SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten)

Hustensaft · 24.05.2011, 17:59

Hallo,

vor kurzem ist mir aufgefallen, dass sich antivir nicht mehr updaten läßt.
Ich habe dann u.a. eine antivir-rescue-disk gebootet und den spyeyes-trojaner gefunden und deleted. Alle caches (Java, Temp, Temporäre Internetdateien sind geleert).
Danach habe ich Malwarebytes laufen lassen (2.Log) und noch einen Adware-agent gefunden.

Antivir kann ich immer noch nicht updaten. Wenn ich GMER laufen lassen möchte, stürzt der Rechner ab. Über eure Hilfe würde ich mich sehr freuen.

Der antivir - Log:

Zitat:

Avira / Linux Version 1.9.152.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.
engine set: 8.2.4.242
VDF Version: 7.11.8.107
Scan start time: Mon May 23 23:16:35 2011
configuration file: /etc/avira/scancl.conf

ALERT: [Java/Dldr.Arch.A] /media/Devices/sda1/Documents and Settings/Martin/Application Data/Sun/Java/Deployment/cache/6.0/12/3cc664c-6c7ae634 <<< Contains signature of the Java virus JAVA/Dldr.Arch.A [renamed]

ALERT: [TR/Spy.SpyEyes.gwd] /media/Devices/sda1/Documents and Settings/Martin/Application Data/Sun/Java/Deployment/cache/6.0/56/30b8cfb8-638ae732 <<< Is the Trojan horse TR/Spy.SpyEyes.gwd [renamed]

ALERT: [TR/Spy.SpyEyes.gwd] /media/Devices/sda1/Documents and Settings/Martin/Local Settings/Temp/0.501756909366432.exe <<< Is the Trojan horse TR/Spy.SpyEyes.gwd [renamed]

WARNING: [Unexpected end of file] /media/Devices/sda1/Documents and Settings/Martin/Local Settings/Temporary Internet Files/Content.IE5/0B0LGVCJ/profile_data_1[1].zip

WARNING: [Unexpected end of file] /media/Devices/sda1/Documents and Settings/Martin/Local Settings/Temporary Internet Files/Content.IE5/0B0LGVCJ/theme[2].zip

WARNING: [Unexpected end of file] /media/Devices/sda1/Documents and Settings/Martin/Local Settings/Temporary Internet Files/Content.IE5/8167CPO7/images[1].zip

WARNING: [Unexpected end of file] /media/Devices/sda1/Documents and Settings/Martin/Local Settings/Temporary Internet Files/Content.IE5/Q54PEJS1/theme[1].zip

WARNING: [Unexpected end of file] /media/Devices/sda1/Documents and Settings/Martin/Local Settings/Temporary Internet Files/Content.IE5/Q54PEJS1/theme[2].zip

WARNING: [Unexpected end of file] /media/Devices/sda1/Documents and Settings/Martin/Local Settings/Temporary Internet Files/Content.IE5/Q54PEJS1/theme[3].zip

WARNING: [Unexpected end of file] /media/Devices/sda1/Documents and Settings/Martin/Local Settings/Temporary Internet Files/Content.IE5/Q54PEJS1/theme[4].zip

WARNING: [Unexpected end of file] /media/Devices/sda1/Documents and Settings/Martin/Local Settings/Temporary Internet Files/Content.IE5/Q54PEJS1/profile_data_1[1].zip

WARNING: [Unexpected end of file] /media/Devices/sda1/Documents and Settings/Martin/Local Settings/Temporary Internet Files/Content.IE5/Q54PEJS1/forms_data_1[1].zip

WARNING: [Unexpected end of file] /media/Devices/sda1/Documents and Settings/Martin/Local Settings/Temporary Internet Files/Content.IE5/Q54PEJS1/forms_data_1[2].zip

WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Documents and Settings/Martin/My Documents/Downloads/UnitySetup-3.0.0.exe --> ProgramFilesDir/ICSharpCode.SharpZipLib.dll

WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Documents and Settings/Martin/My Documents/Downloads/UnitySetup-3.0.0.exe --> ProgramFilesDir/ICSharpCode.SharpZipLib.dll

WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Documents and Settings/Martin/My Documents/Downloads/UnitySetup-3.0.0.exe --> ProgramFilesDir/ICSharpCode.SharpZipLib.dll

WARNING: [Unexpected end of file] /media/Devices/sda1/Documents and Settings/Martin/My Documents/Downloads/ct1013.zip.001

WARNING: [A malformed archive header was detected] /media/Devices/sda1/Documents and Settings/Martin/My Documents/Downloads/ct1013.zip.002

WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/SpeedFan/uninstall.exe

WARNING: [Unexpected end of file] /media/Devices/sda1/WINDOWS/system32/Macromed/Flash/uninstall_activeX.exe

WARNING: [File is encrypted] /media/Devices/sda5/Downloads/34d7dea57db8e5cca607c8b636a2ec82.rar

WARNING: [The files in archive are multiple volume] /media/Devices/sda5/Downloads/UnitySetup-2.6.1.exe --> ProgramFilesDir/ICSharpCode.SharpZipLib.dll

WARNING: [The files in archive are multiple volume] /media/Devices/sda5/Downloads/fbnames/facebook-names-unique.txt.bz2

WARNING: [Bad compressed data] /media/Devices/sda5/WinLite.iso --> Programme_zum_installieren/LibO_3.3.0_Win_x86_install_multi.exe --> ProgramFilesDir/libreoffice1.cab --> standard4.bau

WARNING: [Bad compressed data] /media/Devices/sda5/WinLite.iso --> Programme_zum_installieren/LibO_3.3.0_Win_x86_install_multi.exe --> ProgramFilesDir/libreoffice1.cab --> template4.bau

Statistics :
Directories............... : 37776
Archives.................. : 9137
Files..................... : 2823426
Infected.............. : 3
Renamed........... : 3
Warnings.............. : 31
Suspicious............ : 0
Infections................ : 3

Dann habe ich Malwarebytes laufen lassen:

Folgender Log:

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6658

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

24.05.2011 10:19:53
mbam-log-2011-05-24 (10-19-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|)
Durchsuchte Objekte: 350156
Laufzeit: 48 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
f:\system volume information\_restore{b83da741-c247-48bc-b6d4-9fbfead0d7f8}\RP242\A0127966.exe (Adware.Agent) -> Quarantined and deleted successfully.

cosinus · 24.05.2011, 19:32

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Hustensaft · 24.05.2011, 21:07

Hallo,

ich hatte im safe-mode als admin auch nochmal einen Suchlauf gemacht und das kam raus:

Alle anderen log-Dateien (ich habe Malwarebytes einige male laufen lassen) sind leer bzw. ohne Funde.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6658

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

5/24/2011 2:23:10 AM
mbam-log-2011-05-24 (02-23-10).txt

Scan type: Full scan (C:\|F:\|G:\|)
Objects scanned: 348717
Time elapsed: 28 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
f:\Desktop\audioconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

cosinus · 24.05.2011, 21:58

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hustensaft · 24.05.2011, 23:02

Code:

ATTFilter

OTL logfile created on: 24.05.2011 23:50:16 - Run 2
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Documents and Settings\meinname\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3,18 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 82,00% Memory free
5,02 Gb Paging File | 4,42 Gb Available in Paging File | 87,91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 4,44 Gb Free Space | 9,09% Space Free | Partition Type: NTFS
Drive E: | 1,84 Gb Total Space | 0,38 Gb Free Space | 20,83% Space Free | Partition Type: FAT32
Drive F: | 416,64 Gb Total Space | 400,50 Gb Free Space | 96,13% Space Free | Partition Type: NTFS
Drive G: | 297,45 Mb Total Space | 297,41 Mb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: COMPUTER1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.24 23:01:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\meinname\Desktop\OTL.exe
PRC - [2011.05.14 16:01:13 | 001,779,792 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.24 23:01:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\meinname\Desktop\OTL.exe
MOD - [2011.05.14 16:05:35 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2008.04.14 06:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (XAMPP)
SRV - File not found [On_Demand | Stopped] --  -- (TipCtrl)
SRV - [2011.05.18 02:04:35 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011.05.14 16:01:13 | 001,779,792 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009.12.06 23:26:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.05.14 16:05:32 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011.05.14 16:05:31 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011.05.14 16:05:30 | 000,242,472 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010.12.18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.02.09 22:59:25 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.10 13:16:04 | 000,476,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.11.04 18:15:30 | 004,423,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.08.19 02:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.07.18 07:18:44 | 000,093,096 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.31 12:38:00 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.10.30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.10.30 01:05:58 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2008.07.30 16:44:44 | 000,619,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2001.08.17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.24 01:15:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.29 21:49:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 11\components [2011.03.13 01:23:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugins
 
[2011.05.24 01:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011.05.24 01:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7mq58obb.default\extensions
[2011.05.24 11:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.11.24 18:27:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.04.23 18:55:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2011.04.09 03:46:41 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.09 03:46:41 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.04.09 03:46:41 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.04.09 03:46:41 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.04.09 03:46:41 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2007.08.11 08:58:33 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 	mpa.one.microsoft.com
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\RunOnce: [scan_after_setup] c:\program files\avira\antivir desktop\avcenter.exe (Avira GmbH)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.06 03:56:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "WMPNetworkSvc"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 0
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {4395D8A7-19B8-34B4-10D9-A60A0111307F} - Internet Explorer
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A9B4B5A5-2F94-153C-1B34-499A1E337ED3} - NetShow
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {B4DA0E23-6F62-0669-DEAD-B3AD498C7378} - Dynamic HTML Data Binding for Java
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.24 11:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011.05.24 11:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011.05.24 10:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011.05.24 10:51:22 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.05.24 10:51:20 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.05.24 10:51:20 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.05.24 10:51:20 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011.05.24 10:51:20 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011.05.24 10:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011.05.24 01:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ivdf_fusebundle_nt_en
[2011.05.24 01:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011.05.24 01:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011.05.24 01:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011.05.24 01:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011.05.24 00:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.05.18 18:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_antirootkit_en
[2011.05.18 16:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FlashDevelop
[2011.05.18 14:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de
[2011.05.18 13:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2011.05.18 13:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011.05.18 13:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\vdf_fusebundle
[2011.05.18 12:54:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011.05.18 12:54:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011.05.18 12:54:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Recent
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011.05.18 12:54:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011.05.18 02:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.05.12 16:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011.05.05 16:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother
[2011.05.05 16:56:03 | 000,055,296 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\brinsstr.dll
[2011.05.05 16:56:02 | 000,188,416 | ---- | C] (brother) -- C:\WINDOWS\System32\PDRVINST.DLL
[2011.05.05 16:56:02 | 000,081,920 | ---- | C] (brother) -- C:\WINDOWS\System32\BrWebIns.dll
[2011.05.05 16:56:02 | 000,065,536 | ---- | C] (brother) -- C:\WINDOWS\System32\BRWEBUP.EXE
[2011.05.05 16:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2011.05.05 16:56:01 | 000,147,456 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\brunin03.dll
[2011.05.05 16:56:01 | 000,000,000 | ---D | C] -- C:\Brother
[2011.05.05 16:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2011.05.04 17:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
[2011.04.29 20:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\TourDeFlex
[2011.04.28 12:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\mp3DirectCut
[2010.11.22 17:54:01 | 000,091,913 | ---- | C] (FlashDevelop.org) -- C:\Program Files\Uninstall.exe
[2010.10.07 21:57:36 | 000,362,496 | ---- | C] (FlashDevelop.org) -- C:\Program Files\FlashDevelop.exe
[2010.10.07 21:57:28 | 001,350,144 | ---- | C] (FlashDevelop.org) -- C:\Program Files\PluginCore.dll
[2010.10.04 08:27:22 | 000,520,704 | ---- | C] (scite.net.ru) -- C:\Program Files\SciLexer.dll
[2010.10.04 08:27:22 | 000,106,496 | ---- | C] (Galos) -- C:\Program Files\Scripting.dll
[2010.10.04 08:27:22 | 000,097,280 | ---- | C] (FlashDevelop.org) -- C:\Program Files\SwfOp.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.24 23:31:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.24 21:26:15 | 000,001,194 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-115176313-1417001333-1003UA.job
[2011.05.24 12:26:00 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-115176313-1417001333-1003Core.job
[2011.05.24 12:04:38 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\yyh0jcpd.exe
[2011.05.24 10:51:31 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.05.24 01:39:18 | 046,753,958 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ivdf_fusebundle_nt_en.zip
[2011.05.24 01:08:39 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Computer.lnk
[2011.05.23 20:57:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.18 18:13:54 | 000,089,324 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_antirootkit_en.zip
[2011.05.18 16:01:21 | 000,000,087 | ---- | M] () -- C:\Documents and Settings\Administrator\mm.cfg
[2011.05.18 14:11:55 | 057,679,123 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de.zip
[2011.05.18 13:06:14 | 043,859,754 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\vdf_fusebundle.zip
[2011.05.18 12:54:53 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2011.05.18 02:17:48 | 052,718,176 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de(1).exe
[2011.05.18 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-COMPUTER1-meinname.job
[2011.05.14 16:05:35 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011.05.14 16:05:32 | 000,097,504 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011.05.14 16:05:31 | 000,029,400 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011.05.14 16:05:31 | 000,017,416 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011.05.14 16:05:30 | 000,242,472 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011.05.12 16:43:51 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[2011.05.05 17:30:08 | 000,000,468 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011.05.05 17:26:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2011.05.05 16:56:44 | 000,001,728 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2011.05.05 16:56:16 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\bridf05a.dat
[2011.05.04 17:48:24 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk
[2011.05.04 01:19:54 | 000,000,693 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\os604495.bin
[2011.04.29 20:38:10 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TourDeFlex.lnk
[2011.04.25 18:53:38 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.24 16:18:09 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\yyh0jcpd.exe
[2011.05.24 10:51:31 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.05.24 01:41:06 | 046,753,958 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ivdf_fusebundle_nt_en.zip
[2011.05.24 01:08:39 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\My Computer.lnk
[2011.05.18 18:16:08 | 000,089,324 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_antirootkit_en.zip
[2011.05.18 16:00:47 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Administrator\mm.cfg
[2011.05.18 14:07:41 | 057,679,123 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de.zip
[2011.05.18 13:08:42 | 043,859,754 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\vdf_fusebundle.zip
[2011.05.18 12:54:53 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2011.05.18 12:54:51 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011.05.18 12:54:51 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011.05.18 02:14:14 | 052,718,176 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de(1).exe
[2011.05.12 16:43:51 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Download Assistant.lnk
[2011.05.12 16:43:51 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[2011.05.05 16:56:44 | 000,001,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2011.05.05 16:56:16 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf05a.dat
[2011.05.05 16:56:01 | 000,006,224 | ---- | C] () -- C:\WINDOWS\CVRPAGE.bmp
[2011.05.04 17:48:32 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Inkscape.lnk
[2011.05.04 17:48:21 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk
[2011.05.04 01:09:57 | 000,000,693 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\os604495.bin
[2011.04.29 20:38:10 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TourDeFlex.lnk
[2011.04.29 20:38:10 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TourDeFlex.lnk
[2011.02.18 16:26:02 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.10.04 08:27:22 | 000,145,920 | ---- | C] () -- C:\Program Files\Aga.dll
[2010.10.04 08:27:22 | 000,002,401 | ---- | C] () -- C:\Program Files\FirstRun.fdb
[2010.10.04 08:27:22 | 000,000,255 | ---- | C] () -- C:\Program Files\FlashDevelop.exe.config
[2010.03.10 16:50:28 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010.02.09 23:18:19 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.01.28 02:21:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.12.20 22:14:21 | 000,000,468 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.12.20 22:14:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009.12.20 22:14:20 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009.12.09 21:00:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.12.06 23:02:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.12.06 23:02:03 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.12.06 23:02:03 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009.12.06 23:02:03 | 000,195,855 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.12.06 23:02:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2009.12.06 23:02:03 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.12.06 20:51:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.12.06 20:33:57 | 000,014,640 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009.12.06 11:45:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.12.06 11:44:39 | 003,448,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.12.06 03:57:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.12.06 03:53:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.04.14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006.12.31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.08.23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 13:00:00 | 000,392,626 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 13:00:00 | 000,058,800 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
========== LOP Check ==========
 
[2009.12.06 20:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Allnet Driver
[2010.02.09 23:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010.11.25 00:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RalinkRT7x Driver
[2010.06.08 01:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011.04.03 15:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2010.06.08 01:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009.12.06 20:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Allnet Driver
[2010.06.08 01:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM
[2009.12.07 14:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2011.05.24 10:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011.05.05 16:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
[2010.02.09 23:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011.01.17 20:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2010.04.15 19:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010.11.11 01:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.09.07 01:17:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010.02.09 22:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010.11.25 00:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RalinkRT7x Driver
[2010.06.08 01:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009.12.09 20:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010.04.23 18:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011.04.03 15:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2010.03.01 23:44:10 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\java-rmi.exe
[2010.03.01 23:44:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\java.exe
[2010.03.01 23:44:10 | 000,059,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\javacpl.exe
[2010.03.01 23:44:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\javaw.exe
[2010.03.01 23:44:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\javaws.exe
[2010.03.01 23:44:12 | 000,079,648 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jbroker.exe
[2010.03.01 23:44:12 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jp2launcher.exe
[2010.03.01 23:44:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jqs.exe
[2010.03.01 23:44:12 | 000,055,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jqsnotify.exe
[2010.03.01 23:44:12 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jucheck.exe
[2010.03.01 23:44:12 | 000,055,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jureg.exe
[2010.03.01 23:44:14 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jusched.exe
[2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\keytool.exe
[2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\kinit.exe
[2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\klist.exe
[2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\ktab.exe
[2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\orbd.exe
[2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\pack200.exe
[2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\policytool.exe
[2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\rmid.exe
[2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\rmiregistry.exe
[2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\servertool.exe
[2010.03.01 23:44:14 | 000,030,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\ssvagent.exe
[2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\tnameserv.exe
[2010.03.01 23:44:14 | 000,132,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\unpack200.exe
[2008.07.10 20:34:16 | 000,528,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Allnet Driver\Wireless LAN USB Adapter\Driver\RaInst.exe
[2011.05.24 01:15:59 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2009.12.10 13:15:54 | 000,533,792 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\RalinkRT7x Driver\Hama Wireless LAN Adapter\Driver\RaInst.exe
 
Invalid Environment Variable: APPDATA
 
Invalid Environment Variable: APPDATA
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2008.04.14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.02.09 22:59:25 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2009.12.06 11:44:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.12.06 11:44:06 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.12.06 11:44:06 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.11.04 17:45:14 | 000,479,232 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

cosinus · 25.05.2011, 09:09

Bitte Comodo IS deinstallieren und die Windows-Firewall einschalten. Suites und PFWs sind in den allermeisten Fällen kontraproduktiv und kein Sicherheitsgewinn.

Zitat:

Internet Explorer (Version = 6.0.2900.5512)

Besser ist es auf die Aktualität der Programme bzw. des Systems zu achten. IE6 ist ein zehn Jahre alter Browser, sowas geht garnicht mehr! Auch wenn du einen anderen Browser zum Surfen verwendest, sollte der IE so aktuell wie möglich sein.

Um die Updates kümmern wir uns aber später. Deinstallier erst mal Comodo und mach danach ein frisches OTL-Log.

Hustensaft · 25.05.2011, 13:14

Alles klar. Ich habe auch gleich nochmal eine paar Programme deinstalliert, deren trial-version abgelaufen ist.

Code:

ATTFilter

OTL logfile created on: 25.05.2011 14:04:41 - Run 4
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Documents and Settings\meinname\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3,18 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 82,34% Memory free
5,02 Gb Paging File | 4,46 Gb Available in Paging File | 88,84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 6,75 Gb Free Space | 13,82% Space Free | Partition Type: NTFS
Drive E: | 1,84 Gb Total Space | 0,23 Gb Free Space | 12,68% Space Free | Partition Type: FAT32
Drive F: | 416,64 Gb Total Space | 400,50 Gb Free Space | 96,13% Space Free | Partition Type: NTFS
Drive G: | 297,45 Mb Total Space | 297,38 Mb Free Space | 99,98% Space Free | Partition Type: FAT32
 
Computer Name: COMPUTER1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.24 23:01:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\meinname\Desktop\OTL.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.24 23:01:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\meinname\Desktop\OTL.exe
MOD - [2008.04.14 06:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (XAMPP)
SRV - File not found [On_Demand | Stopped] --  -- (TipCtrl)
SRV - [2011.05.18 02:04:35 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.12.18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.02.09 22:59:25 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.10 13:16:04 | 000,476,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.11.04 18:15:30 | 004,423,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.08.19 02:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.07.18 07:18:44 | 000,093,096 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.31 12:38:00 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.10.30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.10.30 01:05:58 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2008.07.30 16:44:44 | 000,619,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2001.08.17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.24 01:15:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.29 21:49:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 11\components [2011.03.13 01:23:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugins
 
[2011.05.24 01:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011.05.24 01:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7mq58obb.default\extensions
[2011.05.24 11:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.11.24 18:27:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.04.23 18:55:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2011.04.09 03:46:41 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.09 03:46:41 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.04.09 03:46:41 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.04.09 03:46:41 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.04.09 03:46:41 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2007.08.11 08:58:33 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 	mpa.one.microsoft.com
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\RunOnce: [scan_after_setup] c:\program files\avira\antivir desktop\avcenter.exe (Avira GmbH)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.06 03:56:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "WMPNetworkSvc"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 0
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {4395D8A7-19B8-34B4-10D9-A60A0111307F} - Internet Explorer
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A9B4B5A5-2F94-153C-1B34-499A1E337ED3} - NetShow
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {B4DA0E23-6F62-0669-DEAD-B3AD498C7378} - Dynamic HTML Data Binding for Java
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.25 10:53:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.05.25 10:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\AdobeTemp
[2011.05.24 11:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011.05.24 11:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011.05.24 10:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011.05.24 10:51:22 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.05.24 10:51:20 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.05.24 10:51:20 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.05.24 10:51:20 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011.05.24 10:51:20 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011.05.24 10:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011.05.24 01:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ivdf_fusebundle_nt_en
[2011.05.24 01:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011.05.24 01:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011.05.24 01:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011.05.24 01:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011.05.24 00:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.05.18 18:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_antirootkit_en
[2011.05.18 16:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FlashDevelop
[2011.05.18 14:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de
[2011.05.18 13:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2011.05.18 13:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011.05.18 13:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\vdf_fusebundle
[2011.05.18 12:54:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011.05.18 12:54:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011.05.18 12:54:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Recent
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011.05.18 12:54:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011.05.18 02:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.05.12 16:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011.05.05 16:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother
[2011.05.05 16:56:03 | 000,055,296 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\brinsstr.dll
[2011.05.05 16:56:02 | 000,188,416 | ---- | C] (brother) -- C:\WINDOWS\System32\PDRVINST.DLL
[2011.05.05 16:56:02 | 000,081,920 | ---- | C] (brother) -- C:\WINDOWS\System32\BrWebIns.dll
[2011.05.05 16:56:02 | 000,065,536 | ---- | C] (brother) -- C:\WINDOWS\System32\BRWEBUP.EXE
[2011.05.05 16:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2011.05.05 16:56:01 | 000,147,456 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\brunin03.dll
[2011.05.05 16:56:01 | 000,000,000 | ---D | C] -- C:\Brother
[2011.05.05 16:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2011.05.04 17:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
[2011.04.29 20:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\TourDeFlex
[2011.04.28 12:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\mp3DirectCut
[2010.11.22 17:54:01 | 000,091,913 | ---- | C] (FlashDevelop.org) -- C:\Program Files\Uninstall.exe
[2010.10.07 21:57:36 | 000,362,496 | ---- | C] (FlashDevelop.org) -- C:\Program Files\FlashDevelop.exe
[2010.10.07 21:57:28 | 001,350,144 | ---- | C] (FlashDevelop.org) -- C:\Program Files\PluginCore.dll
[2010.10.04 08:27:22 | 000,520,704 | ---- | C] (scite.net.ru) -- C:\Program Files\SciLexer.dll
[2010.10.04 08:27:22 | 000,106,496 | ---- | C] (Galos) -- C:\Program Files\Scripting.dll
[2010.10.04 08:27:22 | 000,097,280 | ---- | C] (FlashDevelop.org) -- C:\Program Files\SwfOp.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.25 13:26:10 | 000,001,194 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-115176313-1417001333-1003UA.job
[2011.05.25 12:26:00 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-115176313-1417001333-1003Core.job
[2011.05.25 12:09:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.25 12:07:15 | 000,001,658 | ---- | M] () -- C:\WINDOWS\System32\.ini
[2011.05.24 12:04:38 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\yyh0jcpd.exe
[2011.05.24 10:51:31 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.05.24 01:39:18 | 046,753,958 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ivdf_fusebundle_nt_en.zip
[2011.05.24 01:08:39 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Computer.lnk
[2011.05.23 20:57:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.18 18:13:54 | 000,089,324 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_antirootkit_en.zip
[2011.05.18 16:01:21 | 000,000,087 | ---- | M] () -- C:\Documents and Settings\Administrator\mm.cfg
[2011.05.18 14:11:55 | 057,679,123 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de.zip
[2011.05.18 13:06:14 | 043,859,754 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\vdf_fusebundle.zip
[2011.05.18 12:54:53 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2011.05.18 02:17:48 | 052,718,176 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de(1).exe
[2011.05.12 16:43:51 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[2011.05.05 17:30:08 | 000,000,468 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011.05.05 17:26:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2011.05.05 16:56:44 | 000,001,728 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2011.05.05 16:56:16 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\bridf05a.dat
[2011.05.04 17:48:24 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk
[2011.05.04 01:19:54 | 000,000,693 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\os604495.bin
[2011.04.29 20:38:10 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TourDeFlex.lnk
[2011.04.25 18:53:38 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.25 12:07:15 | 000,001,658 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011.05.24 16:18:09 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\yyh0jcpd.exe
[2011.05.24 10:51:31 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.05.24 01:41:06 | 046,753,958 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ivdf_fusebundle_nt_en.zip
[2011.05.24 01:08:39 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\My Computer.lnk
[2011.05.18 18:16:08 | 000,089,324 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_antirootkit_en.zip
[2011.05.18 16:00:47 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Administrator\mm.cfg
[2011.05.18 14:07:41 | 057,679,123 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de.zip
[2011.05.18 13:08:42 | 043,859,754 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\vdf_fusebundle.zip
[2011.05.18 12:54:53 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2011.05.18 12:54:51 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011.05.18 12:54:51 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011.05.18 02:14:14 | 052,718,176 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de(1).exe
[2011.05.12 16:43:51 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Download Assistant.lnk
[2011.05.12 16:43:51 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[2011.05.05 16:56:44 | 000,001,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2011.05.05 16:56:16 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf05a.dat
[2011.05.05 16:56:01 | 000,006,224 | ---- | C] () -- C:\WINDOWS\CVRPAGE.bmp
[2011.05.04 17:48:32 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Inkscape.lnk
[2011.05.04 17:48:21 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk
[2011.05.04 01:09:57 | 000,000,693 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\os604495.bin
[2011.04.29 20:38:10 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TourDeFlex.lnk
[2011.04.29 20:38:10 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TourDeFlex.lnk
[2011.02.18 16:26:02 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.10.04 08:27:22 | 000,145,920 | ---- | C] () -- C:\Program Files\Aga.dll
[2010.10.04 08:27:22 | 000,002,401 | ---- | C] () -- C:\Program Files\FirstRun.fdb
[2010.10.04 08:27:22 | 000,000,255 | ---- | C] () -- C:\Program Files\FlashDevelop.exe.config
[2010.03.10 16:50:28 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010.02.09 23:18:19 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.01.28 02:21:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.12.20 22:14:21 | 000,000,468 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.12.20 22:14:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009.12.20 22:14:20 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009.12.09 21:00:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.12.06 23:02:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.12.06 23:02:03 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.12.06 23:02:03 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009.12.06 23:02:03 | 000,195,855 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.12.06 23:02:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2009.12.06 23:02:03 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.12.06 20:51:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.12.06 20:33:57 | 000,014,640 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009.12.06 11:45:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.12.06 11:44:39 | 003,448,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.12.06 03:57:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.12.06 03:53:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.04.14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006.12.31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.08.23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 13:00:00 | 000,392,626 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 13:00:00 | 000,058,800 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
========== LOP Check ==========
 
[2009.12.06 20:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Allnet Driver
[2010.02.09 23:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010.11.25 00:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RalinkRT7x Driver
[2010.06.08 01:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011.04.03 15:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2011.05.25 11:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009.12.06 20:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Allnet Driver
[2009.12.07 14:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2011.05.24 10:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011.05.05 16:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
[2010.02.09 23:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011.01.17 20:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2010.04.15 19:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010.11.11 01:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.09.07 01:17:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010.02.09 22:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010.11.25 00:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RalinkRT7x Driver
[2010.06.08 01:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009.12.09 20:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010.04.23 18:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011.04.03 15:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2008.07.10 20:34:16 | 000,528,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Allnet Driver\Wireless LAN USB Adapter\Driver\RaInst.exe
[2011.05.24 01:15:59 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2009.12.10 13:15:54 | 000,533,792 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\RalinkRT7x Driver\Hama Wireless LAN Adapter\Driver\RaInst.exe
 
Invalid Environment Variable: APPDATA
 
Invalid Environment Variable: APPDATA
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2008.04.14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.02.09 22:59:25 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2009.12.06 11:44:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.12.06 11:44:06 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.12.06 11:44:06 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.11.04 17:45:14 | 000,479,232 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

cosinus · 25.05.2011, 14:29

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
[2011.05.04 01:09:57 | 000,000,693 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\os604495.bin
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hustensaft · 25.05.2011, 14:45

Code:

ATTFilter

========== OTL ==========
C:\Documents and Settings\All Users\Documents\os604495.bin moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.23.0 log created on 05252011_154345

cosinus · 25.05.2011, 15:11

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Hustensaft · 25.05.2011, 15:19

Mach ich. Antivir läßt sich übrigens wieder updaten.

Hustensaft · 25.05.2011, 15:25

Code:

ATTFilter

2011/05/25 16:21:33.0156 1248	TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/25 16:21:33.0218 1248	================================================================================
2011/05/25 16:21:33.0218 1248	SystemInfo:
2011/05/25 16:21:33.0218 1248	
2011/05/25 16:21:33.0218 1248	OS Version: 5.1.2600 ServicePack: 3.0
2011/05/25 16:21:33.0218 1248	Product type: Workstation
2011/05/25 16:21:33.0218 1248	ComputerName: COMPUTER1
2011/05/25 16:21:33.0218 1248	UserName: Martin
2011/05/25 16:21:33.0218 1248	Windows directory: C:\WINDOWS
2011/05/25 16:21:33.0218 1248	System windows directory: C:\WINDOWS
2011/05/25 16:21:33.0218 1248	Processor architecture: Intel x86
2011/05/25 16:21:33.0218 1248	Number of processors: 4
2011/05/25 16:21:33.0218 1248	Page size: 0x1000
2011/05/25 16:21:33.0218 1248	Boot type: Normal boot
2011/05/25 16:21:33.0218 1248	================================================================================
2011/05/25 16:21:34.0640 1248	Initialize success
2011/05/25 16:21:48.0734 4068	================================================================================
2011/05/25 16:21:48.0734 4068	Scan started
2011/05/25 16:21:48.0734 4068	Mode: Manual; 
2011/05/25 16:21:48.0734 4068	================================================================================
2011/05/25 16:21:49.0609 4068	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/25 16:21:49.0921 4068	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/25 16:21:50.0468 4068	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/25 16:21:50.0843 4068	AFD             (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2011/05/25 16:21:52.0000 4068	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/25 16:21:52.0968 4068	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/25 16:21:53.0171 4068	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/25 16:21:55.0140 4068	ati2mtag        (3a1f64d8b1b6c6387c8c682c30843a38) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/25 16:21:55.0375 4068	AtiHdmiService  (fac04a8e09c8d70594382656d99772a3) C:\WINDOWS\system32\drivers\AtiHdmi.sys
2011/05/25 16:21:55.0546 4068	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/25 16:21:55.0734 4068	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/25 16:21:55.0828 4068	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/25 16:21:56.0015 4068	avgntflt        (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/05/25 16:21:56.0218 4068	avipbb          (524b9e78e396c00968c5629ed5bbfab0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/05/25 16:21:56.0406 4068	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/25 16:21:56.0578 4068	BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
2011/05/25 16:21:56.0765 4068	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/25 16:21:56.0953 4068	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/25 16:21:57.0296 4068	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/25 16:21:57.0500 4068	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/25 16:21:57.0671 4068	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/25 16:21:58.0687 4068	dfmirage        (d8cd6a2a94f545858eec6117f0d5dff4) C:\WINDOWS\system32\DRIVERS\dfmirage.sys
2011/05/25 16:21:58.0875 4068	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/25 16:21:59.0296 4068	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/25 16:21:59.0750 4068	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/25 16:21:59.0921 4068	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/25 16:22:00.0125 4068	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/25 16:22:00.0468 4068	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/25 16:22:00.0687 4068	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/25 16:22:00.0875 4068	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/25 16:22:01.0062 4068	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/25 16:22:01.0234 4068	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/25 16:22:01.0437 4068	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/25 16:22:01.0609 4068	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/25 16:22:01.0812 4068	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/25 16:22:01.0968 4068	giveio          (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/05/25 16:22:02.0203 4068	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/25 16:22:02.0421 4068	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/25 16:22:02.0609 4068	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/25 16:22:03.0031 4068	HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/25 16:22:03.0546 4068	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/05/25 16:22:03.0750 4068	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/25 16:22:05.0656 4068	IntcAzAudAddService (19d3781892a3794672cd1962f3d8d3b8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/25 16:22:06.0000 4068	intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/25 16:22:06.0187 4068	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/25 16:22:06.0375 4068	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/25 16:22:06.0546 4068	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/25 16:22:06.0781 4068	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/25 16:22:06.0953 4068	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/25 16:22:07.0187 4068	irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/05/25 16:22:07.0406 4068	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/25 16:22:07.0578 4068	irsir           (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/05/25 16:22:07.0765 4068	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/25 16:22:07.0968 4068	JRAID           (dc8e2779cdf0348a35aaffa3a1bde0c9) C:\WINDOWS\system32\DRIVERS\jraid.sys
2011/05/25 16:22:08.0156 4068	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/25 16:22:08.0328 4068	kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/25 16:22:08.0562 4068	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/25 16:22:08.0812 4068	KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/25 16:22:09.0468 4068	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/25 16:22:09.0640 4068	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/25 16:22:09.0828 4068	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/25 16:22:10.0015 4068	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/25 16:22:10.0187 4068	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/25 16:22:10.0578 4068	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/25 16:22:10.0890 4068	MRxSmb          (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/25 16:22:11.0125 4068	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/25 16:22:11.0312 4068	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/25 16:22:11.0468 4068	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/25 16:22:11.0640 4068	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/25 16:22:11.0812 4068	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/25 16:22:12.0000 4068	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/25 16:22:12.0218 4068	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/25 16:22:12.0421 4068	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/25 16:22:12.0671 4068	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/25 16:22:12.0843 4068	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/25 16:22:13.0031 4068	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/25 16:22:13.0203 4068	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/25 16:22:13.0406 4068	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/25 16:22:13.0609 4068	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/25 16:22:13.0796 4068	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/25 16:22:14.0015 4068	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/25 16:22:14.0250 4068	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/25 16:22:14.0421 4068	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/25 16:22:14.0765 4068	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/25 16:22:15.0046 4068	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/25 16:22:15.0218 4068	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/25 16:22:15.0406 4068	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/25 16:22:15.0593 4068	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/25 16:22:15.0796 4068	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/25 16:22:15.0984 4068	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/25 16:22:16.0156 4068	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/25 16:22:16.0343 4068	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/25 16:22:16.0718 4068	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/25 16:22:16.0921 4068	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/25 16:22:18.0187 4068	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/25 16:22:18.0390 4068	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/25 16:22:18.0578 4068	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/25 16:22:18.0765 4068	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/25 16:22:19.0718 4068	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/25 16:22:19.0906 4068	Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/05/25 16:22:20.0093 4068	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/25 16:22:20.0281 4068	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/25 16:22:20.0468 4068	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/25 16:22:20.0703 4068	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/25 16:22:20.0875 4068	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/25 16:22:21.0093 4068	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/25 16:22:21.0359 4068	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/25 16:22:21.0593 4068	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/25 16:22:21.0984 4068	rt2870          (5532f69d0a845ffe9d70b9e0392fe50a) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2011/05/25 16:22:22.0515 4068	RT73            (4ef3f74439aa644bcd8ddc0ed88a5d01) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/05/25 16:22:22.0875 4068	RTLE8023xp      (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/05/25 16:22:23.0093 4068	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/25 16:22:23.0265 4068	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/25 16:22:23.0453 4068	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/25 16:22:23.0640 4068	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/25 16:22:23.0984 4068	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/25 16:22:24.0312 4068	speedfan        (9f70cd5edcc4efc48ae21e04fb03be9d) C:\WINDOWS\system32\speedfan.sys
2011/05/25 16:22:24.0531 4068	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/25 16:22:24.0937 4068	sptd            (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/05/25 16:22:24.0937 4068	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/05/25 16:22:24.0937 4068	sptd - detected LockedFile.Multi.Generic (1)
2011/05/25 16:22:25.0109 4068	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/25 16:22:25.0375 4068	Srv             (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/25 16:22:25.0625 4068	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/05/25 16:22:25.0812 4068	StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/05/25 16:22:26.0000 4068	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/25 16:22:26.0156 4068	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/25 16:22:26.0343 4068	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/25 16:22:27.0187 4068	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/25 16:22:27.0500 4068	Tcpip           (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/25 16:22:27.0781 4068	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/25 16:22:27.0968 4068	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/25 16:22:28.0171 4068	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/25 16:22:28.0562 4068	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/25 16:22:29.0046 4068	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/25 16:22:29.0359 4068	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/25 16:22:29.0562 4068	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/25 16:22:29.0750 4068	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/25 16:22:29.0937 4068	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/25 16:22:30.0140 4068	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/25 16:22:30.0343 4068	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/25 16:22:30.0562 4068	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/25 16:22:30.0781 4068	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/25 16:22:31.0140 4068	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/25 16:22:31.0312 4068	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/25 16:22:31.0671 4068	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/25 16:22:31.0906 4068	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/25 16:22:31.0937 4068	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/25 16:22:32.0109 4068	MBR (0x1B8)     (43e336b3bf81392b7debdaf9cb3affdb) \Device\Harddisk1\DR6
2011/05/25 16:22:32.0375 4068	================================================================================
2011/05/25 16:22:32.0375 4068	Scan finished
2011/05/25 16:22:32.0375 4068	================================================================================
2011/05/25 16:22:32.0375 0220	Detected object count: 1
2011/05/25 16:22:32.0375 0220	Actual detected object count: 1
2011/05/25 16:23:10.0453 0220	LockedFile.Multi.Generic(sptd) - User select action: Skip

cosinus · 25.05.2011, 16:01

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hustensaft · 25.05.2011, 17:05

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-05-24.06 - Martin 25.05.2011  17:55:05.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3255.2842 [GMT 2:00]
Running from: c:\documents and settings\Martin\Desktop\cofi.exe
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Uninstall.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-25 to 2011-05-25  )))))))))))))))))))))))))))))))
.
.
2011-05-25 13:43 . 2011-05-25 13:43	--------	d-----w-	C:\_OTL
2011-05-25 08:49 . 2011-05-25 09:01	--------	d-----w-	c:\documents and settings\All Users\AdobeTemp
2011-05-24 10:16 . 2011-05-24 10:16	--------	d-----w-	c:\documents and settings\Martin\Application Data\Avira
2011-05-24 09:33 . 2011-05-24 09:33	--------	d-----w-	c:\program files\Sophos
2011-05-24 08:51 . 2011-05-24 08:51	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira
2011-05-24 08:51 . 2010-03-01 08:05	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-05-24 08:51 . 2010-02-16 12:24	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-05-24 08:51 . 2009-05-11 10:49	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2011-05-24 08:51 . 2009-05-11 10:49	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2011-05-23 22:51 . 2011-05-23 22:51	--------	d-----w-	c:\program files\Avira
2011-05-18 10:54 . 2011-05-18 14:00	--------	d-----w-	c:\documents and settings\Administrator
2011-05-18 00:29 . 2011-05-18 16:58	--------	d-----w-	c:\windows\system32\NtmsData
2011-05-12 14:43 . 2011-05-12 14:43	--------	d-----w-	c:\documents and settings\Martin\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-05-12 14:43 . 2011-05-12 14:43	--------	d-----w-	c:\program files\Adobe Download Assistant
2011-05-05 14:56 . 2005-05-09 09:38	55296	------w-	c:\windows\system32\brinsstr.dll
2011-05-05 14:56 . 2011-05-05 14:56	--------	d-----w-	c:\program files\Brother
2011-05-05 14:56 . 2004-12-02 23:26	188416	------w-	c:\windows\system32\PDRVINST.DLL
2011-05-05 14:56 . 2003-07-02 23:08	65536	------w-	c:\windows\system32\BRWEBUP.EXE
2011-05-05 14:56 . 2002-10-30 23:09	81920	------w-	c:\windows\system32\BrWebIns.dll
2011-05-05 14:56 . 2000-01-28 10:19	513536	------w-	c:\program files\Common Files\InstallShield\WebUpdate\IFTW.EXE
2011-05-05 14:56 . 2000-01-28 10:19	331776	------w-	c:\program files\Common Files\InstallShield\WebUpdate\WebUpdate.exe
2011-05-05 14:56 . 2000-01-28 10:19	24576	------w-	c:\program files\Common Files\InstallShield\WebUpdate\RasThunk.dll
2011-05-05 14:56 . 2000-01-28 10:19	132096	------w-	c:\program files\Common Files\InstallShield\WebUpdate\ISiteLite.dll
2011-05-05 14:56 . 2011-05-05 14:56	--------	d-----w-	C:\Brother
2011-05-05 14:56 . 2004-12-10 14:35	147456	------w-	c:\windows\brunin03.dll
2011-05-05 14:55 . 2011-05-05 14:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\Brother
2011-05-05 14:55 . 2011-05-05 14:55	282756	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-05-05 14:55 . 2011-05-05 14:55	163972	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-05-05 14:55 . 2002-12-05 12:12	692224	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-05-05 14:55 . 2002-12-05 12:10	155648	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-05-05 14:55 . 2002-12-02 13:22	5632	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-05-05 14:55 . 2002-12-02 11:33	57344	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-05-05 14:55 . 2002-12-02 11:33	237568	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-05-04 15:49 . 2011-05-04 15:49	--------	d-----w-	c:\documents and settings\Martin\Application Data\inkscape
2011-05-04 15:46 . 2011-05-04 15:48	--------	d-----w-	c:\program files\Inkscape
2011-04-29 18:38 . 2011-04-29 18:38	--------	d-----w-	c:\documents and settings\Martin\Application Data\TourDeFlex.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2011-04-29 18:38 . 2011-04-29 18:38	--------	d-----w-	c:\program files\TourDeFlex
2011-04-28 10:01 . 2011-04-28 10:02	--------	d-----w-	c:\program files\mp3DirectCut
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 19:57 . 2010-10-07 19:57	362496	----a-w-	c:\program files\FlashDevelop.exe
2010-10-07 19:57 . 2010-10-07 19:57	1350144	----a-w-	c:\program files\PluginCore.dll
2010-10-04 06:27 . 2010-10-04 06:27	97280	----a-w-	c:\program files\SwfOp.dll
2010-10-04 06:27 . 2010-10-04 06:27	520704	----a-w-	c:\program files\SciLexer.dll
2010-10-04 06:27 . 2010-10-04 06:27	145920	----a-w-	c:\program files\Aga.dll
2010-10-04 06:27 . 2010-10-04 06:27	106496	----a-w-	c:\program files\Scripting.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2008-04-14 04:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-14 04:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rpcss.dll
.
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\system32\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\services.exe
.
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe
[-] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\system32\dllcache\wuauclt.exe
.
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2007-02-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2008-04-14 04:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\system32\es.dll
[-] 2008-04-14 04:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\system32\dllcache\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\system32\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\mshtml.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2007-02-18 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\system32\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\system32\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ole32.dll
.
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\dllcache\usp10.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
.
[-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2008-04-14 04:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-04-14 04:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2008-04-14 04:42 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2008-04-14 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2008-04-14 04:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 04:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 04:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 04:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
[-] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\iexplore.exe
.
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Martin\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-03-02 09:28	282792	----a-w-	c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-07-19 10:36	933888	------w-	c:\program files\Brother\ControlCenter2\brctrcen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-18 15:16	136176	----atw-	c:\documents and settings\Martin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Apache2.2"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/9/2010 10:59 PM 717296]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 6:42 AM 14336]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/30/2008 1:05 AM 31896]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe --> c:\xampp\service.exe [?]
S3 AsrCDDrv;AsrCDDrv;\??\c:\windows\system32\Drivers\AsrCDDrv.sys --> c:\windows\system32\Drivers\AsrCDDrv.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\19.tmp --> c:\windows\system32\19.tmp [?]
S3 TipCtrl;TipCtrl;"c:\program files\uTIPu\TipCtrl.exe" --> c:\program files\uTIPu\TipCtrl.exe [?]
S4 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [5/24/2011 10:51 AM 135336]
S4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [4/25/2011 1:29 AM 29416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-115176313-1417001333-1003Core.job
- c:\documents and settings\Martin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-18 15:16]
.
2011-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-115176313-1417001333-1003UA.job
- c:\documents and settings\Martin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-18 15:16]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\dccp4xul.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
AddRemove-FlashDevelop - c:\program files\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-25 17:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\19.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-05-25  18:01:34
ComboFix-quarantined-files.txt  2011-05-25 16:01
.
Pre-Run: 7.280.852.992 bytes free
Post-Run: 10.607.783.936 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9907A540DB6BC0FEA0DDEE5C73901AFC

--- --- ---

cosinus · 25.05.2011, 20:43

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

24.05.2011, 19:32	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten) Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ __________________

SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten)

Plagegeister aller Art und deren Bekämpfung: SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten)