Trojaner immer wieder

RealSnapshot · 16.02.2011, 16:26

Hallo,

habe leider ein Problem mit Trojanern. Habe Malwarebytes Antimalware durclaufen lassen und der hat einiges gefunden. Aber es kommen immer wieder neue Trojaner

Danke für eure Hilfe

Hier schon mal der AM-Logfile

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5773

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.02.2011 16:23:27
mbam-log-2011-02-16 (16-23-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 326501
Laufzeit: 53 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfdpfsdfusr.exe (Trojan.Agent) -> Value: kfdpfsdfusr.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\kfdpfsdfusr\kfdpfsdfusr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Poker\titan poker\_titanpsetup_bfe69a.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Users\Snapshot\AppData\Local\Temp\ptu2bd0_tmp.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Windows\temp\rxyx\setup.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\plugs\kb4162652.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

M-K-D-B · 16.02.2011, 18:01

Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Poste die Logfiles in Code-Boxen. Dadurch sparst du Platz.
Bitte arbeite solange mit mir mit, bis ich dir sage, dass wir hier fertig sind.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Für Benutzer von Windows Vista und Windows 7 gilt: Alle Programme mit Rechtsklick "Als Administrator ausführen" starten.

Ich möchte dich nun darauf hinweisen, dass ich hier noch in Training bin und jede Antwort zuerst von einem Mitglied des Kompetenzteams freigegeben werden muss. Dies kann eine leichte Verzögerung der Antworten hervorrufen. Ich bedanke mich für deine Geduld.

Schritt # 1: Load.exe ausführen
Downloade Dir bitte Load.exe

Das Tool benötigt eine aktive Internetverbindung, aber keinen offenen Browser
Sollte deine Firewall meckern, die Anwendung bitte zulassen.

Speichere die Datei am Desktop.
Doppelklick auf die load.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Schließe nun alle offenen Programme.
Klicke auf Download
Bitte während dem Download nicht in das Fenster klicken.
Folge den Anweisungen auf dem Bildschirm.

Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.html.
Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.
Wichtig: Falls Du das Tool erneut startest, nutze den CleanUp Button nicht ohne Anweisung.

Anleitung:
http://www.trojaner-board.de/89918-l...e-larusso.html

Schritt # 2: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort die Logfiles von

Malwarebytes' Anti-Malware,

Defogger,

Gmer und

die beiden Logfiles von OTL (OTL.txt und Extras.txt).

RealSnapshot · 16.02.2011, 21:39

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:26 on 16/02/2011 (Snapshot)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU

AEMON Tools Lite -> Removed

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)

-=E.O.F=-

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5773

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.02.2011 21:45:13
mbam-log-2011-02-16 (21-45-13).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 156168
Laufzeit: 3 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-02-16 21:52:13
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdePort2 ST3250410AS rev.3.AAC
Running: g2m3e4r.exe; Driver: C:\Users\Snapshot\AppData\Local\Temp\kwlorkoc.sys
 
 
---- System - GMER 1.0.15 ----
 
SSDT            805A7C7C                                                                                                                                                 ZwCreateThread
SSDT            805A7C68                                                                                                                                                 ZwOpenProcess
SSDT            805A7C6D                                                                                                                                                 ZwOpenThread
SSDT            805A7C77                                                                                                                                                 ZwTerminateProcess
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                                                          81A5C599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                   81A80F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 34C                                                                                                                      81A8885C 4 Bytes  [7C, 7C, 5A, 80]
.text           ntkrnlpa.exe!RtlSidHashLookup + 4E8                                                                                                                      81A889F8 4 Bytes  [68, 7C, 5A, 80]
.text           ntkrnlpa.exe!RtlSidHashLookup + 508                                                                                                                      81A88A18 4 Bytes  [6D, 7C, 5A, 80]
.text           ntkrnlpa.exe!RtlSidHashLookup + 7B8                                                                                                                      81A88CC8 4 Bytes  [77, 7C, 5A, 80]
.rsrc           C:\Windows\system32\drivers\afd.sys                                                                                                                      entry point in ".rsrc" section [0x8B8B0014]
 
---- User code sections - GMER 1.0.15 ----
 
.text           C:\Windows\system32\svchost.exe[976] ntdll.dll!NtProtectVirtualMemory                                                                                    76F95360 5 Bytes  JMP 0030000A 
.text           C:\Windows\system32\svchost.exe[976] ntdll.dll!NtWriteVirtualMemory                                                                                      76F95EE0 5 Bytes  JMP 0031000A 
.text           C:\Windows\system32\svchost.exe[976] ntdll.dll!KiUserExceptionDispatcher                                                                                 76F96448 5 Bytes  JMP 002F000A 
.text           C:\Windows\system32\svchost.exe[976] ole32.dll!CoCreateInstance                                                                                          758A590C 5 Bytes  JMP 0047000A 
.text           C:\Windows\system32\svchost.exe[976] USER32.dll!GetCursorPos                                                                                             7545C198 5 Bytes  JMP 00D5000A 
.text           C:\Windows\Explorer.EXE[2024] ntdll.dll!NtProtectVirtualMemory                                                                                           76F95360 5 Bytes  JMP 01FC000A 
.text           C:\Windows\Explorer.EXE[2024] ntdll.dll!NtWriteVirtualMemory                                                                                             76F95EE0 5 Bytes  JMP 01FD000A 
.text           C:\Windows\Explorer.EXE[2024] ntdll.dll!KiUserExceptionDispatcher                                                                                        76F96448 5 Bytes  JMP 01FB000A 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3448] ntdll.dll!NtProtectVirtualMemory                                                                      76F95360 5 Bytes  JMP 005A000A 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3448] ntdll.dll!NtWriteVirtualMemory                                                                        76F95EE0 5 Bytes  JMP 005B000A 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3448] ntdll.dll!KiUserExceptionDispatcher                                                                   76F96448 5 Bytes  JMP 0036000A 
 
---- Devices - GMER 1.0.15 ----
 
Device          \Driver\ACPI_HAL \Device\00000049                                                                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0                                                                                                      848B1AEA
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1                                                                                                      848B1AEA
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2                                                                                                      848B1AEA
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3                                                                                                      848B1AEA
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4                                                                                                      848B1AEA
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5                                                                                                      848B1AEA
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP4T0L0-7                                                                                             848B1AEA
 
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 
Device          \Device\Ide\IdeDeviceP2T0L0-2 -> \??\IDE#DiskST3250410AS_____________________________3.AAC___#5&32772958&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}  device not found
 
---- Threads - GMER 1.0.15 ----
 
Thread          System [4:2308]                                                                                                                                          9990EF2E
 
---- Registry - GMER 1.0.15 ----
 
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                      C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                      0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                      0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                   0x36 0x26 0x2D 0x70 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                          0xF7 0x17 0x70 0x86 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                     0xDE 0x17 0x92 0xC5 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                     
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                          C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                          0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                          0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                       0x36 0x26 0x2D 0x70 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                            
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                 0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                              0xF7 0x17 0x70 0x86 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                         0xDE 0x17 0x92 0xC5 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                                                                    
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL                                                                    90F28113CE8C7EE6F5A97D46A38B23475927727C401C6EED492DCE49BC67821FFC987C5F2E386BF1F864E2101425A3C151F9EEA55E07ABE56E4B36017C42B0C167CDA3158360431E7332B6A5DE779D57D9F950DE90657ADA065416B908D0F7729CD2D8AF8389155EA6661BBDFEAFB2C84E2F1BBCBB282B7A27247103CDE7FAEA09F842DA450FF39CFC67F8C1574A85CBB0391685A99294E58C2E13A2A1325E5A422ACA78C29D753400B379D1AA9ABC092647CE3687BD8D349278870F37AB4D63FD5F9F1EDD37B3F3E15A0D3F2248069D769F147C6893F1EF3C1D9F762AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D1407FEBC9E127BECC74CEC37D480C4D13F1BBD87DCBB5CE6D59A9FBFAAB943575584ADB92D3B03932D3921C878678A3E4B7F888C3F558189F55CCDE0A12585AB04EF1649C7AC20D4626DDF80D03320446798840A0C38B062F9DAFCD908CFD4757FE8788AEF0F1ED727EBC824B20343CB7CCE98F3063D7CDA488AF3712F6D38BECA092233218E19E73C19CC7A669CC403A3F07944E1E2899E7840CF70D7D44AD69AD0B580CBFA4013143EB44E2A688B572E30B3F3CB4B159F58B602A63B813B4ED7A428AD5348D82ED3851AF0AEF40F7F1FA1A808DFBBE992E68CCD620
 
---- Disk sectors - GMER 1.0.15 ----
 
Disk            \Device\Harddisk0\DR0                                                                                                                                    sectors 488394799 (+254): rootkit-like behavior; 
 
---- Files - GMER 1.0.15 ----
 
File            C:\Windows\system32\drivers\afd.sys                                                                                                                      suspicious modification; TDL3                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     <-- ROOTKIT !!!
 
---- EOF - GMER 1.0.15 ----

--- --- ---

kann gerade irgendwie das otl file nicht posten...die antowrterstellung funktioniert nicht wenn ich das file reinkopiere...woran kann das liegen?

hxxp://uploaded.to/file/jwut5v
hab das otl file mal hochgeladen...vielen dank für deine/eure hilfeOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.02.2011 21:53:12 - Run 3
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Snapshot\Desktop\MFTools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,74 Gb Total Space | 46,70 Gb Free Space | 67,93% Space Free | Partition Type: NTFS
Drive D: | 50,01 Gb Total Space | 19,02 Gb Free Space | 38,03% Space Free | Partition Type: NTFS
Drive E: | 114,14 Gb Total Space | 39,43 Gb Free Space | 34,54% Space Free | Partition Type: NTFS
 
Computer Name: SNAPSHOT-PC | User Name: Snapshot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Snapshot\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - D:\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Snapshot\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Internet Explorer\ieproxy.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\StructuredQuery.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\srvcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\slc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SearchFolder.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\RpcRtRemote.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptsp.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\actxprxy.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TeamViewer5) --  File not found
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (postgresql-8.4) -- D:\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (xusb21) -- C:\Windows\System32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation                                            )
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (CLEDX) -- C:\Windows\System32\drivers\cledx.sys (Team H2O)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 FC 8D E1 22 60 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {DD232FC9-CEF8-4477-B24E-608D284A09C8}:1.9.1
FF - prefs.js..extensions.enabledItems: {80D142C9-76DE-4C50-A57C-7FBFCB8666EB}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{83DEA7B3-5F29-4BF8-971A-4CA86AEEC008}: C:\Users\Snapshot\AppData\Local\{83DEA7B3-5F29-4BF8-971A-4CA86AEEC008}
FF - HKLM\software\mozilla\Firefox\Extensions\\{DD232FC9-CEF8-4477-B24E-608D284A09C8}: C:\Users\Snapshot\AppData\Local\{DD232FC9-CEF8-4477-B24E-608D284A09C8} [2010.12.01 22:04:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{80D142C9-76DE-4C50-A57C-7FBFCB8666EB}: C:\Windows\system32\config\systemprofile\AppData\Local\{80D142C9-76DE-4C50-A57C-7FBFCB8666EB}\ [2011.02.02 22:16:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.14 21:56:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.14 21:56:00 | 000,000,000 | ---D | M]
 
[2009.11.08 04:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snapshot\AppData\Roaming\mozilla\Extensions
[2011.02.16 21:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snapshot\AppData\Roaming\mozilla\Firefox\Profiles\rmejjtr4.default\extensions
[2011.01.03 19:50:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Snapshot\AppData\Roaming\mozilla\Firefox\Profiles\rmejjtr4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.29 15:39:29 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Snapshot\AppData\Roaming\mozilla\Firefox\Profiles\rmejjtr4.default\extensions\vshare@toolbar
[2011.02.14 08:13:40 | 000,000,961 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\rmejjtr4.default\searchplugins\icqplugin-1.xml
[2010.12.14 21:56:09 | 000,000,961 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\rmejjtr4.default\searchplugins\icqplugin-2.xml
[2011.01.03 19:38:54 | 000,000,961 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\rmejjtr4.default\searchplugins\icqplugin-3.xml
[2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\rmejjtr4.default\searchplugins\icqplugin.xml
[2011.02.16 21:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.22 09:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009.11.22 21:40:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.07.22 09:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.12.01 22:04:29 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\SNAPSHOT\APPDATA\LOCAL\{DD232FC9-CEF8-4477-B24E-608D284A09C8}
[2011.02.02 22:16:53 | 000,000,000 | ---D | M] (XULRunner) -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\{80D142C9-76DE-4C50-A57C-7FBFCB8666EB}
[2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
[2010.09.09 20:28:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.09 20:28:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.09 20:28:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.09 20:28:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.09 20:28:42 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.27 16:41:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Users\Snapshot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} -  File not found
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\plOrkBAG\dnkiodqv.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dvdpopen - (C:\Windows\system32\forficli.dll) -  File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.16 21:39:51 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.02.16 21:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.02.16 21:24:06 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\Desktop\MFTools
[2011.02.14 20:57:23 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\Real
[2011.02.14 19:05:58 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\IrfanView
[2011.01.27 22:31:32 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011.01.27 17:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
[2011.01.21 19:02:55 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Local\CPN
[2011.01.21 19:02:51 | 000,000,000 | ---D | C] -- C:\Programme\Cake Poker 2.0
[2011.01.20 00:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Manager
[2011.01.20 00:28:51 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\Absolute Poker
[2011.01.20 00:26:59 | 000,000,000 | ---D | C] -- C:\Programme\PokerStars
[2011.01.18 17:38:39 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\Roaming
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.16 21:39:54 | 000,001,074 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.02.16 21:39:51 | 000,000,894 | ---- | M] () -- C:\Users\Snapshot\Desktop\NTREGOPT.lnk
[2011.02.16 21:39:51 | 000,000,875 | ---- | M] () -- C:\Users\Snapshot\Desktop\ERUNT.lnk
[2011.02.16 21:33:22 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.16 21:33:22 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.16 21:28:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.16 21:27:59 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.16 21:27:01 | 000,000,176 | ---- | M] () -- C:\Users\Snapshot\defogger_reenable
[2011.02.16 21:24:25 | 000,296,448 | ---- | M] () -- C:\Users\Snapshot\Desktop\g2m3e4r.exe
[2011.02.16 21:24:24 | 000,050,477 | ---- | M] () -- C:\Users\Snapshot\Desktop\defogger.exe
[2011.02.16 16:20:49 | 000,079,300 | ---- | M] () -- C:\Users\Snapshot\Desktop\IMG_0030.JPG
[2011.02.14 19:03:33 | 000,066,973 | ---- | M] () -- C:\Users\Snapshot\Desktop\IMG_0031.JPG
[2011.02.14 18:54:36 | 001,626,367 | ---- | M] () -- C:\Users\Snapshot\Desktop\IMG_0024.JPG
[2011.02.14 18:23:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.02.03 19:23:44 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.03 19:23:44 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.03 19:23:44 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.03 19:23:44 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.03 17:37:01 | 000,000,000 | ---- | M] () -- C:\Users\Snapshot\AppData\Local\Fvoxo.bin
[2011.02.01 01:41:52 | 000,304,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.01.31 16:14:48 | 006,754,288 | ---- | M] () -- C:\Users\Snapshot\Desktop\Ondy - Show Remix prod. by Snapshot.mp3
[2011.01.27 17:11:56 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2011.01.20 00:44:10 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\HoldemManager.lnk
 
========== Files Created - No Company Name ==========
 
[2011.02.16 21:39:54 | 000,001,074 | ---- | C] () -- C:\Users\Snapshot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.02.16 21:39:51 | 000,000,894 | ---- | C] () -- C:\Users\Snapshot\Desktop\NTREGOPT.lnk
[2011.02.16 21:39:51 | 000,000,875 | ---- | C] () -- C:\Users\Snapshot\Desktop\ERUNT.lnk
[2011.02.16 21:26:44 | 000,000,176 | ---- | C] () -- C:\Users\Snapshot\defogger_reenable
[2011.02.16 21:24:24 | 000,296,448 | ---- | C] () -- C:\Users\Snapshot\Desktop\g2m3e4r.exe
[2011.02.16 21:24:23 | 000,050,477 | ---- | C] () -- C:\Users\Snapshot\Desktop\defogger.exe
[2011.02.14 19:03:33 | 000,079,300 | ---- | C] () -- C:\Users\Snapshot\Desktop\IMG_0030.JPG
[2011.02.14 19:03:33 | 000,066,973 | ---- | C] () -- C:\Users\Snapshot\Desktop\IMG_0031.JPG
[2011.02.14 18:54:36 | 001,626,367 | ---- | C] () -- C:\Users\Snapshot\Desktop\IMG_0024.JPG
[2011.02.14 18:23:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.01.27 17:11:56 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2011.01.20 00:44:10 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\HoldemManager.lnk
[2010.12.21 18:05:30 | 000,000,171 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.12.01 22:04:30 | 000,000,120 | ---- | C] () -- C:\Users\Snapshot\AppData\Local\Knomiweloha.dat
[2010.12.01 22:04:30 | 000,000,000 | ---- | C] () -- C:\Users\Snapshot\AppData\Local\Fvoxo.bin
[2010.10.11 17:11:04 | 000,000,000 | ---- | C] () -- C:\Users\Snapshot\AppData\Local\googleupdate.log
[2010.07.28 18:44:44 | 000,000,032 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2010.05.03 21:01:47 | 000,023,552 | ---- | C] () -- C:\Users\Snapshot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.06 16:43:24 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.03.06 16:43:24 | 000,138,056 | ---- | C] () -- C:\Users\Snapshot\AppData\Roaming\PnkBstrK.sys
[2009.12.05 20:19:29 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS5y.DLL
[2009.11.22 15:04:35 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.11.09 17:46:07 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009.10.31 02:56:44 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.08.16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
 
========== LOP Check ==========
 
[2011.01.20 00:29:19 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Absolute Poker
[2010.10.17 12:16:59 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Amazon
[2010.04.12 22:40:48 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Azureus
[2011.01.06 17:31:54 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Bawir
[2011.01.15 15:57:44 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Canneverbe Limited
[2009.11.08 19:42:46 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\DAEMON Tools Lite
[2010.12.22 13:16:29 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Elaluq
[2010.01.18 22:25:40 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\FOG Downloader
[2011.02.16 16:18:46 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\HEM Data
[2011.02.16 21:17:47 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\ICQ
[2011.02.14 19:18:15 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\IrfanView
[2010.12.30 16:42:19 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Ismil
[2011.01.06 12:10:56 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Mefyyf
[2010.12.22 12:16:23 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Miez
[2010.12.21 17:54:39 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Odil
[2010.12.30 15:53:40 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Ormees
[2011.01.16 22:01:55 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\PacificPoker
[2010.07.15 12:43:32 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\postgresql
[2009.11.15 12:55:16 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\ProtectDisc
[2011.01.18 17:38:39 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Roaming
[2010.05.08 09:52:07 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\runic games
[2010.11.10 18:42:18 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Steinberg
[2010.09.09 15:14:28 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\TeamViewer
[2010.12.21 18:47:24 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Tulol
[2010.09.24 14:06:58 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\UB
[2011.01.08 13:01:20 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\uTorrent
[2009.11.08 16:23:29 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Win7codecs
[2011.02.15 19:40:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.12.20 16:14:29 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.12.05 20:19:28 | 000,000,000 | -H-D | M] -- C:\BJPrinter
[2009.11.08 04:10:41 | 000,000,000 | ---D | M] -- C:\Boot
[2010.12.02 15:28:00 | 000,000,000 | -H-D | M] -- C:\bumbumbumx.exe
[2009.11.08 04:19:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.01.12 16:38:42 | 000,000,000 | ---D | M] -- C:\HMArchive
[2011.02.16 16:23:27 | 000,000,000 | -H-D | M] -- C:\kfdpfsdfusr
[2009.11.14 16:12:28 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009.11.08 04:35:57 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.02.08 13:57:06 | 000,000,000 | ---D | M] -- C:\Poker
[2011.02.16 21:39:51 | 000,000,000 | R--D | M] -- C:\Programme
[2011.02.03 19:42:25 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.11.08 04:19:52 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.04.10 11:40:55 | 000,000,000 | ---D | M] -- C:\Programs
[2010.07.27 16:42:24 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.10.11 20:00:12 | 000,000,000 | ---D | M] -- C:\Recovery
[2011.02.10 19:06:34 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.02.08 10:36:50 | 000,000,000 | ---D | M] -- C:\Temp
[2009.11.08 13:42:07 | 000,000,000 | R--D | M] -- C:\Users
[2010.01.19 13:16:08 | 000,000,000 | ---D | M] -- C:\VivoxLogs
[2011.02.01 01:40:11 | 000,000,000 | ---D | M] -- C:\Windows
[2010.08.10 13:11:39 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID

< End of report >

--- --- ---

M-K-D-B · 17.02.2011, 17:31

Hallo RealSnapshot,

Schritt # 1: Hinweise
Bitte beachte folgende Hinweise für zukünftige Antworten:

Wenn du ein Logfile (z.B. bei OTL) nicht auf einmal einfügen kannst, so teile das Logfile auf mehrere Posts auf.
Bitte lies die Anleitungen genau durch und befolge sie auch dementsprechend. Ich hatte auch nach der Datei Extras.txt von OTL verlangt. Diese wurde allerdings nicht erstellt, da du OTL ohne ein Wort zu sagen, bereits zuvor hast laufen lassen.

Schritt # 2: Peer to Peer oder Filesharing Programme
Ich sehe das Du sogenannte Peer to Peer oder Filesharing Programme verwendest.

In deinem Fall Azureus und uTorrent .

Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen.

Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und ist auch ein Grund warum sich Malware so schnell verbreitet.
Es ist also möglich, dass Du Dir eine Infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äusserster Vorsicht benutzt werden.

Ein ebenfalls wichtiger Punkt ist, dass das verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt.
Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office.
Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden.
Bitte gehe zu

Start --> Systemsteuerung --> Software

und deinstalliere die oben genannte Software.

Bitte sag bescheid wenn Du eines der gelisteten Programme nicht finden kannst.

Schritt # 3: TDSS Killer ausführen
Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.

Schließe alle laufenden Programme.
Trenne dich von Internet.
Deaktiviere deine AntiViren Software.
Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Drücke auf Start scan.
Mache während dem Scan nichts am Rechner
1. Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
2. Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
  Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.
Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
Bitte poste mir den Inhalt hier in deinen Thread.

Schritt # 4: Löschen von Google Umleitungen mit GooredFix
Downloade dir bitte GooredFix.exe auf Deinem Desktop.

Schliesse bitte alle laufenden Programme inklusive Browser.
Doppelklick auf die .exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Schließe nun den Firefox falls geöffnet
Bestätige die Frage mit Ja.
Klicke auf weiter.
Wenn der Scan beendet wurde, erstellt das Tool eine GooredLog.
Diese ist auch auf Deinem Desktop zu finden.

Poste mir bitte den Inhalt der GooredLog.txt

Schritt # 5: ComboFix umbenannt ausführen

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von dem aufgeführten Link herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

BleepingComputer - InfoSpyware

Firefox User:
Bitte folgende Einstellung vornehmen. Extras --> Einstellungen --> Reiter Allgemein und hacke
Jedesmal nachfragen wo eine Datei gespeichert werden soll an. Übernehmen --> OK.

**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
- Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
- Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

Schritt # 6: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile des TDSS Killers ,

das Logfile von GooredFix und

das Logfile von ComboFix.

RealSnapshot · 17.02.2011, 17:45

2011/02/17 17:39:56.0068 2220 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/17 17:39:56.0388 2220 ================================================================================
2011/02/17 17:39:56.0388 2220 SystemInfo:
2011/02/17 17:39:56.0388 2220
2011/02/17 17:39:56.0388 2220 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/17 17:39:56.0388 2220 Product type: Workstation
2011/02/17 17:39:56.0388 2220 ComputerName: SNAPSHOT-PC
2011/02/17 17:39:56.0388 2220 UserName: Snapshot
2011/02/17 17:39:56.0388 2220 Windows directory: C:\Windows
2011/02/17 17:39:56.0388 2220 System windows directory: C:\Windows
2011/02/17 17:39:56.0388 2220 Processor architecture: Intel x86
2011/02/17 17:39:56.0388 2220 Number of processors: 2
2011/02/17 17:39:56.0388 2220 Page size: 0x1000
2011/02/17 17:39:56.0388 2220 Boot type: Normal boot
2011/02/17 17:39:56.0388 2220 ================================================================================
2011/02/17 17:39:56.0728 2220 Initialize success
2011/02/17 17:40:03.0988 1264 ================================================================================
2011/02/17 17:40:03.0988 1264 Scan started
2011/02/17 17:40:03.0988 1264 Mode: Manual;
2011/02/17 17:40:03.0988 1264 ================================================================================
2011/02/17 17:40:05.0388 1264 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/17 17:40:05.0408 1264 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/17 17:40:05.0448 1264 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/17 17:40:05.0538 1264 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/17 17:40:05.0568 1264 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/17 17:40:05.0608 1264 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/17 17:40:05.0658 1264 AFD (4ef3e20f44905b7f8f0565aec86f64d3) C:\Windows\system32\drivers\afd.sys
2011/02/17 17:40:05.0658 1264 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 4ef3e20f44905b7f8f0565aec86f64d3, Fake md5: ddc040fdb01ef1712a6b13e52afb104c
2011/02/17 17:40:05.0658 1264 AFD - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/02/17 17:40:05.0698 1264 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/17 17:40:05.0738 1264 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/02/17 17:40:05.0758 1264 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/17 17:40:05.0788 1264 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/02/17 17:40:05.0798 1264 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/17 17:40:05.0838 1264 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/17 17:40:05.0868 1264 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/17 17:40:05.0908 1264 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/17 17:40:05.0928 1264 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/17 17:40:05.0948 1264 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/17 17:40:05.0998 1264 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/02/17 17:40:06.0058 1264 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/02/17 17:40:06.0088 1264 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/17 17:40:06.0108 1264 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/17 17:40:06.0138 1264 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/17 17:40:06.0188 1264 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/02/17 17:40:06.0228 1264 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/02/17 17:40:06.0248 1264 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
2011/02/17 17:40:06.0308 1264 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/02/17 17:40:06.0348 1264 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/02/17 17:40:06.0398 1264 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/02/17 17:40:06.0448 1264 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/17 17:40:06.0498 1264 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/17 17:40:06.0528 1264 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/17 17:40:06.0548 1264 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/17 17:40:06.0588 1264 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/02/17 17:40:06.0618 1264 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/17 17:40:06.0638 1264 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/17 17:40:06.0658 1264 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/17 17:40:06.0688 1264 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/17 17:40:06.0738 1264 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/17 17:40:06.0768 1264 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/17 17:40:06.0830 1264 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/17 17:40:06.0877 1264 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\Windows\system32\DRIVERS\cledx.sys
2011/02/17 17:40:06.0924 1264 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/02/17 17:40:06.0955 1264 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/17 17:40:06.0971 1264 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/17 17:40:07.0002 1264 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/02/17 17:40:07.0033 1264 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/17 17:40:07.0064 1264 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/17 17:40:07.0127 1264 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/17 17:40:07.0158 1264 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/02/17 17:40:07.0236 1264 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/02/17 17:40:07.0283 1264 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/02/17 17:40:07.0345 1264 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/02/17 17:40:07.0392 1264 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/02/17 17:40:07.0439 1264 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/17 17:40:07.0517 1264 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/17 17:40:07.0610 1264 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/02/17 17:40:07.0735 1264 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/17 17:40:07.0782 1264 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/17 17:40:07.0813 1264 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/02/17 17:40:07.0875 1264 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/02/17 17:40:07.0938 1264 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/17 17:40:07.0969 1264 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/02/17 17:40:07.0985 1264 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/02/17 17:40:08.0016 1264 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/17 17:40:08.0063 1264 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/02/17 17:40:08.0125 1264 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/02/17 17:40:08.0156 1264 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/17 17:40:08.0187 1264 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/17 17:40:08.0234 1264 FWLANUSB (ff12fa487265da2ac7de4be53f72ff1a) C:\Windows\system32\DRIVERS\fwlanusb.sys
2011/02/17 17:40:08.0265 1264 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/17 17:40:08.0281 1264 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/17 17:40:08.0343 1264 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/02/17 17:40:08.0390 1264 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/17 17:40:08.0406 1264 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/17 17:40:08.0437 1264 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/17 17:40:08.0468 1264 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/17 17:40:08.0531 1264 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/17 17:40:08.0593 1264 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/17 17:40:08.0624 1264 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/02/17 17:40:08.0702 1264 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/17 17:40:08.0733 1264 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/17 17:40:08.0780 1264 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/17 17:40:08.0811 1264 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/17 17:40:08.0843 1264 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/17 17:40:08.0874 1264 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/17 17:40:08.0905 1264 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/17 17:40:08.0936 1264 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/17 17:40:08.0967 1264 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/02/17 17:40:08.0999 1264 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/02/17 17:40:09.0014 1264 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/17 17:40:09.0045 1264 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/17 17:40:09.0077 1264 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/17 17:40:09.0123 1264 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/17 17:40:09.0186 1264 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/17 17:40:09.0217 1264 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/17 17:40:09.0264 1264 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/17 17:40:09.0311 1264 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/17 17:40:09.0342 1264 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/17 17:40:09.0357 1264 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/17 17:40:09.0389 1264 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/17 17:40:09.0420 1264 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/02/17 17:40:09.0467 1264 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/17 17:40:09.0498 1264 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/17 17:40:09.0545 1264 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/02/17 17:40:09.0576 1264 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/17 17:40:09.0607 1264 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/17 17:40:09.0669 1264 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/17 17:40:09.0701 1264 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/02/17 17:40:09.0732 1264 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/17 17:40:09.0747 1264 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/17 17:40:09.0779 1264 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/02/17 17:40:09.0825 1264 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/17 17:40:09.0888 1264 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/17 17:40:09.0935 1264 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/17 17:40:09.0981 1264 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/17 17:40:10.0013 1264 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/17 17:40:10.0044 1264 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/02/17 17:40:10.0091 1264 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/17 17:40:10.0106 1264 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/17 17:40:10.0153 1264 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/17 17:40:10.0184 1264 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/17 17:40:10.0200 1264 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/02/17 17:40:10.0231 1264 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/02/17 17:40:10.0262 1264 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/17 17:40:10.0278 1264 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/02/17 17:40:10.0309 1264 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/17 17:40:10.0325 1264 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/02/17 17:40:10.0387 1264 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/17 17:40:10.0465 1264 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/02/17 17:40:10.0496 1264 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/17 17:40:10.0527 1264 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/17 17:40:10.0590 1264 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/17 17:40:10.0637 1264 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/17 17:40:10.0699 1264 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/02/17 17:40:10.0730 1264 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/17 17:40:10.0793 1264 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/17 17:40:10.0871 1264 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/17 17:40:10.0933 1264 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/02/17 17:40:10.0980 1264 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/17 17:40:11.0058 1264 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/02/17 17:40:11.0105 1264 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/02/17 17:40:11.0370 1264 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/17 17:40:11.0729 1264 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/17 17:40:11.0744 1264 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/17 17:40:11.0791 1264 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/17 17:40:11.0822 1264 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/17 17:40:11.0869 1264 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/02/17 17:40:11.0916 1264 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/02/17 17:40:11.0947 1264 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/02/17 17:40:11.0978 1264 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/02/17 17:40:12.0009 1264 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/17 17:40:12.0041 1264 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/17 17:40:12.0056 1264 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/02/17 17:40:12.0087 1264 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/02/17 17:40:12.0306 1264 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/17 17:40:12.0337 1264 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/02/17 17:40:12.0384 1264 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/17 17:40:12.0446 1264 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/17 17:40:12.0509 1264 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/17 17:40:12.0540 1264 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/17 17:40:12.0555 1264 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/17 17:40:12.0587 1264 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/17 17:40:12.0649 1264 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/17 17:40:12.0711 1264 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/17 17:40:12.0743 1264 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/17 17:40:12.0789 1264 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/17 17:40:12.0836 1264 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/17 17:40:12.0883 1264 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/17 17:40:12.0914 1264 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/02/17 17:40:12.0945 1264 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/17 17:40:12.0992 1264 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/17 17:40:13.0039 1264 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/02/17 17:40:13.0101 1264 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/02/17 17:40:13.0179 1264 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/17 17:40:13.0226 1264 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/02/17 17:40:13.0273 1264 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/02/17 17:40:13.0304 1264 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/17 17:40:13.0335 1264 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/17 17:40:13.0382 1264 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/17 17:40:13.0460 1264 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/17 17:40:13.0507 1264 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/02/17 17:40:13.0538 1264 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/17 17:40:13.0569 1264 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/17 17:40:13.0601 1264 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/17 17:40:13.0632 1264 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/17 17:40:13.0647 1264 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/17 17:40:13.0679 1264 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/02/17 17:40:13.0710 1264 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/17 17:40:13.0741 1264 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/17 17:40:13.0772 1264 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/02/17 17:40:13.0819 1264 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/02/17 17:40:13.0897 1264 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/02/17 17:40:13.0944 1264 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/17 17:40:13.0991 1264 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/17 17:40:14.0037 1264 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/17 17:40:14.0100 1264 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/02/17 17:40:14.0162 1264 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/17 17:40:14.0209 1264 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/02/17 17:40:14.0225 1264 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/02/17 17:40:14.0256 1264 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/17 17:40:14.0349 1264 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/02/17 17:40:14.0427 1264 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/17 17:40:14.0459 1264 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/17 17:40:14.0490 1264 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/02/17 17:40:14.0521 1264 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/02/17 17:40:14.0552 1264 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/17 17:40:14.0599 1264 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/17 17:40:14.0677 1264 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/17 17:40:14.0724 1264 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/17 17:40:14.0739 1264 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/17 17:40:14.0771 1264 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/17 17:40:14.0817 1264 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/17 17:40:14.0849 1264 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/17 17:40:14.0911 1264 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/17 17:40:14.0973 1264 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/02/17 17:40:15.0020 1264 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/17 17:40:15.0083 1264 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/17 17:40:15.0114 1264 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/17 17:40:15.0145 1264 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/17 17:40:15.0223 1264 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/17 17:40:15.0254 1264 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/17 17:40:15.0285 1264 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/17 17:40:15.0301 1264 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/17 17:40:15.0379 1264 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/17 17:40:15.0410 1264 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/17 17:40:15.0426 1264 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/02/17 17:40:15.0473 1264 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/17 17:40:15.0519 1264 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/02/17 17:40:15.0535 1264 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/02/17 17:40:15.0566 1264 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/17 17:40:15.0597 1264 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/02/17 17:40:15.0613 1264 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/02/17 17:40:15.0644 1264 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/17 17:40:15.0675 1264 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/02/17 17:40:15.0707 1264 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/17 17:40:15.0753 1264 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/17 17:40:15.0769 1264 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/02/17 17:40:15.0816 1264 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/17 17:40:15.0847 1264 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/17 17:40:15.0878 1264 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/17 17:40:15.0925 1264 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/02/17 17:40:15.0956 1264 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/17 17:40:16.0019 1264 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/17 17:40:16.0050 1264 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/02/17 17:40:16.0128 1264 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/02/17 17:40:16.0159 1264 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/17 17:40:16.0221 1264 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/17 17:40:16.0253 1264 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/02/17 17:40:16.0315 1264 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/17 17:40:16.0377 1264 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
2011/02/17 17:40:16.0424 1264 ================================================================================
2011/02/17 17:40:16.0424 1264 Scan finished
2011/02/17 17:40:16.0424 1264 ================================================================================
2011/02/17 17:40:16.0424 3964 Detected object count: 1
2011/02/17 17:40:37.0843 3964 AFD (4ef3e20f44905b7f8f0565aec86f64d3) C:\Windows\system32\drivers\afd.sys
2011/02/17 17:40:37.0843 3964 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 4ef3e20f44905b7f8f0565aec86f64d3, Fake md5: ddc040fdb01ef1712a6b13e52afb104c
2011/02/17 17:40:38.0015 3964 Backup copy found, using it..
2011/02/17 17:40:38.0046 3964 C:\Windows\system32\drivers\afd.sys - will be cured after reboot
2011/02/17 17:40:38.0046 3964 Rootkit.Win32.TDSS.tdl3(AFD) - User select action: Cure
2011/02/17 17:40:41.0961 0204 Deinitialize success

RealSnapshot · 17.02.2011, 17:48

Goored stürzt leider sekunden nach dem starten ab

RealSnapshot · 17.02.2011, 17:59

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-02-16.05 - Snapshot 17.02.2011  17:51:52.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2046.1306 [GMT 1:00]
ausgeführt von:: c:\users\Snapshot\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bumbumbumx.exe
c:\bumbumbumx.exe\config.bin
c:\programdata\Desktop
c:\users\Snapshot\AppData\Roaming\Adobe\AdobeUpdate .exe
c:\users\Snapshot\AppData\Roaming\Adobe\plugs
c:\users\Snapshot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Win Defragmenter
c:\users\Snapshot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Win Defragmenter\Uninstall Win Defragmenter.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\AdobeUpdate .exe
c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\plugs
c:\windows\system32\msvcsv60.dll
c:\windows\system32\test.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2011-01-17 bis 2011-02-17  ))))))))))))))))))))))))))))))
.

2011-02-16 20:39 . 2011-02-16 20:39	--------	d-----w-	c:\program files\ERUNT
2011-02-14 18:05 . 2011-02-14 18:18	--------	d-----w-	c:\users\Snapshot\AppData\Roaming\IrfanView
2011-02-01 00:39 . 2010-10-16 04:34	573440	----a-w-	c:\windows\system32\odbc32.dll
2011-02-01 00:39 . 2010-10-16 04:33	372736	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2011-02-01 00:39 . 2010-10-16 04:33	352256	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2011-02-01 00:39 . 2010-10-16 04:33	987136	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2011-02-01 00:39 . 2010-10-16 04:33	208896	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2011-02-01 00:28 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{808CACE0-A12C-4B2D-BF17-5BCB061E18EC}\mpengine.dll
2011-01-21 18:02 . 2011-01-21 18:02	--------	d-----w-	c:\users\Snapshot\AppData\Local\CPN
2011-01-21 18:02 . 2011-02-10 15:41	--------	d---a-w-	c:\program files\Cake Poker 2.0
2011-01-19 23:28 . 2011-01-19 23:29	--------	d-----w-	c:\users\Snapshot\AppData\Roaming\Absolute Poker
2011-01-19 23:26 . 2011-01-25 18:10	--------	d-----w-	c:\program files\PokerStars

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-17 16:41 . 2009-07-13 23:12	338944	----a-w-	c:\windows\system32\drivers\afd.sys
2011-02-03 16:37 . 2010-12-01 21:04	0	----a-w-	c:\users\Snapshot\AppData\Local\Fvoxo.bin
2011-02-02 21:16 . 2010-12-20 15:14	0	----a-w-	c:\windows\system32\config\systemprofile\AppData\Local\Fvoxo.bin
2010-12-21 18:06 . 2010-12-21 18:06	338944	----a-w-	c:\windows\system32\drivers\piyyccuw.sys
2010-12-20 17:09 . 2010-07-27 16:20	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-07-27 16:20	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2009-05-07 1904640]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

c:\users\Snapshot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-27 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [2009-01-08 187456]
S2 postgresql-8.4;PostgreSQL Server 8.4;D:/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D D:/PostgreSQL/8.4/data -w [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2009-05-07 265088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
FF - ProfilePath - c:\users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\rmejjtr4.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKU-Default-Run-poihshhshs.exe - c:\poihshhshs.exe\poihshhshs.exe
HKU-Default-Run-jleEjKNDDi.exe - c:\programdata\jleEjKNDDi.exe
SafeBoot-klmdb.sys



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="D:/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"D:/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="D:/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"D:/PostgreSQL/8.4/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3317371749-1309394021-977734300-1001\Software\SecuROM\License information*]
"datasecu"=hex:7d,9b,13,77,c8,6e,6a,bf,ac,1a,b4,cf,15,4c,81,0a,2f,81,fd,0e,36,
   cb,19,73,19,99,c6,f4,4c,a4,42,a0,19,30,72,3a,37,4e,da,34,51,ad,b6,74,f0,dc,\
"rkeysecu"=hex:45,a9,36,54,d5,35,20,2d,c8,20,51,00,5b,85,0a,5d

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-02-17  17:59:12
ComboFix-quarantined-files.txt  2011-02-17 16:59

Vor Suchlauf: 15 Verzeichnis(se), 50.307.399.680 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 50.160.521.216 Bytes frei

- - End Of File - - 257CA5756A0DE032C3D952A46BD19A37

--- --- ---

M-K-D-B · 18.02.2011, 14:06

Hallo RealSnapshot,

Schritt # 1: Kontrolle mit VirusTotal
Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Durchsuchen
Kopiere nun folgendes in die Suchleiste.
Code:
ATTFilter
```
c:\windows\system32\drivers\piyyccuw.sys
         
```
und klicke auf Öffnen.
Klicke auf Send File.

Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.

klicke auf Reanalyse.
Warte bis unter Current status: Finished steht.

Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Schritt # 2: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Ergebnis von VirusTotal.

RealSnapshot · 19.02.2011, 02:13

hxxp://www.virustotal.com/file-scan/report.html?id=bf17e91bbb85a04f1eef580cd006101332cde5b876a0d04c6932f30707bb184f-1298077467

M-K-D-B · 19.02.2011, 12:45

Hallo RealSnapshot,

Schritt # 1: CFScript mit ComboFix ausführen
Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

http://www.trojaner-board.de/95746-trojaner-immer-wieder.html#post621531

Driver::
piyyccuw

File::
C:\Users\Snapshot\AppData\Local\Fvoxo.bin
c:\windows\system32\config\systemprofile\AppData\Local\Fvoxo.bin
c:\windows\system32\drivers\piyyccuw.sys

Collect::
C:\Users\Snapshot\AppData\Local\Knomiweloha.dat
c:\programdata\jleEjKNDDi.exe

Folder::
C:\Users\Snapshot\AppData\Local\{83DEA7B3-5F29-4BF8-971A-4CA86AEEC008}
C:\Users\Snapshot\AppData\Local\{DD232FC9-CEF8-4477-B24E-608D284A09C8}
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\{80D142C9-76DE-4C50-A57C-7FBFCB8666EB}
C:\Program Files\plOrkBAG
c:\poihshhshs.exe
C:\kfdpfsdfusr 

Registry::
[HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions]
"{83DEA7B3-5F29-4BF8-971A-4CA86AEEC008}" =-
"{DD232FC9-CEF8-4477-B24E-608D284A09C8}" =-
"{80D142C9-76DE-4C50-A57C-7FBFCB8666EB}" =-

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Schritt # 2: Systemscan mit OTL

Starte bitte OTL.exe.
Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt # 3: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile von ComboFix und

die beiden Logfiles von OTL (OTL.txt und Extras.txt).

RealSnapshot · 20.02.2011, 18:52

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-02-19.02 - Snapshot 20.02.2011  18:43:25.3.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2046.1335 [GMT 1:00]
ausgeführt von:: c:\users\Snapshot\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Snapshot\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt

FILE ::
"c:\users\Snapshot\AppData\Local\Fvoxo.bin"
"c:\windows\system32\config\systemprofile\AppData\Local\Fvoxo.bin"
"c:\windows\system32\drivers\piyyccuw.sys"

file zipped: c:\users\Snapshot\AppData\Local\Knomiweloha.dat
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kfdpfsdfusr
c:\kfdpfsdfusr\config.bin
c:\users\Snapshot\AppData\Local\Fvoxo.bin
c:\users\Snapshot\AppData\Local\Knomiweloha.dat
c:\windows\system32\config\systemprofile\AppData\Local\Fvoxo.bin
c:\windows\system32\drivers\piyyccuw.sys

.
(((((((((((((((((((((((   Dateien erstellt von 2011-01-20 bis 2011-02-20  ))))))))))))))))))))))))))))))
.

2011-02-20 17:49 . 2011-02-20 17:49	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-02-20 17:49 . 2011-02-20 17:49	--------	d-----w-	c:\users\Public\AppData\Local\temp
2011-02-20 17:49 . 2011-02-20 17:49	--------	d-----w-	c:\users\postgres\AppData\Local\temp
2011-02-20 17:49 . 2011-02-20 17:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-02-18 20:03 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E92418ED-C513-4164-B99A-659CA62542E4}\mpengine.dll
2011-02-16 20:39 . 2011-02-16 20:39	--------	d-----w-	c:\program files\ERUNT
2011-02-14 18:05 . 2011-02-14 18:18	--------	d-----w-	c:\users\Snapshot\AppData\Roaming\IrfanView
2011-02-01 00:39 . 2010-10-16 04:34	573440	----a-w-	c:\windows\system32\odbc32.dll
2011-02-01 00:39 . 2010-10-16 04:33	372736	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2011-02-01 00:39 . 2010-10-16 04:33	352256	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2011-02-01 00:39 . 2010-10-16 04:33	987136	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2011-02-01 00:39 . 2010-10-16 04:33	208896	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2011-01-21 18:02 . 2011-01-21 18:02	--------	d-----w-	c:\users\Snapshot\AppData\Local\CPN
2011-01-21 18:02 . 2011-02-10 15:41	--------	d---a-w-	c:\program files\Cake Poker 2.0

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-17 16:41 . 2009-07-13 23:12	338944	----a-w-	c:\windows\system32\drivers\afd.sys
2011-02-02 16:11 . 2009-10-14 02:21	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-12-20 17:09 . 2010-07-27 16:20	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-07-27 16:20	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2009-05-07 1904640]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

c:\users\Snapshot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-27 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [2009-01-08 187456]
S2 postgresql-8.4;PostgreSQL Server 8.4;D:/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D D:/PostgreSQL/8.4/data -w [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2009-05-07 265088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - CFCATCHME
*Deregistered* - CFcatchme
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
FF - ProfilePath - c:\users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\rmejjtr4.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="D:/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"D:/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="D:/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"D:/PostgreSQL/8.4/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3317371749-1309394021-977734300-1001\Software\SecuROM\License information*]
"datasecu"=hex:7d,9b,13,77,c8,6e,6a,bf,ac,1a,b4,cf,15,4c,81,0a,2f,81,fd,0e,36,
   cb,19,73,19,99,c6,f4,4c,a4,42,a0,19,30,72,3a,37,4e,da,34,51,ad,b6,74,f0,dc,\
"rkeysecu"=hex:45,a9,36,54,d5,35,20,2d,c8,20,51,00,5b,85,0a,5d

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-02-20  18:51:15
ComboFix-quarantined-files.txt  2011-02-20 17:51
ComboFix2.txt  2011-02-17 16:59

Vor Suchlauf: 17 Verzeichnis(se), 50.723.737.600 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 50.574.258.176 Bytes frei

- - End Of File - - 01D6671E9FC6695FE3CD13A6766C3028

--- --- ---

RealSnapshot · 20.02.2011, 18:54

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.02.2011 18:52:53 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Snapshot\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,74 Gb Total Space | 47,16 Gb Free Space | 68,61% Space Free | Partition Type: NTFS
Drive D: | 50,01 Gb Total Space | 18,98 Gb Free Space | 37,95% Space Free | Partition Type: NTFS
Drive E: | 114,14 Gb Total Space | 39,43 Gb Free Space | 34,54% Space Free | Partition Type: NTFS
 
Computer Name: SNAPSHOT-PC | User Name: Snapshot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.02.20 18:52:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Snapshot\Downloads\OTL.exe
PRC - [2011.01.05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.2\ICQ.exe
PRC - [2010.12.14 21:55:59 | 000,910,808 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.08.20 20:45:26 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.07.09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- D:\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009.09.08 08:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- D:\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.05.07 02:01:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2009.05.07 02:01:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.01.08 16:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.02.20 18:52:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Snapshot\Downloads\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (TeamViewer5)
SRV - [2010.07.09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- D:\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.05.07 02:01:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2009.01.08 16:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (catchme)
DRV - [2010.07.27 23:40:47 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.07.09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.12.09 17:35:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.08.13 22:09:58 | 000,060,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM)
DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB)
DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell)
DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) Brother WDM-Treiber (seriell)
DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.13 23:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.07 02:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.03.01 23:05:32 | 000,139,776 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2005.05.09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 FC 8D E1 22 60 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.14 21:56:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.14 21:56:00 | 000,000,000 | ---D | M]
 
[2009.11.08 04:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snapshot\AppData\Roaming\mozilla\Extensions
[2011.02.20 18:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snapshot\AppData\Roaming\mozilla\Firefox\Profiles\rmejjtr4.default\extensions
[2011.01.03 19:50:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Snapshot\AppData\Roaming\mozilla\Firefox\Profiles\rmejjtr4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.29 15:39:29 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Snapshot\AppData\Roaming\mozilla\Firefox\Profiles\rmejjtr4.default\extensions\vshare@toolbar
[2011.02.14 08:13:40 | 000,000,961 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\rmejjtr4.default\searchplugins\icqplugin-1.xml
[2010.12.14 21:56:09 | 000,000,961 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\rmejjtr4.default\searchplugins\icqplugin-2.xml
[2011.01.03 19:38:54 | 000,000,961 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\rmejjtr4.default\searchplugins\icqplugin-3.xml
[2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\rmejjtr4.default\searchplugins\icqplugin.xml
[2011.02.20 18:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.22 09:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009.11.22 21:40:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.07.22 09:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
[2010.09.09 20:28:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.09 20:28:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.09 20:28:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.09 20:28:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.09 20:28:42 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.20 18:49:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Users\Snapshot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} -  File not found
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.20 18:51:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.02.20 18:51:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.02.20 18:41:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.02.20 18:41:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.02.17 23:19:19 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.02.17 23:19:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.02.17 23:19:15 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.02.17 23:19:11 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.17 23:19:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.17 23:19:11 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.17 23:19:11 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.17 23:19:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.02.17 23:19:11 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.17 23:19:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.02.17 23:19:11 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.17 23:19:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.02.17 23:19:10 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.17 23:19:10 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.17 23:19:09 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.02.17 23:19:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.02.17 23:19:08 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.17 23:19:08 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.17 17:49:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.02.17 17:49:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.02.17 17:49:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.02.17 17:46:30 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\Desktop\GooredFix Backups
[2011.02.17 17:46:05 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Snapshot\Desktop\GooredFix.exe
[2011.02.16 22:06:17 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\Desktop\new beats
[2011.02.16 21:39:51 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.02.16 21:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.02.16 21:24:06 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\Desktop\MFTools
[2011.02.14 20:57:23 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\Real
[2011.02.14 19:05:58 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\IrfanView
[2011.02.01 01:39:54 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.27 22:31:32 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011.01.27 17:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
[2011.01.21 19:02:55 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Local\CPN
[2011.01.21 19:02:51 | 000,000,000 | ---D | C] -- C:\Programme\Cake Poker 2.0
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.20 18:49:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.02.20 18:43:16 | 000,001,279 | ---- | M] () -- C:\CF-Submit.htm
[2011.02.20 18:29:07 | 004,271,240 | R--- | M] () -- C:\Users\Snapshot\Desktop\ComboFix.exe
[2011.02.20 18:16:35 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.20 18:16:35 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.20 18:11:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.20 18:11:16 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.18 15:16:31 | 000,304,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.17 17:46:05 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Snapshot\Desktop\GooredFix.exe
[2011.02.17 17:00:27 | 003,145,985 | ---- | M] () -- C:\Users\Snapshot\Desktop\IMG_0032.JPG
[2011.02.17 17:00:04 | 004,121,226 | ---- | M] () -- C:\Users\Snapshot\Desktop\IMG_0033.JPG
[2011.02.16 21:39:54 | 000,001,074 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.02.16 21:39:51 | 000,000,894 | ---- | M] () -- C:\Users\Snapshot\Desktop\NTREGOPT.lnk
[2011.02.16 21:39:51 | 000,000,875 | ---- | M] () -- C:\Users\Snapshot\Desktop\ERUNT.lnk
[2011.02.16 21:27:01 | 000,000,176 | ---- | M] () -- C:\Users\Snapshot\defogger_reenable
[2011.02.16 21:24:25 | 000,296,448 | ---- | M] () -- C:\Users\Snapshot\Desktop\g2m3e4r.exe
[2011.02.16 16:20:49 | 000,079,300 | ---- | M] () -- C:\Users\Snapshot\Desktop\IMG_0030.JPG
[2011.02.14 19:03:33 | 000,066,973 | ---- | M] () -- C:\Users\Snapshot\Desktop\IMG_0031.JPG
[2011.02.14 18:54:36 | 001,626,367 | ---- | M] () -- C:\Users\Snapshot\Desktop\IMG_0024.JPG
[2011.02.14 18:23:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.02.03 19:23:44 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.03 19:23:44 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.03 19:23:44 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.03 19:23:44 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2011.02.20 18:43:16 | 000,001,279 | ---- | C] () -- C:\CF-Submit.htm
[2011.02.20 18:28:44 | 004,271,240 | R--- | C] () -- C:\Users\Snapshot\Desktop\ComboFix.exe
[2011.02.17 17:49:52 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.02.17 17:49:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.02.17 17:49:52 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.02.17 17:49:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.02.17 17:49:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.02.17 17:00:04 | 004,121,226 | ---- | C] () -- C:\Users\Snapshot\Desktop\IMG_0033.JPG
[2011.02.17 17:00:04 | 003,145,985 | ---- | C] () -- C:\Users\Snapshot\Desktop\IMG_0032.JPG
[2011.02.16 21:39:54 | 000,001,074 | ---- | C] () -- C:\Users\Snapshot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.02.16 21:39:51 | 000,000,894 | ---- | C] () -- C:\Users\Snapshot\Desktop\NTREGOPT.lnk
[2011.02.16 21:39:51 | 000,000,875 | ---- | C] () -- C:\Users\Snapshot\Desktop\ERUNT.lnk
[2011.02.16 21:26:44 | 000,000,176 | ---- | C] () -- C:\Users\Snapshot\defogger_reenable
[2011.02.16 21:24:24 | 000,296,448 | ---- | C] () -- C:\Users\Snapshot\Desktop\g2m3e4r.exe
[2011.02.14 19:03:33 | 000,079,300 | ---- | C] () -- C:\Users\Snapshot\Desktop\IMG_0030.JPG
[2011.02.14 19:03:33 | 000,066,973 | ---- | C] () -- C:\Users\Snapshot\Desktop\IMG_0031.JPG
[2011.02.14 18:54:36 | 001,626,367 | ---- | C] () -- C:\Users\Snapshot\Desktop\IMG_0024.JPG
[2011.02.14 18:23:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.12.21 18:05:30 | 000,000,171 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.10.11 17:11:04 | 000,000,000 | ---- | C] () -- C:\Users\Snapshot\AppData\Local\googleupdate.log
[2010.05.03 21:01:47 | 000,023,552 | ---- | C] () -- C:\Users\Snapshot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.06 16:43:24 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.03.06 16:43:24 | 000,138,056 | ---- | C] () -- C:\Users\Snapshot\AppData\Roaming\PnkBstrK.sys
[2009.12.05 20:19:29 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS5y.DLL
[2009.11.22 15:04:35 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.11.09 17:46:07 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009.10.31 02:56:44 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.08.16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID

< End of report >

--- --- ---

RealSnapshot · 20.02.2011, 18:55

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 20.02.2011 18:52:53 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Snapshot\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,74 Gb Total Space | 47,16 Gb Free Space | 68,61% Space Free | Partition Type: NTFS
Drive D: | 50,01 Gb Total Space | 18,98 Gb Free Space | 37,95% Space Free | Partition Type: NTFS
Drive E: | 114,14 Gb Total Space | 39,43 Gb Free Space | 34,54% Space Free | Partition Type: NTFS
 
Computer Name: SNAPSHOT-PC | User Name: Snapshot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Snapshot\AppData\Local\Temp\0.05781891540641315.exe" = C:\Users\Snapshot\AppData\Local\Temp\0.05781891540641315.exe:*:Enabled:ldrsoft
"C:\Users\Snapshot\AppData\Roaming\download2\svcnost.exe" = C:\Users\Snapshot\AppData\Roaming\download2\svcnost.exe:*:Enabled:ldrsoft
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{311EEFFE-8354-42D8-B2A0-A0666689F69F}" = Alesis io|2 ASIO Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE 
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{5DD152A8-BFB3-439E-90CD-5C00C2116E23}" = AmpliTube 3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FCCC8D1-3152-4699-8793-6CB0B9E26EBB}" = Miroslav Philharmonik Instruments
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{BA0D0121-A3BA-487D-9C78-7AB0E676C722}" = Miroslav Philharmonik
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CANONBJ_Deinstall_CNMCP5y.DLL" = Canon PIXMA iP1500
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"DivX Setup.divx.com" = DivX-Setup
"ERUNT_is1" = ERUNT 1.1j
"FL Studio 8" = FL Studio 8
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HoldemManager" = Holdem Manager
"HS2_is1" = Steinberg Hypersonic 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"Native Instruments FM8" = Native Instruments FM8
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PostgreSQL 8.4" = PostgreSQL 8.4
"PunkBusterSvc" = PunkBuster Services
"rgcAudio z3ta Plus v1.40" = rgcAudio z3ta Plus v1.40
"Sonalksis Plug-Ins for Windows_is1" = Sonalksis Plug-Ins for Windows 2.00
"SopCast" = SopCast 3.2.9
"Soulseek2" = SoulSeek 157 NS 13e
"STANDARD" = Microsoft Office Standard 2007
"StarCraft II" = StarCraft II
"Steinberg Hypersonic VSTi DXi_is1" = Steinberg Hypersonic VSTi DXi v2.0
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Two Worlds II" = Two Worlds II
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"XBCD" = XBCD 1.03
"Zero-X BeatSlicer" = Zero-X BeatSlicer
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

M-K-D-B · 20.02.2011, 19:37

Hallo RealSnapshot,

Schritt # 1: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Snapshot\AppData\Local\Temp\0.05781891540641315.exe" =- 
"C:\Users\Snapshot\AppData\Roaming\download2\svcnost.exe" =-

:Commands
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt # 2: Java deinstallieren/neu installieren
Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).

Schließe alle Browserfenster.
Doppelklicke die JavaRa.exe, um das Programm zu starten.
Die Sprache auswählen, nimm Englisch und klicke "Select".
Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und Remove Sun Download Manager.
Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
Rechner neu starten.

Downloade nun Java (Java Runtime Environment (JRE) 6 Update 24) von Oracle und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.

Schritt # 3: Wichtige Updates
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan.
Als alternative würde ich dir den schlankeren Foxit Reader empfehlen

Schritt # 4: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)

Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Vollständigen Suchlauf durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt # 5: ESET Online Scanner
Bitte während des Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threads kein Haken gesetzt ist.
drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.

Schritt # 6: Durchführung einer Sicherheitskontrolle
Downloade Dir bitte SecurityCheck

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.

Poste den Inhalt bitte hier.

Schritt # 7: Fragen beantworten
Bitte beantworte uns folgende Fragen:

Warum hast du heute die Host-Datei neu erstellt?

Zitat:

O1 HOSTS File: ([2011.02.20 18:49:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
Es war nicht nötig, OTL erneut herunterzuladen. Stattedessen hättest du die Datei aus dem Ordner MFTools verwenden können.
Wie läuft dein Rechner derzeit? Hast du noch Probleme? Wenn ja, beschreibe diese so gut es geht.

Schritt # 8: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile des OTL-Fix ,

das Logfile von MBAM,

das Logfile des ESET Online Scanners,

das Logfile von SecurityCheck und

die Beantwortung der gestellten Fragen.

RealSnapshot · 21.02.2011, 20:43

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Snap shot\AppData\Local\Temp\0.05781891540641315.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Snap shot\AppData\Roaming\download2\svcnost.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Snapshot
->Temp folder emptied: 782882 bytes
->Temporary Internet Files folder emptied: 4325169 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 73944333 bytes
->Flash cache emptied: 4454 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 75,00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02212011_203916

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Trojaner immer wieder

Plagegeister aller Art und deren Bekämpfung: Trojaner immer wieder