:03.0921 2432        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/10 19:07:03.0953 2432        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/10 19:07:03.0984 2432        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/10 19:07:04.0000 2432        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/10 19:07:04.0046 2432        vmm            (b0fd6e31ed4acd87eb852c5dac27734a) C:\WINDOWS\system32\Drivers\vmm.sys
2011/03/10 19:07:04.0093 2432        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/10 19:07:04.0109 2432        VPCNetS2        (2abe8281db609d8bb1bd1b2f93800d5f) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
2011/03/10 19:07:04.0156 2432        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/10 19:07:04.0203 2432        Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/03/10 19:07:04.0265 2432        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/10 19:07:04.0312 2432        WmiAcpi        (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/03/10 19:07:04.0375 2432        WpdUsb          (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/03/10 19:07:04.0406 2432        xusb21          (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2011/03/10 19:07:05.0187 2432        ================================================================================
2011/03/10 19:07:05.0187 2432        Scan finished
2011/03/10 19:07:05.0187 2432        ================================================================================
2011/03/10 19:07:05.0187 3800        Detected object count: 1
2011/03/10 19:07:16.0312 3800        Locked file(sptd) - User select action: Skip

cosinus 10.03.2011 19:13
Das ist natürlich blöd, wenn damit der GRUB zerschossen wurde...aber mit Rescatux bekommste das wieder hin :daumenhoc
Musst du wissen, ob du reparierst oder Ubuntu neu installierst. Die Installation dauert ja auch nicht lang, und wichtiges war ja auch nicht drin.

Das TDSS-Log sieht ok aus, das angemeckerte SPTD ist i.o. denn das ist der Treiber für virtuelle CD-Laufwerke.

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

chouch 10.03.2011 21:31
Arne!

SuperDuper AntiMalware Log
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/10/2011 at 09:07 PM

Application Version : 4.49.1000

Core Rules Database Version : 6570
Trace Rules Database Version: 4382

Scan type      : Complete Scan
Total Scan Time : 00:59:55

Memory items scanned      : 530
Memory threats detected  : 0
Registry items scanned    : 5583
Registry threats detected : 3
File items scanned        : 97439
File threats detected    : 2

Adware.Tracking Cookie
        C:\Dokumente und Einstellungen\k\Cookies\k@2o7[2].txt
        C:\Dokumente und Einstellungen\k\Cookies\k@112.2o7[2].txt

Disabled.SecurityCenterOption
        HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
        HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
        HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY
Die letzten drei sind wieder die Hinweise darauf, dass das Sicherheitscenter mich nicht warnt, aber das soll es auch gar nicht.

Hier nochmal der aktuelle Malwarebytes Log.
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6012

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10.03.2011 20:03:52
mbam-log-2011-03-10 (20-03-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 243637
Laufzeit: 36 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
grüße

cosinus 11.03.2011 09:35
Nur Cookies. Und drei Meldungen bzgl. des Sicherheitscenters, sind diese Einstellungen gewollt?

chouch 11.03.2011 10:37
Jo, wie gesagt das ist Ok. Sind die Meldungen, dass ich keine Firewall installiert habe, kein Antiviren Programm und keine Automatischen Updates.

Was würdest du denn als Antiviren Programm empfehlen, das immer läuft? Oder gar keines und immer nur mal Malwarebytes durchlaufen lassen?

btw: Das Grub ist doch noch da, allerdings komme ich nach dem auswählen von Win XP nochmal auf ne Seite auf der ich so eine Wiederherstellung oder ein Debug Modus auswählen kann. (Nicht auswählen steht dahinter)
Weißt du, wie ich das wegkriege?

grüße

cosinus 11.03.2011 10:47
Zitat:
Was würdest du denn als Antiviren Programm empfehlen, das immer läuft? Oder gar keines und immer nur mal Malwarebytes durchlaufen lassen?
Ich hab unter Windows nur noch Malwarebytes Free. Ansonsten könnte dir der kostenlose MS Security Essentials einen guten Dienst leisten.

Zitat:
btw: Das Grub ist doch noch da, allerdings komme ich nach dem auswählen von Win XP nochmal auf ne Seite auf der ich so eine Wiederherstellung oder ein Debug Modus auswählen kann. (Nicht auswählen steht dahinter)
Kann ein CF liegen, das ist zwar nicht komplett bei dir durgelaufen, hat aber die Wiederherstellungskonsole bei dir installiert. Müsstest du wegbekommen, indem du die boot.ini richtig editierst

chouch 16.03.2011 15:43
Wenn Malwarebytes auf komplett Scan durchläuft und nix findet, ist es sicher?

Hab mal "alle Startpfade überprüfen" gemacht, da hat er jetzt ne Option rausgeschmissen. Mal gucken.

cosinus 16.03.2011 16:15
Zitat:
Wenn Malwarebytes auf komplett Scan durchläuft und nix findet, ist es sicher?
Nein. Bei keinem Virenscanner. Es gibt weder 100% Sicherheit, noch einen Virenscanner der immer alle Schädlinge findet.

chouch 17.03.2011 08:25
Aber jetzt bin ich "sauber"? Mit den ganzen Programmen die ich hab drüberlaufen lassen und deiner kompetenten Auswertung?

cosinus 17.03.2011 09:52
Lt. den Logfiles ja. Es gibt keine 100% Sicherheit.

Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

chouch 18.03.2011 13:21
Windows ist geupdatet.
Adobe Reader nutze ich nie, ist auch mWn nicht installiert. Habe schon immer FoxitReader drauf.
Java hab ich deinstalliert und neu installiert.

Danke für die Hilfe nochmal. :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131