Trojaner-Board - Firefox leitet Seiten um - Antivir meldet 'HTML/Infected.WebPage.Gen'

Seite 1 von 3

100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Firefox leitet Seiten um - Antivir meldet 'HTML/Infected.WebPage.Gen' (https://www.trojaner-board.de/79737-firefox-leitet-seiten-um-antivir-meldet-html-infected-webpage-gen.html)

Al Coholic

24.11.2009 23:32

Firefox leitet Seiten um - Antivir meldet 'HTML/Infected.WebPage.Gen'

Hallo an alle,

erstmal möchte ich mich hiermit dem Forum vorstellen. Ist mein erster Besuch hier und -wie ihr euch vorstellen könnt- aus keinem freudigen Anlass.

Nun der Reihe nach:

Antivir meldete mir kürzlich eine Maleware wie folgt:

'HTML/Infected.WebPage.Gen
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OTEN85QN\zip2[1].htm

diese Meldung trat dann in regelmäsigen Abständen wieder auf, wobei sich nur diese Buchstabenfolge im Pfad veränderte "OTEN85QN"

Hab sie dann von hand entfernt, da es sich ja um temporäre Datein handelt. Jedoch erschien die Meldung immer wieder.

Also hab ich mir Spybot runtergeladen. Das Programm hat dann auch 6 zweifelhafte Einträge angezeigt, die ich sodann durch Spybot löschen ließ.
Dort war auch zwei sogenannter tracking-cookies aufgelistet.
Der eine verwies auf Eine Seite, die ich auch in meiner Adressleiste sah, als Firefox mich mal wieder umleitete.
Dachte das Problem sei damit gelöst -war nicht so.
Firefox leitet mich weiterhin völlig unwillkürlich auf falsche Seiten um.

Heute -nach einigen Versuchen des Problems Herr zu werden (Scann mit Malewarebytes, cc cleaner etc -kurzum die Tools die auf diesem Board genannt werden) trat eine neue Meldung bei Antivir auf:

'TR/Trash.Gen'
'C:\System Volume Information\_restore{072C5839-2172-4BDC-BA82-8A70D0562783}\RP194\A0051132.exe'

Diese könnte jedoch auch von DeamonTools stammen haben meine Recherchen bei google ergeben.

Leider weiß ich nicht mehr genau, ob das umleiten der Seiten zeitgleich mit den Virenalarmen von Antivir anfing.

Hier sind noch ein paar logs:

Maleware nach quickscann:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3223
Windows 5.1.2600 Service Pack 3

24.11.2009 18:12:07
Malware_pruefung.txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 148111
Laufzeit: 4 minute(s), 38 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
C:\WINDOWS\system32\photo_id.exe (Backdoor.Bot) -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\photo_id (Trojan.FakeAlert.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\photo_id (Backdoor.Bot) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\photo_id.exe (Trojan.FakeAlert.H) -> No action taken.
C:\Dokumente und Einstellungen\Admin\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.

Dann habe ich versucht mit Maleware die Probleme zu fixen
und hab danach einen Komplettscann gemacht:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3223
Windows 5.1.2600 Service Pack 3

24.11.2009 20:52:57
mbam-log-2009-11-24 (20-52-50).txt

Scan-Methode: Vollständiger Scan (C:\|F:\|)
Durchsuchte Objekte: 208734
Laufzeit: 35 minute(s), 55 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\LocalService.NT-AUTORITÄT\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.

wobei mir auffällt, dass der letzte eintrag nach wie vor da steht (obwohl ich ihn gefixt habe nach dem ersten versuch)

Al Coholic

24.11.2009 23:33

und hier noch die Ergebnisse von RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2009-11-24 23:26:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 92 GB (60%) free of 153 GB
Total RAM: 1023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:55, on 24.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\Programme\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [uTorrent] "F:\utorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\190.62\international\PhysX_9.09.0814_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A05D869C-C512-41FA-BA0F-389E2632C90B}: NameServer = 213.191.74.11 213.191.92.82
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6467 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=C:\Programme\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=F:\utorrent.exe [2009-10-02 289072]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI TRANSFORMS=C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST WISE_SETUP_EXE_PATH=c:\nvidia\displaydriver\190.62\international\PhysX_9.09.0814_SystemSoftware.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"F:\utorrent.exe"="F:\utorrent.exe:*:Enabled:µTorrent"
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe"="C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe"="C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe"="C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\uTorrent\uTorrent.exe"="C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programme\Sierra\FEARCombat\FEARMP.exe"="C:\Programme\Sierra\FEARCombat\FEARMP.exe:*:Enabled:FEAR Combat"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\Steam\Steam.exe"="C:\Programme\Steam\Steam.exe:*:Enabled:Steam"
"C:\Programme\Activision\Modern Warfare 2\iw4mp.exe"="C:\Programme\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d64aafa-c2ff-11de-b389-001731bd997b}]
shell\AutoRun\command - H:\AutoRun.exe

Al Coholic

24.11.2009 23:34

======List of files/folders created in the last 1 months======

2009-11-24 22:26:21 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DeepBurner
2009-11-24 22:25:55 ----D---- C:\Programme\Astonsoft
2009-11-24 20:06:06 ----D---- C:\rsit
2009-11-24 20:03:00 ----D---- C:\Programme\CCleaner
2009-11-24 18:03:24 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes
2009-11-24 18:03:18 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes
2009-11-24 18:03:17 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-11-24 17:37:16 ----D---- C:\Programme\Trend Micro
2009-11-24 17:12:27 ----D---- C:\Programme\Spybot - Search & Destroy
2009-11-24 17:12:27 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spybot - Search & Destroy
2009-11-23 19:15:10 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Apple Computer
2009-11-23 19:15:00 ----D---- C:\Programme\QuickTime Alternative
2009-11-23 17:06:47 ----D---- C:\Programme\XML Notepad 2007
2009-11-23 16:40:54 ----D---- C:\Programme\ElsterFormular
2009-11-23 15:56:25 ----D---- C:\Programme\ACD Systems
2009-11-23 15:56:25 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\ACD Systems
2009-11-23 10:02:10 ----DC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-22 14:26:01 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-11-22 14:26:00 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-11-21 00:12:02 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Bioshock
2009-11-21 00:11:58 ----RHD---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SecuROM
2009-11-18 18:56:40 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gtk-2.0
2009-11-18 18:56:10 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Inkscape
2009-11-18 18:54:20 ----D---- C:\Programme\Inkscape
2009-11-18 02:42:02 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\skypePM
2009-11-18 02:40:29 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Skype
2009-11-18 02:39:57 ----D---- C:\Programme\Gemeinsame Dateien\Skype
2009-11-18 02:39:53 ----RD---- C:\Programme\Skype
2009-11-18 02:39:50 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Skype
2009-11-18 02:21:38 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Media Player Classic
2009-11-17 21:54:13 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ACD Systems
2009-11-17 21:53:29 ----D---- C:\Programme\Gemeinsame Dateien\ACD Systems
2009-11-13 19:43:43 ----D---- C:\Programme\Activision
2009-11-12 22:45:12 ----D---- C:\Programme\Badaboom
2009-11-12 19:37:38 ----D---- C:\Programme\ConvertHelper
2009-11-11 21:24:18 ----D---- C:\Programme\Audacity
2009-11-09 23:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-11-09 23:30:41 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-11-09 23:30:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-11-09 23:30:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-11-09 23:30:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-11-09 23:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-11-09 23:29:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-11-09 23:29:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-11-09 23:29:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-11-04 00:01:14 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-03 23:46:11 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Nero
2009-11-03 23:34:59 ----D---- C:\Programme\Gemeinsame Dateien\Nero
2009-11-03 23:34:28 ----D---- C:\WINDOWS\SxsCaPendDel
2009-10-30 02:30:06 ----D---- C:\Programme\GNU
2009-10-29 19:09:43 ----D---- C:\WINDOWS\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2009-10-27 22:07:19 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-10-27 22:07:19 ----A---- C:\WINDOWS\system32\i420vfw.dll
2009-10-27 22:07:19 ----A---- C:\WINDOWS\system32\devil.dll
2009-10-27 22:07:19 ----A---- C:\WINDOWS\system32\AVSredirect.dll
2009-10-27 22:07:19 ----A---- C:\WINDOWS\system32\avisynth.dll
2009-10-27 22:07:09 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2009-10-27 22:07:09 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2009-10-27 22:07:08 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2009-10-27 22:06:59 ----D---- C:\Programme\eRightSoft
2009-10-27 20:57:05 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2009-10-27 20:57:02 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2009-10-27 20:44:17 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Nokia
2009-10-27 20:44:15 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PC Suite
2009-10-27 20:44:14 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\PC Suite
2009-10-27 20:43:45 ----D---- C:\Programme\Gemeinsame Dateien\PCSuite
2009-10-27 20:43:28 ----D---- C:\Programme\DIFX
2009-10-27 20:43:10 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2009-10-27 20:43:10 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2009-10-27 20:43:08 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2009-10-27 20:42:29 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Installations

======List of files/folders modified in the last 1 months======

2009-11-24 22:54:57 ----D---- C:\WINDOWS\Prefetch
2009-11-24 22:48:34 ----D---- C:\WINDOWS\Temp
2009-11-24 22:25:55 ----RD---- C:\Programme
2009-11-24 22:25:15 ----D---- C:\Programme\Mozilla Firefox
2009-11-24 22:25:01 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-24 22:22:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-24 22:18:19 ----D---- C:\Programme\CDBurnerXP
2009-11-24 22:18:16 ----D---- C:\WINDOWS\system32\drivers
2009-11-24 20:56:24 ----D---- C:\WINDOWS
2009-11-24 20:08:51 ----D---- C:\WINDOWS\Debug
2009-11-24 18:51:02 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\uTorrent
2009-11-24 18:23:12 ----D---- C:\WINDOWS\system32
2009-11-24 18:23:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-24 17:50:46 ----SHD---- C:\System Volume Information
2009-11-24 17:50:46 ----D---- C:\WINDOWS\system32\Restore
2009-11-24 17:34:03 ----A---- C:\WINDOWS\wininit.ini
2009-11-23 21:00:27 ----SHD---- C:\WINDOWS\Installer
2009-11-23 21:00:26 ----HD---- C:\Config.Msi
2009-11-23 19:03:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-23 17:06:48 ----SD---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft
2009-11-23 16:40:54 ----HD---- C:\Programme\InstallShield Installation Information
2009-11-23 16:40:09 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-23 15:56:57 ----D---- C:\WINDOWS\system32\config
2009-11-23 15:56:39 ----D---- C:\WINDOWS\system32\wbem
2009-11-23 15:56:39 ----D---- C:\WINDOWS\Registration
2009-11-23 15:55:59 ----HD---- C:\WINDOWS\inf
2009-11-22 20:53:25 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-22 14:26:02 ----SD---- C:\WINDOWS\Tasks
2009-11-22 14:26:02 ----A---- C:\WINDOWS\system32\TUProgSt.exe
2009-11-22 14:25:51 ----D---- C:\Programme\TuneUp Utilities 2009
2009-11-21 01:29:47 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Nero
2009-11-18 02:39:57 ----D---- C:\Programme\Gemeinsame Dateien
2009-11-17 22:06:21 ----D---- C:\ALEXXA
2009-11-17 21:53:38 ----D---- C:\WINDOWS\WinSxS
2009-11-13 20:11:28 ----RSD---- C:\WINDOWS\assembly
2009-11-13 20:10:58 ----D---- C:\WINDOWS\system32\DirectX
2009-11-12 22:47:10 ----D---- C:\Programme\Ubisoft
2009-11-10 00:18:12 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-09 23:21:09 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Adobe
2009-11-03 23:43:12 ----D---- C:\Programme\Nero
2009-10-30 01:49:56 ----D---- C:\WINDOWS\system
2009-10-29 19:10:15 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-10-29 19:09:39 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-10-27 22:07:15 ----RSD---- C:\WINDOWS\Fonts
2009-10-27 20:44:00 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-27 20:43:38 ----D---- C:\Programme\Nokia
2009-10-27 20:43:37 ----D---- C:\Programme\Gemeinsame Dateien\Nokia
2009-10-27 20:43:23 ----D---- C:\Programme\PC Connectivity Solution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R3 cmigameport;cmigameport; C:\WINDOWS\system32\drivers\cmigameport.sys [2002-02-07 3712]
R3 cmpci;TerraTec Aureon 5.1 (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2004-10-01 373952]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-16 7729568]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 PDDSLADP;ProDyne DSL Adapter; C:\WINDOWS\system32\DRIVERS\PDDSLADP.SYS [2005-10-09 15571]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-19 189568]
S3 apxkmpc4;apxkmpc4; C:\WINDOWS\system32\drivers\apxkmpc4.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-01 66872]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-11-22 604488]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-11-22 361288]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Ich hoffe ihr könnt mir helfen!

Larusso

24.11.2009 23:35

:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab.

Poste bitte alle Logfiles in Code-Tags.
Klicke antworten --> #
danach [code]text[/code]
So sollte das dann hier aussehen nach dem antworten:

Code:

deine Logfile

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

schritt 1

Windows-Explorer öffnen (Windows-Taste + E) und unter => Extras => Ordneroptionen => im Reiter "Ansicht"

Dateien und Ordner: Erweiterungen bei bekannten Dateitypen ausblenden deaktivieren
Dateien und Ordner: Geschützte Systemdateien ausblenden (empfohlen) deaktivieren
Dateien und Ordner: Inhalte von Systemordnern anzeigen aktivieren (bei Vista nicht vorhanden)
Versteckte Dateien und Ordner: alle Dateien und Ordner anzeigen aktivieren

schritt 2

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox.

Code:

netsvcs

%SYSTEMDRIVE%\*.exe

%SYSTEMDRIVE%\eventlog.dll /s /md5

%SYSTEMDRIVE%\scecli.dll /s /md5

%SYSTEMDRIVE%\netlogon.dll /s /md5

%SYSTEMDRIVE%\cngaudit.dll /s /md5

%SYSTEMDRIVE%\sceclt.dll /s /md5

%SYSTEMDRIVE%\ntelogon.dll /s /md5

%SYSTEMDRIVE%\logevent.dll /s /md5

%SYSTEMDRIVE%\iaStor.sys /s /md5

%SYSTEMDRIVE%\nvstor.sys /s /md5

%SYSTEMDRIVE%\atapi.sys /s /md5

%SYSTEMDRIVE%\IdeChnDr.sys /s /md5

%SYSTEMDRIVE%\viasraid.sys /s /md5

%SYSTEMDRIVE%\AGP440.sys /s /md5

%SYSTEMDRIVE%\vaxscsi.sys /s /md5

%SYSTEMDRIVE%\nvatabus.sys /s /md5

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Code-Tags in Deinen Thread

schritt 3

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Gmer ist geeignet für => NT/W2K/XP/VISTA.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.
Füge das Log aus der Zwischenablage in Deine Antwort hier ein.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Manche Logs sind sehr lange, bitte in mehrere Posts aufteilen :)

Al Coholic

25.11.2009 12:53

Hallo Larusso,

erstmal vielen Dank, dass du dich so schnell meines Problems angenommen hast!
Ich bin mir bewusst, dass eine komplett neue Installation das sichersxte wäre, möchte es jedoch erst auf diesem Wege probieren.

Habe alle von dir geforderten Schritte abgearbeitet. Hier sind die Logs:

OTL.txt [1/3]

Code:

OTL logfile created on: 25.11.2009 11:08:19 - Run 1

OTL by OldTimer - Version 3.1.10.0     Folder = C:\Dokumente und Einstellungen\Admin\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1023,48 Mb Total Physical Memory | 364,45 Mb Available Physical Memory | 35,61% Memory free

2,40 Gb Paging File | 1,70 Gb Available in Paging File | 70,80% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,04 Gb Total Space | 89,63 Gb Free Space | 60,14% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 293,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive F: | 232,88 Gb Total Space | 28,86 Gb Free Space | 12,39% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: DIE-7A2A282958C

Current User Name: Admin

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

 
 ========== Processes (SafeList) ==========

 

PRC - [2009.11.25 11:06:20 | 00,531,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe

PRC - [2009.11.22 14:26:02 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe

PRC - [2009.10.01 12:38:49 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe

PRC - [2009.08.17 02:03:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

PRC - [2009.07.21 13:34:28 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2009.05.13 15:48:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2009.03.02 12:08:43 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008.04.14 06:52:46 | 01,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.03.03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2005.01.28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2009.11.25 11:06:20 | 00,531,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe

MOD - [2008.04.14 06:52:12 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll

MOD - [2008.04.14 06:50:12 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found --  -- (RoxLiveShare9)

SRV - [2009.11.22 14:26:02 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)

SRV - [2009.11.22 14:26:00 | 00,361,288 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2009.10.01 12:38:49 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)

SRV - [2009.08.17 02:03:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)

SRV - [2009.07.21 13:34:28 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.07.15 10:48:20 | 00,029,000 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)

SRV - [2009.06.02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2009.05.13 15:48:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008.07.29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)

SRV - [2008.07.29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)

SRV - [2008.07.29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2008.07.25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008.07.25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)

SRV - [2008.04.14 06:52:24 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)

SRV - [2006.10.26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2006.10.26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006.10.26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006.03.03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2005.04.03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2005.01.28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.15

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.10.05 02:02:12 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.10.27 20:43:43 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.11.23 20:31:37 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.11.23 20:31:36 | 00,000,000 | ---D | M]

 

[2009.09.30 10:05:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions

[2009.09.30 10:05:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009.11.24 15:25:17 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\onistyi7.default\extensions

[2009.10.05 11:48:04 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\onistyi7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009.11.23 20:40:34 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\onistyi7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2009.11.23 20:40:34 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\onistyi7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009.11.23 20:40:35 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\onistyi7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009.11.23 20:40:35 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\onistyi7.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2009.11.24 15:25:17 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2009.11.23 20:31:36 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2008.01.04 17:35:06 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

[2008.04.26 16:27:14 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

[2009.11.03 04:27:25 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll

[2009.11.03 04:27:25 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll

[2009.11.03 04:27:25 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll

[2006.10.26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL

[2009.02.27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppdf32.dll

[2005.11.15 08:39:42 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppl3260.dll

[2009.11.19 18:00:00 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll

[2009.11.19 18:00:00 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll

[2009.11.19 18:00:00 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll

[2009.11.19 18:00:00 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll

[2009.11.19 18:00:00 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll

[2005.11.15 08:37:58 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll

[2009.11.03 03:14:39 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2009.11.03 03:14:39 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2009.11.03 03:14:39 | 00,002,371 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml

[2009.11.03 03:14:39 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2009.11.03 03:14:39 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2009.11.03 03:14:39 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: (356719 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 12234 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found

O4 - HKCU..\Run: [uTorrent] F:\utorrent.exe (BitTorrent, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007.06.06 12:54:12 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008.03.13 15:39:10 | 00,000,061 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{0d64aafa-c2ff-11de-b389-001731bd997b}\Shell - "" = AutoRun

O33 - MountPoints2\{0d64aafa-c2ff-11de-b389-001731bd997b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{0d64aafa-c2ff-11de-b389-001731bd997b}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O34 - HKLM BootExecute: (autocheck) -  File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) -  File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

Al Coholic

25.11.2009 12:54

OTL.txt [2/3]

Code:

NetSvcs: 6to4 -  File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.09.24 16:04:26 | 00,000,000 | ---D | M]

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)

NetSvcs: WmdmPmSp -  File not found

NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (67839029915156480)

 
 ========== Files/Folders - Created Within 14 Days ==========

 

[2009.11.25 11:06:16 | 00,531,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe

[2009.11.25 11:01:41 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Recent

[2009.11.24 22:26:21 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DeepBurner

[2009.11.24 22:25:55 | 00,000,000 | ---D | C] -- C:\Programme\Astonsoft

[2009.11.24 20:06:06 | 00,000,000 | ---D | C] -- C:\rsit

[2009.11.24 20:03:00 | 00,000,000 | ---D | C] -- C:\Programme\CCleaner

[2009.11.24 18:03:24 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes

[2009.11.24 18:03:20 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009.11.24 18:03:18 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009.11.24 18:03:18 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes

[2009.11.24 18:03:17 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2009.11.24 17:37:16 | 00,000,000 | ---D | C] -- C:\Programme\Trend Micro

[2009.11.24 17:12:27 | 00,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy

[2009.11.24 17:12:27 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spybot - Search & Destroy

[2009.11.23 19:15:10 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Apple Computer

[2009.11.23 19:15:07 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx

[2009.11.23 19:15:07 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts

[2009.11.23 19:15:00 | 00,000,000 | ---D | C] -- C:\Programme\QuickTime Alternative

[2009.11.23 17:06:47 | 00,000,000 | ---D | C] -- C:\Programme\XML Notepad 2007

[2009.11.23 16:41:39 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\ElsterFormular

[2009.11.23 16:40:54 | 00,000,000 | ---D | C] -- C:\Programme\ElsterFormular

[2009.11.23 15:56:25 | 00,000,000 | ---D | C] -- C:\Programme\ACD Systems

[2009.11.23 15:56:25 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\ACD Systems

[2009.11.23 15:55:59 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\dwhelper

[2009.11.22 14:26:01 | 00,029,000 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll

[2009.11.22 14:26:00 | 00,361,288 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe

[2009.11.21 00:12:02 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Bioshock

[2009.11.21 00:12:02 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Bioshock

[2009.11.21 00:11:58 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SecuROM

[2009.11.18 18:56:40 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gtk-2.0

[2009.11.18 18:56:10 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Inkscape

[2009.11.18 18:54:20 | 00,000,000 | ---D | C] -- C:\Programme\Inkscape

[2009.11.18 02:42:02 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\skypePM

[2009.11.18 02:40:29 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Skype

[2009.11.18 02:39:57 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype

[2009.11.18 02:39:53 | 00,000,000 | R--D | C] -- C:\Programme\Skype

[2009.11.18 02:39:50 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Skype

[2009.11.18 02:21:38 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Media Player Classic

[2009.11.17 21:54:14 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\ACD Systems

[2009.11.17 21:54:13 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ACD Systems

[2009.11.17 21:53:29 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\ACD Systems

[2009.11.17 21:51:55 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations

[2009.11.13 19:43:43 | 00,000,000 | ---D | C] -- C:\Programme\Activision

[2009.11.12 22:46:00 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Badaboom

[2009.11.12 22:45:12 | 00,000,000 | ---D | C] -- C:\Programme\Badaboom

[2009.11.12 19:37:38 | 00,000,000 | ---D | C] -- C:\Programme\ConvertHelper

[2009.11.11 21:34:12 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Nero

[2009.11.11 21:24:18 | 00,000,000 | ---D | C] -- C:\Programme\Audacity

[2007.11.10 21:06:38 | 00,314,983 | ---- | C] (XeroBank) -- C:\Programme\xBBrowser.exe

[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 14 Days ==========

 

[2009.11.25 11:06:20 | 00,531,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe

[2009.11.25 11:00:00 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job

[2009.11.25 01:40:45 | 00,000,390 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Verknüpfung mit utorrent.exe.lnk

[2009.11.25 01:33:32 | 00,147,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys

[2009.11.25 01:33:32 | 00,147,904 | ---- | M] () -- C:\WINDOWS\System32\dllcache\atapi.sys

[2009.11.25 01:33:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009.11.25 01:32:24 | 00,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2009.11.25 01:31:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009.11.25 01:31:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009.11.24 23:36:48 | 08,388,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\ntuser.dat

[2009.11.24 23:36:48 | 00,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Admin\ntuser.ini

[2009.11.24 22:25:57 | 00,000,726 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\DeepBurner.lnk

[2009.11.24 20:18:23 | 00,000,468 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Verknüpfung mit RSIT.exe.lnk

[2009.11.24 20:03:01 | 00,001,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\CCleaner.lnk

[2009.11.24 18:23:12 | 01,051,568 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009.11.24 18:23:12 | 00,452,318 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2009.11.24 18:23:12 | 00,435,568 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009.11.24 18:23:12 | 00,081,048 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2009.11.24 18:23:12 | 00,068,272 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009.11.24 17:55:01 | 00,356,719 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009.11.24 17:34:03 | 00,000,356 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2009.11.24 01:50:20 | 00,145,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvgts.sys

[2009.11.23 22:29:49 | 00,000,218 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\.recently-used.xbel

[2009.11.23 21:11:07 | 00,086,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.11.23 20:31:38 | 00,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk

[2009.11.23 15:57:53 | 00,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009.11.23 15:09:15 | 00,091,301 | ---- | M] () -- C:\WINDOWS\System32\rkxbom

[2009.11.22 14:26:02 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe

[2009.11.22 14:26:00 | 00,361,288 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe

[2009.11.22 14:25:53 | 00,001,601 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\TuneUp 1-Klick-Wartung.lnk

[2009.11.22 14:25:52 | 00,001,517 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\TuneUp Utilities 2009.lnk

[2009.11.21 01:22:31 | 00,001,014 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Verknüpfung mit Bioshock.exe.lnk

[2009.11.19 13:43:11 | 00,097,728 | ---- | M] () -- C:\pastedpic_11192009_134311.png

[2009.11.18 19:53:55 | 00,082,191 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Neues Dokument 1.2009_11_18_19_53_55.0

[2009.11.18 19:48:48 | 00,196,077 | ---- | M] () -- C:\pastedpic_11182009_194848.png

[2009.11.18 19:44:57 | 00,062,276 | ---- | M] () -- C:\pastedpic_11182009_194457.png

[2009.11.18 02:42:03 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009.11.18 02:39:57 | 00,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Skype.lnk

[2009.11.17 21:53:49 | 00,002,050 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\ACDSee Pro 3.lnk

[2009.11.17 21:53:27 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2009.11.13 20:09:54 | 00,000,814 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Call of Duty Modern Warfare 2 SP.lnk

[2009.11.12 22:45:14 | 00,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Badaboom.lnk

[2009.11.12 19:45:39 | 00,000,127 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\default.rss

[2009.11.12 19:45:39 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009.11.11 21:24:20 | 00,000,610 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Audacity.lnk

[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2009.11.25 01:40:45 | 00,000,390 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Verknüpfung mit utorrent.exe.lnk

[2009.11.24 22:25:57 | 00,000,726 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\DeepBurner.lnk

[2009.11.24 20:18:23 | 00,000,468 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Verknüpfung mit RSIT.exe.lnk

[2009.11.24 20:03:01 | 00,001,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\CCleaner.lnk

[2009.11.23 22:29:49 | 00,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\.recently-used.xbel

[2009.11.23 20:31:38 | 00,001,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk

[2009.11.23 19:03:14 | 00,147,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atapi.sys

[2009.11.23 15:09:15 | 00,091,301 | ---- | C] () -- C:\WINDOWS\System32\rkxbom

[2009.11.22 16:16:26 | 08,388,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\ntuser.dat

[2009.11.22 14:25:53 | 00,001,601 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\TuneUp 1-Klick-Wartung.lnk

[2009.11.21 01:22:31 | 00,001,014 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Verknüpfung mit Bioshock.exe.lnk

[2009.11.19 13:43:11 | 00,097,728 | ---- | C] () -- C:\pastedpic_11192009_134311.png

[2009.11.18 19:53:55 | 00,082,191 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Neues Dokument 1.2009_11_18_19_53_55.0

[2009.11.18 19:48:48 | 00,196,077 | ---- | C] () -- C:\pastedpic_11182009_194848.png

[2009.11.18 19:44:57 | 00,062,276 | ---- | C] () -- C:\pastedpic_11182009_194457.png

[2009.11.18 02:42:03 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009.11.18 02:39:57 | 00,001,872 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Skype.lnk

[2009.11.17 21:53:49 | 00,002,050 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\ACDSee Pro 3.lnk

[2009.11.13 20:09:54 | 00,000,814 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Call of Duty Modern Warfare 2 SP.lnk

[2009.11.12 22:45:14 | 00,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Badaboom.lnk

[2009.11.11 21:24:20 | 00,000,610 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Audacity.lnk

[2009.11.04 00:03:32 | 00,000,127 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\default.rss

[2009.11.04 00:01:14 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009.10.27 22:07:19 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2009.10.20 16:56:40 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009.10.20 16:56:40 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009.10.06 13:49:54 | 00,000,356 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009.10.03 16:24:29 | 00,000,334 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\hpzinstall.log

[2009.10.03 16:24:17 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2009.10.02 21:13:53 | 00,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009.10.02 11:01:13 | 00,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2009.10.01 12:39:10 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009.10.01 12:39:10 | 00,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PnkBstrK.sys

[2009.09.30 16:49:31 | 00,073,888 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

[2009.09.24 22:37:33 | 00,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009.09.24 21:10:18 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2009.09.24 18:51:02 | 00,042,982 | ---- | C] () -- C:\WINDOWS\System32\PDDSLADP.DLL

[2009.09.24 16:51:53 | 01,051,568 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009.09.24 16:51:51 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009.09.24 16:51:25 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\desktop.ini

[2009.09.24 16:26:18 | 00,086,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.09.24 16:19:55 | 06,409,276 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\IconCache.db

[2009.09.24 16:14:10 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\desktop.ini

[2009.09.24 16:05:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini

[2009.09.24 16:01:52 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini

[2009.09.24 16:01:52 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini

[2009.09.24 16:01:18 | 00,027,055 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini

[2009.09.24 16:01:18 | 00,003,999 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini

[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2006.06.29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

[2006.06.29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006.04.18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006.04.18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2005.07.15 19:35:56 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2005.07.15 19:35:56 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2005.07.15 19:35:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2004.08.03 23:57:34 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll

[2004.08.03 23:57:26 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll

[2004.08.03 23:57:20 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll

[2004.08.03 23:57:18 | 00,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll

[2004.08.03 23:57:16 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll

[2004.08.03 23:56:00 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll

[2004.08.03 21:59:44 | 00,147,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys

[2004.08.03 21:46:56 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys

[2004.08.03 21:45:28 | 00,034,032 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys

[2004.08.03 21:45:16 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys

[2004.08.03 21:45:16 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys

[2004.08.03 21:45:14 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys

[2004.08.03 21:45:12 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys

[2004.07.17 10:46:14 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini

[2004.07.17 10:34:48 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll

[2002.02.07 15:54:34 | 00,003,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\cmigameport.sys

[2001.08.18 15:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini

[2001.08.18 15:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll

[2001.08.18 15:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll

[2001.08.18 15:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys

[2001.08.18 15:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys

[2001.08.18 15:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys

[2001.08.18 15:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys

[2001.08.18 15:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys

[2001.08.18 15:00:00 | 00,027,914 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys

[2001.08.18 15:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys

[2001.08.18 15:00:00 | 00,021,542 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini

[2001.08.18 15:00:00 | 00,017,241 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini

[2001.08.18 15:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll

[2001.08.18 15:00:00 | 00,014,060 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini

[2001.08.18 15:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll

[2001.08.18 15:00:00 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll

[2001.08.18 15:00:00 | 00,009,032 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys

[2001.08.18 15:00:00 | 00,006,287 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini

[2001.08.18 15:00:00 | 00,004,992 | ---- | C] () -- C:\WINDOWS\System32\himem.sys

[2001.08.18 15:00:00 | 00,004,438 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini

[2001.08.18 15:00:00 | 00,004,233 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini

[2001.08.18 15:00:00 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv

[2001.08.18 15:00:00 | 00,001,783 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini

[2001.08.18 15:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini

[2001.08.18 15:00:00 | 00,000,369 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini

[2001.08.18 15:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[2001.08.18 14:59:29 | 00,000,552 | ---- | C] () -- C:\WINDOWS\win.ini

[2001.08.18 05:54:08 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll

Al Coholic

25.11.2009 12:56

OTL.txt [3/3]

Code:

========== LOP Check ==========

 

[2009.11.17 21:54:13 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ACD Systems

[2009.11.09 23:21:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Adobe

[2009.11.21 01:21:40 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Bioshock

[2009.10.10 15:50:20 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Canneverbe_Limited

[2009.10.09 01:11:19 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\CyberLink

[2009.10.02 21:10:05 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DAEMON Tools Lite

[2009.10.02 19:46:41 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DAEMON Tools Pro

[2009.11.24 22:29:07 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DeepBurner

[2009.10.14 14:27:16 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\GetRightToGo

[2009.10.20 16:55:18 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\GRETECH

[2009.11.23 22:27:22 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gtk-2.0

[2009.09.24 16:14:18 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Identities

[2009.11.18 18:56:10 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Inkscape

[2009.09.24 18:50:29 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia

[2009.11.24 18:03:24 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes

[2009.11.18 02:21:39 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Media Player Classic

[2009.11.23 17:06:48 | 00,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft

[2009.09.30 10:05:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla

[2009.11.03 23:46:59 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Nero

[2009.10.27 21:00:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Nokia

[2009.10.04 17:39:22 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Opera

[2009.10.27 20:57:34 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PC Suite

[2009.10.06 20:30:31 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Roxio

[2009.11.21 00:11:58 | 00,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SecuROM

[2009.11.22 14:31:12 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Skype

[2009.11.22 14:30:11 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\skypePM

[2009.10.07 10:43:52 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TuneUp Software

[2009.11.25 11:08:06 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\uTorrent

[2009.09.27 20:09:04 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\vlc

[2009.10.04 19:28:06 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\WinRAR

[2009.11.23 15:56:25 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\ACD Systems

[2009.10.02 13:14:45 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Adobe

[2009.11.23 19:15:10 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Apple Computer

[2009.09.30 10:52:26 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Avira

[2009.10.10 15:50:18 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Canneverbe Limited

[2009.10.09 01:11:48 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\CyberLink

[2009.10.02 20:21:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\DAEMON Tools Lite

[2009.10.02 20:20:02 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\DAEMON Tools Pro

[2009.10.09 17:19:44 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Electronic Arts

[2009.10.27 20:42:29 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Installations

[2009.10.06 13:48:30 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\InstallShield

[2009.11.24 18:03:18 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes

[2009.10.06 22:40:14 | 00,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Microsoft

[2009.10.06 22:49:36 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Microsoft Help

[2009.11.21 01:29:47 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Nero

[2009.09.24 16:17:37 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\NVIDIA Corporation

[2009.10.27 20:44:14 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\PC Suite

[2009.10.06 20:51:46 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Roxio

[2009.11.18 02:39:52 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Skype

[2009.10.06 13:48:16 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Sonic

[2009.11.25 11:01:42 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spybot - Search & Destroy

[2009.10.09 01:17:07 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Temp

[2009.10.07 10:43:31 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TuneUp Software

[2009.10.14 16:29:37 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Ubisoft

[2009.10.05 19:39:01 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Windows Genuine Advantage

[2009.10.07 10:43:22 | 00,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}

[2009.11.25 11:00:00 | 00,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job

[2001.08.18 15:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009.11.25 01:31:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*.exe >

 
 < %SYSTEMDRIVE%\eventlog.dll /s /md5 >

[2008.04.14 06:52:12 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 06:52:12 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 < %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2008.04.14 06:52:24 | 00,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 06:52:24 | 00,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 < %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2008.04.14 06:52:20 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 06:52:20 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 < %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

 
 < %SYSTEMDRIVE%\sceclt.dll /s /md5 >

 
 < %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

 
 < %SYSTEMDRIVE%\logevent.dll /s /md5 >

 
 < %SYSTEMDRIVE%\iaStor.sys /s /md5 >

 
 < %SYSTEMDRIVE%\nvstor.sys /s /md5 >

 
 < %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2008.04.13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2009.11.25 01:33:32 | 00,147,904 | ---- | M] () MD5=7B02B988879E7B6F351C5DED807122EC -- C:\WINDOWS\system32\dllcache\atapi.sys

[2009.11.25 01:33:32 | 00,147,904 | ---- | M] () MD5=7B02B988879E7B6F351C5DED807122EC -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

[2004.08.03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

 
 < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

 
 < %SYSTEMDRIVE%\viasraid.sys /s /md5 >

 
 < %SYSTEMDRIVE%\AGP440.sys /s /md5 >

[2008.04.13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

 
 < %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< End of report >

Al Coholic

25.11.2009 12:57

Extra.txt

Code:

OTL Extras logfile created on: 25.11.2009 11:08:19 - Run 1

OTL by OldTimer - Version 3.1.10.0     Folder = C:\Dokumente und Einstellungen\Admin\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1023,48 Mb Total Physical Memory | 364,45 Mb Available Physical Memory | 35,61% Memory free

2,40 Gb Paging File | 1,70 Gb Available in Paging File | 70,80% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,04 Gb Total Space | 89,63 Gb Free Space | 60,14% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 293,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive F: | 232,88 Gb Total Space | 28,86 Gb Free Space | 12,39% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: DIE-7A2A282958C

Current User Name: Admin

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [ACDSee Pro 3.Manage] -- "C:\Programme\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()

"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()

"C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)

"C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)

"F:\utorrent.exe" = F:\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()

"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)

"C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Programme\Sierra\FEARCombat\FEARMP.exe" = C:\Programme\Sierra\FEARCombat\FEARMP.exe:*:Enabled:FEAR Combat -- (Monolith Productions, Inc.)

"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)

"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- File not found

"C:\Programme\Activision\Modern Warfare 2\iw4mp.exe" = C:\Programme\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp -- ()

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)

"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009

"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution

"{17A87ED9-129A-4516-A3BF-5E513D23C3BB}" = Aureon 5.1 Fun ControlPanel

"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3

"{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{3c1fe96d-303b-4dcf-ab62-06010a87a107}" = 

"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite

"{49b0bc54-cd87-4b83-9100-d250025c38ab}" = 

"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver

"{535de08c-20cc-427d-8708-ca5715f2d036}" = 

"{5569b590-15e0-492d-9490-46e94f7aa8c2}" = 

"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)

"{736a3a1b-4abe-4528-8142-0de6f6ca0f20}" = 

"{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}" = FEARCombat

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX

"{7ecb6654-2a0e-4475-85c6-146e98d8ab75}" = 

"{806317c3-d4e2-47e0-bdb2-8903dd977940}" = 

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9a364ac6-0995-49f5-adf9-b761b875e6e8}" = 

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{ac659144-03bf-4c14-8b16-45b3b3097538}" = 

"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch

"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™

"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{b8d222db-e9e9-43dd-8252-318ee990b752}" = 

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{bf4c0f09-dff8-43ae-8095-bfec720a0516}" = 

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{c3852773-47e7-48c0-a169-f44aa9afefb9}" = 

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{f0b9fd67-77b2-4618-8ccf-1c608d0f4792}" = 

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007

"{ffa01371-145d-4915-a593-717c64580ef7}" = 

"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)

"7-Zip" = 7-Zip 4.65

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Audacity_is1" = Audacity 1.2.6

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Badaboom" = Badaboom 1.1.0.132

"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2

"CCleaner" = CCleaner

"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 4.1)

"ENTERPRISE" = Microsoft Office Enterprise 2007

"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.3)

"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]

"Fraps" = Fraps

"GOM Player" = GOM Player

"HijackThis" = HijackThis 2.0.2

"ie8" = Windows Internet Explorer 8

"Inkscape" = Inkscape 0.46

"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)

"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)

"Nokia PC Suite" = Nokia PC Suite

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"PunkBusterSvc" = PunkBuster Services

"QuicktimeAlt_is1" = QuickTime Alternative 3.1.0

"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)

"VLC media player" = VideoLAN VLC media player 0.8.6f

"Vodei Multimedia Processor" = Vodei Multimedia Processor 2.10

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format Runtime

"WinRAR archiver" = WinRAR

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent" = µTorrent

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 23.11.2009 10:32:30 | Computer Name = DIE-7A2A282958C | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul

 unknown, Version 0.0.0.0, Fehleradresse 0x07980005.

 

Error - 23.11.2009 10:35:17 | Computer Name = DIE-7A2A282958C | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul

 unknown, Version 0.0.0.0, Fehleradresse 0x07980005.

 

Error - 23.11.2009 10:54:48 | Computer Name = DIE-7A2A282958C | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul

 unknown, Version 0.0.0.0, Fehleradresse 0x087b0005.

 

Error - 23.11.2009 11:02:13 | Computer Name = DIE-7A2A282958C | Source = LoadPerf | ID = 3001

Description = Der Wert für die Namenszeichenfolge im Leistungsindikator in der Registrierung

ist

 falsch formatiert. Die ungültige Zeichenfolge ist 5612 und der ungültige  Indexwert

 ist das erste DWORD im Datenbereich, während die letzten gültigen  Indexwerte die

 zweiten und dritten DWORD im Datenbereich sind.

 

Error - 23.11.2009 11:02:13 | Computer Name = DIE-7A2A282958C | Source = LoadPerf | ID = 3001

Description = Der Wert für die Namenszeichenfolge im Leistungsindikator in der Registrierung

ist

 falsch formatiert. Die ungültige Zeichenfolge ist 5612 und der ungültige  Indexwert

 ist das erste DWORD im Datenbereich, während die letzten gültigen  Indexwerte die

 zweiten und dritten DWORD im Datenbereich sind.

 

Error - 23.11.2009 11:02:13 | Computer Name = DIE-7A2A282958C | Source = LoadPerf | ID = 3011

Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren

 für  Dienst WmiApRpl (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

 

Error - 23.11.2009 11:02:16 | Computer Name = DIE-7A2A282958C | Source = LoadPerf | ID = 3001

Description = Der Wert für die Namenszeichenfolge im Leistungsindikator in der Registrierung

ist

 falsch formatiert. Die ungültige Zeichenfolge ist 5612 und der ungültige  Indexwert

 ist das erste DWORD im Datenbereich, während die letzten gültigen  Indexwerte die

 zweiten und dritten DWORD im Datenbereich sind.

 

Error - 23.11.2009 16:06:05 | Computer Name = DIE-7A2A282958C | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung GOM.exe, Version 2.1.18.4762, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 23.11.2009 16:06:06 | Computer Name = DIE-7A2A282958C | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung GOM.exe, Version 2.1.18.4762, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 23.11.2009 16:09:54 | Computer Name = DIE-7A2A282958C | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung GOM.exe, Version 2.1.18.4762, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ System Events ]

Error - 11.10.2009 15:17:51 | Computer Name = DIE-7A2A282958C | Source = Cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

[ TuneUp Events ]

Error - 09.10.2009 12:24:51 | Computer Name = DIE-7A2A282958C | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-10-09 18:24:51', '\device\harddiskvolume2\programme\ea

 games\mirror's edge\binaries\mirrorsedge.exe','3860',0)

 

Error - 09.10.2009 12:32:59 | Computer Name = DIE-7A2A282958C | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-10-09 18:32:59', '\device\harddiskvolume2\programme\ea

 games\mirror's edge\binaries\mirrorsedge.exe','244',0)

 

Error - 20.10.2009 16:01:33 | Computer Name = DIE-7A2A282958C | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-10-20 22:01:33', '\device\harddiskvolume2\programme\ea

 games\mirror's edge\binaries\mirrorsedge.exe','3412',0)

 

Error - 22.10.2009 07:26:29 | Computer Name = DIE-7A2A282958C | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-10-22 13:26:29', '\device\harddiskvolume2\programme\ea

 games\mirror's edge\binaries\mirrorsedge.exe','2676',0)

 

Error - 22.10.2009 07:27:50 | Computer Name = DIE-7A2A282958C | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-10-22 13:27:50', '\device\harddiskvolume2\programme\ea

 games\mirror's edge\binaries\mirrorsedge.exe','4028',0)

 

Error - 24.11.2009 13:03:33 | Computer Name = DIE-7A2A282958C | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-24 18:03:33', '\device\harddiskvolume2\programme\malwarebytes'

 anti-malware\mbam.exe','24336',0)

 

Error - 24.11.2009 13:03:50 | Computer Name = DIE-7A2A282958C | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-24 18:03:50', '\device\harddiskvolume2\programme\malwarebytes'

 anti-malware\mbam.exe','24408',0)

 

Error - 24.11.2009 13:19:55 | Computer Name = DIE-7A2A282958C | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-24 18:19:55', '\device\harddiskvolume2\programme\malwarebytes'

 anti-malware\mbam.exe','3044',0)

 

Error - 24.11.2009 13:27:46 | Computer Name = DIE-7A2A282958C | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-24 18:27:46', '\device\harddiskvolume2\programme\malwarebytes'

 anti-malware\mbam.exe','544',0)

 

Error - 24.11.2009 15:12:55 | Computer Name = DIE-7A2A282958C | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-24 20:12:55', '\device\harddiskvolume2\programme\malwarebytes'

 anti-malware\mbam.exe','3592',0)

 

 

< End of report >

Al Coholic

25.11.2009 13:00

GMER.txt

Code:

GMER 1.0.15.15252 - http://www.gmer.net

Rootkit scan 2009-11-25 11:58:11

Windows 5.1.2600 Service Pack 3

Running: ntgior9z.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\kftyrpod.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT      EB064666                                                                                                            ZwCreateKey

SSDT      EB06465C                                                                                                            ZwCreateThread

SSDT      EB06466B                                                                                                            ZwDeleteKey

SSDT      EB064675                                                                                                            ZwDeleteValueKey

SSDT      spnv.sys                                                                                                            ZwEnumerateKey [0xF72A4DA4]

SSDT      spnv.sys                                                                                                            ZwEnumerateValueKey [0xF72A5132]

SSDT      EB06467A                                                                                                            ZwLoadKey

SSDT      spnv.sys                                                                                                            ZwOpenKey [0xF72860C0]

SSDT      EB064648                                                                                                            ZwOpenProcess

SSDT      EB06464D                                                                                                            ZwOpenThread

SSDT      spnv.sys                                                                                                            ZwQueryKey [0xF72A520A]

SSDT      spnv.sys                                                                                                            ZwQueryValueKey [0xF72A508A]

SSDT      EB064684                                                                                                            ZwReplaceKey

SSDT      EB06467F                                                                                                            ZwRestoreKey

SSDT      EB064670                                                                                                            ZwSetValueKey

SSDT      EB064657                                                                                                            ZwTerminateProcess
 

INT 0x63  ?                                                                                                                   862C3F00

INT 0x73  ?                                                                                                                   86575BF8

INT 0x83  ?                                                                                                                   86575BF8

INT 0xB4  ?                                                                                                                   862C3F00
 

---- Kernel code sections - GMER 1.0.15 ----
 

?         spnv.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !

.text     USBPORT.SYS!DllUnload                                                                                               F5DB68AC 5 Bytes  JMP 862C34E0 

.text     C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xF512E380, 0x3DF545, 0xE8000020]

init      C:\WINDOWS\system32\drivers\cmigameport.sys                                                                         entry point in "init" section [0xF7AA4892]
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT       \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRequest]                                                      [F789C54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter]                                                 [F789C20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter]                                                  [F789C256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol]                                           [F789C52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol]                                             [F789C4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                            [F789C4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRequest]                                                     [F789C54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                                 [F789C256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                                [F789C20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                          [F789C52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRequest]                                                       [F789C54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]                                            [F789C52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]                                              [F789C4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                                                   [F789C256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]                                                  [F789C20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                             [F789C4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                           [F789C52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                                 [F789C20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRequest]                                                      [F789C54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                                  [F789C256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                                                   [F789C20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRequest]                                                        [F789C54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                                    [F789C256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                                               [F789C4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]                                            [F789C52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]                                              [F789C4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                                                   [F789C256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]                                                  [F789C20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRequest]                                                       [F789C54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                                             [F789C4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                                           [F789C52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRequest]                                                      [F789C54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                                                 [F789C20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT       \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                                  [F789C256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
 

---- Devices - GMER 1.0.15 ----
 

Device    \FileSystem\Ntfs \Ntfs                                                                                              865711F8

Device    \Driver\usbohci \Device\USBPDO-0                                                                                    862C21F8

Device    \Driver\dmio \Device\DmControl\DmIoDaemon                                                                           865731F8

Device    \Driver\dmio \Device\DmControl\DmConfig                                                                             865731F8

Device    \Driver\dmio \Device\DmControl\DmPnP                                                                                865731F8

Device    \Driver\dmio \Device\DmControl\DmInfo                                                                               865731F8

Device    \Driver\usbehci \Device\USBPDO-1                                                                                    862BE1F8

Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                              865E11F8

Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                              865E11F8

Device    \Driver\Cdrom \Device\CdRom0                                                                                        862B51F8

Device    \Driver\atapi \Device\Ide\IdePort0                                                                                  865E01F8

Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4                                                                         865E01F8

Device    \Driver\atapi \Device\Ide\IdePort1                                                                                  865E01F8

Device    \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c                                                                         865E01F8

Device    \Driver\Cdrom \Device\CdRom1                                                                                        862B51F8

Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                             851A61F8

Device    \Driver\NetBT \Device\NetbiosSmb                                                                                    851A61F8

Device    \Driver\usbohci \Device\USBFDO-0                                                                                    862C21F8

Device    \Driver\usbehci \Device\USBFDO-1                                                                                    862BE1F8

Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   850491F8

Device    \Driver\NetBT \Device\NetBT_Tcpip_{C8B1CDD7-2405-4EC7-AFF1-8C728F104412}                                            851A61F8

Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         850491F8

Device    \Driver\Ftdisk \Device\FtControl                                                                                    865E11F8

Device    \Driver\nvgts \Device\Scsi\nvgts1Port2Path0Target0Lun0                                                              865721F8

Device    \Driver\nvgts \Device\Scsi\nvgts1                                                                                   865721F8

Device    \Driver\nvgts \Device\Scsi\nvgts2                                                                                   865721F8

Device    \FileSystem\Cdfs \Cdfs                                                                                              86214500
 

---- Registry - GMER 1.0.15 ----
 

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  2

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 1

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xE4 0x3D 0x5D 0xD5 ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                    

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                 0

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0x99 0x74 0x0F 0xE1 ...

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     1

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xE4 0x3D 0x5D 0xD5 ...

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xE3 0x8B 0x47 0x0F ...

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x82 0x19 0x63 0xC2 ...

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                     0

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x99 0x74 0x0F 0xE1 ...

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     1

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xE4 0x3D 0x5D 0xD5 ...

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                     0

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x99 0x74 0x0F 0xE1 ...
 

---- EOF - GMER 1.0.15 ----

Larusso

25.11.2009 14:18

Während dieser Scans soll(en):

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Rootkitscan mit RootRepeal

Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
Entpacke die Datei auf Deinen Desktop.
Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
Klicke auf den Reiter Report und dann auf den Button Scan.
Mache einen Haken bei den folgenden Elementen und klicke Ok.
.
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT
.
Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
Wähle C:\ und klicke wieder Ok.
Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
Wenn der Suchlauf beendet ist, klicke auf Save Report.
Speichere das Logfile als RootRepeal.txt auf dem Desktop.
Kopiere den Inhalt hier in den Thread.

Al Coholic

25.11.2009 16:59

Hallo Larusso,

Root Repeal scannt jetzt seit geraumer zeit meine Festplatte (schreibe von meinem anderen Rechner) und ist bisher nicht über den Punkt "Files scannen" hinausgekommen.. Wie lange darf der Scann den maximal dauern, bevor ich abbrechen sollte?
Ist die Windows Firewall ein Problem -hab nicht daran gedacht sie auszuschalten?

Al Coholic

25.11.2009 20:08

Root Repeal arbeitet nun seit ca. 6-7 Stunden und und ist immernoch mit den Filescanns beschäftigt..
Soll ich den Pc über nacht anlassen, oder lohnt das nicht mehr?

>Gruß Al

Larusso

25.11.2009 22:13

Deinstalliere bitte
SPTD
Benutze dazu den Uninstaller

schritt 2

Kontrolle, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Downloade die MBR.exe von Gmer und
speichere es auf Deinem Desktop.
Mache einen Doppelklick auf das Programm, um es zu starten.
Wenn Dein Antiviren-Programm anschlägt, bitte ignorieren bzw. die Aktion zulassen.
Nun wirst Du ein Logfile auf Deinem Desktop namens mbr.log finden.
Poste mir den Inhalt dieser Logdatei hier in den Thread.

schritt 3

Zweiter Lauf mit Gmer

Starte Gmer erneut.
Dieses Mal machst Du einen Rechtsklick links in das weiße Feld und wählst im Kontext-Menü "Only non MS files".
Dann klickst Du auf "Scan" und erlaubst damit Gmer erneut zu scannen.
Wenn der Scan fertig ist, klickst Du auf den "Copy"-Button, womit der Inhalt ins Clipboard kopiert wird.
Nun einen Rechtsklick auf den Desktop, wähle "Textdokument", was ein leeres Dokument auf dem Desktop erstellt.
Öffne das Textdokument per Doppelklick, Rechtsklick im Textfeld und "Einfügen".
Speichere das Dokument und poste mir den Inhalt hier in den Thread.

Al Coholic

26.11.2009 11:30

Mahlzeit,

habs wie von dir beschreiben gemacht. Hier die Ergebnisse:

mbr.txt

Code:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

GMER - only non MS files [1/2]

Code:

GMER 1.0.15.15252 - http://www.gmer.net

Rootkit scan 2009-11-26 11:22:51

Windows 5.1.2600 Service Pack 3

Running: ntgior9z.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\kftyrpod.sys
 
 

---- Modules - GMER 1.0.15 ----
 

Module   atapi.sys                                                                                                                                                      86562000-86579900 (96512 bytes)

Module   nvgts.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation)                                                                                      F72B7000-F72DC000 (151552 bytes)

Module   PDDSLHND.sys (ProDyne DSL Handler/ProDyne)                                                                                                                     F789B000-F789F000 (16384 bytes)

Module   \SystemRoot\system32\drivers\cmaudio.sys (C-Media Audio WDM Driver/C-Media Inc)                                                                                F62A0000-F62FC000 (376832 bytes)

Module   \SystemRoot\system32\DRIVERS\yk51x86.sys (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller/Marvell)                                               F624D000-F627C000 (192512 bytes)

Module   \SystemRoot\system32\DRIVERS\nvnetbus.sys (NVIDIA Networking Bus Driver./NVIDIA Corporation)                                                                   F76E7000-F76F1000 (40960 bytes)

Module   \SystemRoot\system32\DRIVERS\NVNRM.SYS (NVIDIA Network Resource Manager./NVIDIA Corporation)                                                                   F6163000-F624D000 (958464 bytes)

Module   \SystemRoot\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 190.62 /NVIDIA Corporation)                                 F5A03000-F6163000 (7733248 bytes)

Module   \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)                                         F77D7000-F77DC000 (20480 bytes)

Module   \SystemRoot\system32\DRIVERS\PDDSLADP.SYS (ProDyne DSL Adapter/ProDyne)                                                                                        F7923000-F7927000 (16384 bytes)

Module   \SystemRoot\system32\drivers\cmigameport.sys                                                                                                                   F7B86000-F7B87000 (4096 bytes)

Module   \SystemRoot\system32\DRIVERS\NVENETFD.sys (NVIDIA Networking Function Driver./NVIDIA Corporation)                                                              F4D8A000-F4D98000 (57344 bytes)

Module   \SystemRoot\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)                                                                                     EFE2A000-EFE30000 (24576 bytes)

Module   \SystemRoot\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH)                                                                        EC3C2000-EC3DE000 (114688 bytes)

Module   \??\C:\Programme\Avira\AntiVir_Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH)                                                             F7A31000-F7A33000 (8192 bytes)

Module   \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 190.62 /NVIDIA Corporation)                                          BD012000-BD5A6000 (5849088 bytes)

Module   \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated)                                                             BFFA0000-BFFE6000 (286720 bytes)

Module   \SystemRoot\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH)                                                                                 B87EC000-B8800000 (81920 bytes)

Module   \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\mbr.sys                                                                                                                    F0B20000-F0B26000 (24576 bytes)

Module   \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\kftyrpod.sys (GMER)                                                                                                        B764A000-B7661000 (94208 bytes)
 

---- Processes - GMER 1.0.15 ----
 

Process  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                  208

Library  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                  0x00400000

Library  C:\Programme\Avira\AntiVir Desktop\schedr.dll (avschdr Dynamic Link Library/Avira GmbH)                                                                        0x10000000

Library  C:\Programme\Avira\AntiVir Desktop\avevtlog.dll (Event Logger/Avira GmbH)                                                                                      0x01110000

Library  C:\Programme\Avira\AntiVir Desktop\sqlite3.dll                                                                                                                 0x01270000
 

Process  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                        312

Library  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                        0x00400000

Library  C:\Programme\Avira\AntiVir Desktop\AVEvtLog.dll (Event Logger/Avira GmbH)                                                                                      0x10000000

Library  C:\Programme\Avira\AntiVir Desktop\guardmsg.dll (AVGuard Messages (Deutsch)/Avira GmbH)                                                                        0x01240000

Library  C:\Programme\Avira\AntiVir Desktop\sqlite3.dll                                                                                                                 0x01260000

Library  C:\Programme\Avira\AntiVir Desktop\AVPREF.DLL (Prefix DLL/Avira GmbH)                                                                                          0x013D0000

Library  C:\Programme\Avira\AntiVir Desktop\SMTPLIB.DLL (SMTPLIB/Avira GmbH)                                                                                            0x013F0000

Library  C:\Programme\Avira\AntiVir Desktop\AVGIO.DLL (On-access scan support/Avira GmbH)                                                                               0x01510000

Library  C:\Programme\Avira\AntiVir Desktop\aecore.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                   0x01640000

Library  C:\Programme\Avira\AntiVir Desktop\aevdf.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                    0x01680000

Library  C:\Programme\Avira\AntiVir Desktop\aescript.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                 0x016B0000

Library  C:\Programme\Avira\AntiVir Desktop\aescn.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                    0x01750000

Library  C:\Programme\Avira\AntiVir Desktop\aesbx.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                    0x01780000

Library  C:\Programme\Avira\AntiVir Desktop\aerdl.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                    0x017D0000

Library  C:\Programme\Avira\AntiVir Desktop\aepack.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                   0x01860000

Library  C:\Programme\Avira\AntiVir Desktop\unacev2.dll (UNACE Dynamic Link Library/ACE Compression Software)                                                           0x018E0000

Library  C:\Programme\Avira\AntiVir Desktop\aeoffice.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                 0x01940000

Library  C:\Programme\Avira\AntiVir Desktop\aeheur.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                   0x01990000

Library  C:\Programme\Avira\AntiVir Desktop\aehelp.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                   0x01BA0000

Library  C:\Programme\Avira\AntiVir Desktop\aegen.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                    0x01BF0000

Library  C:\Programme\Avira\AntiVir Desktop\aeemu.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                    0x01C60000

Library  C:\Programme\Avira\AntiVir Desktop\aebb.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                     0x01CE0000

Library  C:\Programme\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH)                                                                                    0x01D00000

Al Coholic

26.11.2009 11:31

GMR - only non MS files [2/2]

Code:

Process  C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP)                                                                                                               456

Library  C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP)                                                                                                               0x00400000
 

Process  C:\WINDOWS\system32\PnkBstrA.exe                                                                                                                               480

Library  C:\WINDOWS\system32\PnkBstrA.exe                                                                                                                               0x00400000
 

Process  C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation)                                                                                               692

Library  C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (GrooveShellExtensions Module/Microsoft Corporation)                                                                0x661C0000

Library  C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (GrooveSystemServices Module/Microsoft Corporation)                                                                 0x65E30000

Library  C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.)                                                   0x10000000

Library  C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU                                                                                             0x038E0000

Library  C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL (GrooveMisc Module/Microsoft Corporation)                                                                           0x66B40000
 

Process  C:\WINDOWS\system32\RUNDLL32.EXE (Eine DLL-Datei als Anwendung ausführen/Microsoft Corporation)                                                                956

Library  C:\WINDOWS\system32\NvMcTray.dll (NVIDIA Media Center Library/NVIDIA Corporation)                                                                              0x10000000

Library  C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 190.62 /NVIDIA Corporation)                                                                       0x00CB0000

Library  C:\WINDOWS\system32\NVRSDE.DLL (NVIDIA German language resource library/NVIDIA Corporation)                                                                    0x00EB0000
 

Process  C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH)                                                                           964

Library  C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH)                                                                           0x00400000

Library  C:\Programme\Avira\AntiVir Desktop\cclib.dll (Antivirus Control Center Common Library/Avira GmbH)                                                              0x10000000

Library  c:\programme\avira\antivir desktop\ccgen.dll (Control Center General Plugin/Avira GmbH)                                                                        0x00EC0000

Library  c:\programme\avira\antivir desktop\ccgenrc.dll (Control Center General Plugin Resources/Avira GmbH)                                                            0x01150000

Library  c:\programme\avira\antivir desktop\ccguard.dll (Control Center Guard Plugin/Avira GmbH)                                                                        0x01170000

Library  c:\programme\avira\antivir desktop\ccgrdrc.dll (Control Center Guard Plugin Resources/Avira GmbH)                                                              0x011D0000

Library  c:\programme\avira\antivir desktop\avipc.dll (AVIRA IPC Library/Avira GmbH)                                                                                    0x011F0000

Library  c:\programme\avira\antivir desktop\ccupdate.dll (Control Center Updater Plugin/Avira GmbH)                                                                     0x01220000

Library  c:\programme\avira\antivir desktop\ccupdrc.dll (Control Center Updater Plugin Resources/Avira GmbH)                                                            0x01270000

Library  c:\programme\avira\antivir desktop\cclic.dll (Control Center License Plugin/Avira GmbH)                                                                        0x01290000

Library  c:\programme\avira\antivir desktop\cclicrc.dll (Control Center License Plugin Resources/Avira GmbH)                                                            0x012D0000

Library  c:\programme\avira\antivir desktop\ccmsg.dll (Control Center Message Plugin/Avira GmbH)                                                                        0x012F0000
 

Process  C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Acrobat SpeedLauncher/Adobe Systems Incorporated)                                                    972

Library  C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Acrobat SpeedLauncher/Adobe Systems Incorporated)                                                    0x00400000
 

Process  C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 190.62/NVIDIA Corporation)                                                              1328

Library  C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 190.62/NVIDIA Corporation)                                                              0x00400000

Library  C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 190.62 /NVIDIA Corporation)                                                                       0x00F00000
 

Process  C:\WINDOWS\System32\TUProgSt.exe (TuneUp Program Statistics Service/TuneUp Software)                                                                           1488

Library  C:\WINDOWS\System32\TUProgSt.exe (TuneUp Program Statistics Service/TuneUp Software)                                                                           0x00400000
 

Process  C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                1572

Library  c:\windows\system32\uxtuneup.dll (TuneUp Theme Extension/TuneUp Software)                                                                                      0x55580000
 

Process  C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation)                                                                                  2016

Library  C:\WINDOWS\system32\hpz3l054.dll (LanguageMonitor/Hewlett-Packard Company)                                                                                     0x00C70000

Library  C:\WINDOWS\system32\msonpmon.dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation)                                                          0x00C80000

Library  C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp054.dll (Hewlett-Packard Corporation)                                                                           0x00DF0000

Library  C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation)                                      0x3F420000

Library  C:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr.dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation)                                    0x00E20000
 

Process  C:\Dokumente und Einstellungen\Admin\Desktop\ntgior9z.exe                                                                                                      3244

Library  C:\Dokumente und Einstellungen\Admin\Desktop\ntgior9z.exe                                                                                                      0x00400000
 

---- Services - GMER 1.0.15 ----
 

Service  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                  [AUTO] AntiVirSchedulerService

Service  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                        [AUTO] AntiVirService

Service  C:\WINDOWS\system32\DRIVERS\atapi.sys                                                                                                                          [BOOT] atapi

Service  C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH)                                                                 [SYSTEM] avgio

Service  C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH)                                                                                  [AUTO] avgntflt

Service  C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH)                                                                         [SYSTEM] avipbb

Service  C:\WINDOWS\system32\drivers\cmigameport.sys                                                                                                                    [MANUAL] cmigameport

Service  C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Audio WDM Driver/C-Media Inc)                                                                                 [MANUAL] cmpci

Service  C:\WINDOWS\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP)                                                                           [MANUAL] HPZid412

Service  C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP)                                                                              [MANUAL] HPZipr12

Service  C:\WINDOWS\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP)                                                                      [MANUAL] HPZius12

Service  C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation)                                        [MANUAL] IDriverT

Service                                                                                                                                                                 MSDTC Bridge 3.0.0.0

Service                                                                                                                                                                 nm

Service  C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia USB Phone Bus Driver/Nokia)                                                                                      [MANUAL] nmwcd

Service  C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia USB Phone Bus Driver/Nokia)                                                                                     [MANUAL] nmwcdc

Service  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 190.62 /NVIDIA Corporation)                                  [MANUAL] nv

Service  C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Networking Function Driver./NVIDIA Corporation)                                                               [MANUAL] NVENETFD

Service  C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation)                                                          [BOOT] nvgts

Service  C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Networking Bus Driver./NVIDIA Corporation)                                                                    [MANUAL] nvnetbus

Service  C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 190.62/NVIDIA Corporation)                                                              [AUTO] nvsvc

Service                                                                                                                                                                 Outlook

Service  C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys (PCCS Mode Change Filter Driver/Nokia)                                                                                [MANUAL] pccsmcfd

Service  C:\WINDOWS\system32\DRIVERS\PDDSLADP.SYS (ProDyne DSL Adapter/ProDyne)                                                                                         [MANUAL] PDDSLADP

Service   (ProDyne DSL Handler/ProDyne)                                                                                                                                 [BOOT] PDDSLHND

Service  C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP)                                                                                                               [AUTO] Pml Driver HPZ12

Service  C:\WINDOWS\system32\PnkBstrA.exe                                                                                                                               [AUTO] PnkBstrA

Service  C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)                                          [MANUAL] Ptilink

Service  C:\WINDOWS\system32\drivers\rootrepeal.sys                                                                                                                     [MANUAL] rootrepeal

Service  C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe                                                                                   [AUTO] RoxLiveShare9

Service  C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)  [MANUAL] Secdrv

Service  C:\Programme\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.)                                                                            [MANUAL] ServiceLayer

Service                                                                                                                                                                 ServiceModelEndpoint 3.0.0.0

Service                                                                                                                                                                 ServiceModelOperation 3.0.0.0

Service                                                                                                                                                                 ServiceModelService 3.0.0.0

Service                                                                                                                                                                 SMSvcHost 3.0.0.0

Service  C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony USB Lower Filter driver/Sony Corporation)                                                                       [MANUAL] SONYPVU1

Service  System32\Drivers\sptd.sys                                                                                                                                      [DISABLED] sptd

Service  C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)                                                                                      [SYSTEM] ssmdrv

Service                                                                                                                                                                 [MANUAL] StarOpen

Service  C:\WINDOWS\System32\TuneUpDefragService.exe (TuneUp Drive Defrag Service/TuneUp Software)                                                                      [MANUAL] TuneUp.Defrag

Service  C:\WINDOWS\System32\TUProgSt.exe (TuneUp Program Statistics Service/TuneUp Software)                                                                           [AUTO] TuneUp.ProgramStatisticsSvc

Service  C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys (Filter Driver for Nokia USB Phone Bus Driver/Nokia)                                                           [MANUAL] upperdev

Service  C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys (Filter Driver for Nokia USB Phone Bus Driver/Nokia)                                                          [MANUAL] UsbserFilt

Service                                                                                                                                                                 Windows Workflow Foundation 3.0.0.0

Service  C:\WINDOWS\system32\DRIVERS\yk51x86.sys (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller/Marvell)                                                [MANUAL] yukonwxp
 

---- EOF - GMER 1.0.15 ----

Alle Zeitangaben in WEZ +1. Es ist jetzt 21:30 Uhr.

Seite 1 von 3

100 Beiträge dieses Themas auf einer Seite anzeigen

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19