View Full Version : Click.GiftLoad HijackersC (one more)
headking
2011-04-02, 16:21
Hi all
Reading the “Before you Post” thread, I hope to meet all your rules.
Unfortunately I got attacked by virus, trojan, malware.
Before I found this page I already did some scanning (Stinger, OnlineScanner ESET and Symantec). Now I also know that I made the mistake to turn off System Restore.
Fortunately until now I didn’t run any ‘FIXES’ ComboFix etc.
Currently I can’t find anything except Click.GiftLoad HijackersC (with Spybot).
The only things which I actually “feel” are that I’m not able to surf Windows Update and a slow system start (no blue screen, no re-directed web browsing).
Hope we still have a chance to get the system clean.
DDS Report >>>>
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 12:04:47.96 on 02.04.2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.41.1031.18.2047.1357 [GMT 2:00]
.
AV: Prevx 3.0 *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D901}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Symantec AntiVirus\DefWatch.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\Symantec AntiVirus\Rtvscan.exe
C:\Programme\VMware\VMware Workstation\vmware-authd.exe
C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programme\Tools\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bluewin.ch/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\tools\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\programme\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AlcoholAutomount] "d:\programme\tools\alcohol 120\axcmd.exe" /automount
uRun: [SpybotSD TeaTimer] d:\programme\tools\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
uPolicies-explorer: NoActiveDesktop = 00000000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\administrator\anwendungsdaten\dvdvideosoftiehelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\programme\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\tools\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233350009690
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300835333359
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\programme\gemeinsame dateien\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\windows\system32\srrstr.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2007-12-24 18208]
R1 SAVRT;SAVRT;c:\programme\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\programme\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [2007-6-18 373568]
R2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [2007-5-30 201696]
R2 ccEvtMgr;Symantec Event Manager;c:\programme\gemeinsame dateien\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\programme\gemeinsame dateien\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 ECBatteryDRV;ECBatteryDRV;c:\windows\system32\drivers\ECBatteryDRV.sys [2010-12-31 6144]
R2 ECMonitorDRV;ECMonitorDRV;c:\windows\system32\drivers\ECMonitorDRV.sys [2010-12-31 6144]
R2 ECUtilityDRV;ECUtilityDRV;c:\windows\system32\drivers\ECUtilityDRV.sys [2010-12-31 6144]
R2 HotCPUDRV;HotCPUDRV;c:\windows\system32\drivers\HotCPUDRV.sys [2010-12-31 7240]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\programme\symantec antivirus\Rtvscan.exe [2006-11-27 1836640]
R2 WinBootDRV;WinBootDRV;c:\windows\system32\drivers\WinBootDRV.sys [2010-12-31 7242]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\gemeinsame dateien\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-29 102448]
R3 NAVENG;NAVENG;c:\progra~1\gemein~1\symant~1\virusd~1\20110324.016\naveng.sys [2011-3-25 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\gemein~1\symant~1\virusd~1\20110324.016\navex15.sys [2011-3-25 1360760]
S1 ethxcvhp;ethxcvhp; [x]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
S3 SavRoam;SAVRoam;c:\programme\symantec antivirus\SavRoam.exe [2006-11-27 120416]
S3 STUSB2Ir;SigmaTel USB 2.0 IrDA Bridge;c:\windows\system32\drivers\stusb2ir.sys [2009-2-14 46104]
S3 XDva369;XDva369; [x]
S3 XDva383;XDva383; [x]
.
=============== Created Last 30 ================
.
2011-03-27 21:41:10 -------- dc-h--w- c:\windows\ie8
2011-03-27 11:34:19 -------- d-----w- c:\dokume~1\admini~1\lokale~1\anwend~1\PackageAware
2011-03-26 10:36:10 -------- d-----w- c:\dokume~1\admini~1\lokale~1\anwend~1\Threat Expert
2011-03-25 22:55:29 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\SecTaskMan
2011-03-20 18:45:45 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\Spybot - Search & Destroy
2011-03-20 10:23:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-19 12:31:14 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-18 19:49:29 -------- d-----w- c:\programme\ESET
2011-03-17 20:12:51 -------- d-----w- C:\bd_logs
2011-03-12 16:35:20 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe
2011-03-12 16:35:19 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll
2011-03-12 13:27:45 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-12 13:27:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-12 13:26:58 -------- d-----w- C:\MRecord
2011-03-08 23:17:06 71880 ----a-w- c:\windows\system32\PxSecure.dll-204976953
.
==================== Find3M ====================
.
2011-02-18 17:36:23 1409 ----a-w- c:\windows\QTFont.for
2011-02-02 18:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:32 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:10 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD400BB-75FJA1 rev.14.03G14 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A2BA439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a2c07b8]; MOV EAX, [0x8a2c0834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A33EAB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x8A3C0D58]
\Driver\atapi[0x8A318F38] -> IRP_MJ_CREATE -> 0x8A2BA439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskWDC_WD400BB-75FJA1______________________14.03G14#4457572d4143434a303234313634203420202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A2BA27F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 12:06:20.56 ===============
Spybot results >>>>
Click.GiftLoad: [SBI $89783858] Benutzereinstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe
Log: Activity: SchedLgU.Txt (Datei sichern, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Activity: imsins.log (Datei sichern, nothing done)
C:\WINDOWS\imsins.log
Log: Install: comsetup.log (Datei sichern, nothing done)
C:\WINDOWS\comsetup.log
Log: Install: ocgen.log (Datei sichern, nothing done)
C:\WINDOWS\ocgen.log
Log: Install: setupapi.log (Datei sichern, nothing done)
C:\WINDOWS\setupapi.log
Log: Shutdown: System32\wbem\logs\wbemcore.log (Datei sichern, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: Shutdown: System32\wbem\logs\wbemess.log (Datei sichern, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wbemprox.log (Datei sichern, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Datei sichern, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Internet Explorer: [SBI $FF589D0C] Download directory (Registrierungsdatenbank-Änderung, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Internet Explorer\Download Directory
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registrierungsdatenbank-Änderung, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registrierungsdatenbank-Änderung, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Office 10.0: [SBI $65F660A1] Internet history (Registrierungsdatenbank-Wert, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Office\10.0\Common\Internet\UseRWHlinkNavigation
MS Office 10.0 (Word): [SBI $51FE086C] Recently used documents list (Registrierungsdatenbank-Wert, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Office\10.0\Word\Data\Settings
MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Search Assistant\ACMru
Windows: [SBI $1E4E2003] Drivers installation paths (Registrierungsdatenbank-Änderung, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $AA0766B5] Stream history (7 Dateien) (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 Dateien) (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (24 Dateien) (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (2 Dateien) (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-03-20 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-03-29 Includes\Malware.sbi (*)
2011-03-29 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2010-12-28 Includes\Trojans.sbi (*)
2011-03-25 Includes\TrojansC-02.sbi (*)
2011-03-29 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-29 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
I look forward to any help that can be offered.
Thank you in advance. Regards
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Your infected with a Rootkit
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
headking
2011-04-04, 19:18
Hello Ken!
I'm happy to "hear" you.
Here as wished the log-file.
2011/04/04 18:30:51.0421 3964 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/04 18:30:51.0453 3964 ================================================================================
2011/04/04 18:30:51.0453 3964 SystemInfo:
2011/04/04 18:30:51.0453 3964
2011/04/04 18:30:51.0453 3964 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/04 18:30:51.0453 3964 Product type: Workstation
2011/04/04 18:30:51.0453 3964 ComputerName: SIEGENTH-185917
2011/04/04 18:30:51.0453 3964 UserName: Administrator
2011/04/04 18:30:51.0453 3964 Windows directory: C:\WINDOWS
2011/04/04 18:30:51.0453 3964 System windows directory: C:\WINDOWS
2011/04/04 18:30:51.0453 3964 Processor architecture: Intel x86
2011/04/04 18:30:51.0453 3964 Number of processors: 1
2011/04/04 18:30:51.0453 3964 Page size: 0x1000
2011/04/04 18:30:51.0453 3964 Boot type: Normal boot
2011/04/04 18:30:51.0453 3964 ================================================================================
2011/04/04 18:30:52.0281 3964 Initialize success
2011/04/04 18:33:45.0531 0612 ================================================================================
2011/04/04 18:33:45.0531 0612 Scan started
2011/04/04 18:33:45.0531 0612 Mode: Manual;
2011/04/04 18:33:45.0531 0612 ================================================================================
2011/04/04 18:33:46.0109 0612 acedrv09 (bd4e8c841716d5f2804ce000cfe61524) C:\WINDOWS\system32\drivers\acedrv09.sys
2011/04/04 18:33:46.0250 0612 acehlp09 (7b19e528f2f40524e2c40f754a571eb8) C:\WINDOWS\system32\drivers\acehlp09.sys
2011/04/04 18:33:46.0390 0612 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/04 18:33:46.0546 0612 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/04 18:33:46.0750 0612 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/04/04 18:33:46.0843 0612 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/04 18:33:46.0984 0612 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/04 18:33:47.0125 0612 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/04 18:33:48.0000 0612 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/04/04 18:33:48.0125 0612 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys
2011/04/04 18:33:48.0281 0612 asuskbnt (b3b881eb81013aac11594a5400ada47a) C:\WINDOWS\system32\drivers\atkkbnt.sys
2011/04/04 18:33:48.0453 0612 ASUSVRC (94442e3029ff6c9f08140fe6718af4fb) C:\WINDOWS\system32\DRIVERS\AsusVRC.sys
2011/04/04 18:33:48.0531 0612 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/04 18:33:48.0703 0612 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/04 18:33:49.0015 0612 ati2mtag (2f24aff9e8409821aafa005d3706b583) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/04/04 18:33:49.0203 0612 AtiHdmiService (1e82f05cff41316bcaa513909d99a004) C:\WINDOWS\system32\drivers\AtiHdmi.sys
2011/04/04 18:33:49.0359 0612 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/04 18:33:49.0500 0612 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/04 18:33:49.0625 0612 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/04 18:33:49.0781 0612 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/04 18:33:49.0875 0612 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/04 18:33:50.0078 0612 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/04 18:33:50.0203 0612 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/04 18:33:50.0359 0612 Cdr4_xp (658cdea65fffac193482e10407e45da1) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/04/04 18:33:50.0500 0612 Cdralw2k (6123da1ec51f4f016554535b88befbf6) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/04/04 18:33:50.0625 0612 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/04 18:33:50.0781 0612 cdudf_xp (8c7746acde6225a46b58ed7ae09ec166) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/04/04 18:33:50.0953 0612 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/04/04 18:33:51.0437 0612 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2011/04/04 18:33:51.0812 0612 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/04 18:33:51.0921 0612 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/04 18:33:52.0109 0612 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/04 18:33:52.0265 0612 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/04 18:33:52.0437 0612 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/04 18:33:52.0656 0612 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/04 18:33:52.0765 0612 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
2011/04/04 18:33:52.0921 0612 dvd_2K (800de2dfa19db3fd87aa95308ba0c17b) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/04/04 18:33:53.0093 0612 E1000 (d94437e7ee086677b266099f695cdea1) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2011/04/04 18:33:53.0250 0612 ECBatteryDRV (36858cc61f89763251a2db897e41e547) C:\WINDOWS\system32\drivers\ECBatteryDRV.sys
2011/04/04 18:33:53.0328 0612 ECMonitorDRV (8ab2829b911eeaa7f954a915c88ada4f) C:\WINDOWS\system32\drivers\ECMonitorDRV.sys
2011/04/04 18:33:53.0484 0612 ECUtilityDRV (11a430dd5d17b2587093dbe6b6abf564) C:\WINDOWS\system32\drivers\ECUtilityDRV.sys
2011/04/04 18:33:53.0671 0612 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
2011/04/04 18:33:53.0843 0612 EIO_XP (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO_XP.sys
2011/04/04 18:33:54.0000 0612 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
2011/04/04 18:33:54.0140 0612 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
2011/04/04 18:33:54.0250 0612 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/04/04 18:33:54.0468 0612 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/04 18:33:54.0609 0612 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/04 18:33:54.0703 0612 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/04 18:33:54.0859 0612 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/04 18:33:55.0015 0612 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/04 18:33:55.0187 0612 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/04 18:33:55.0359 0612 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/04 18:33:55.0515 0612 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/04/04 18:33:55.0593 0612 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/04/04 18:33:55.0765 0612 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/04 18:33:55.0937 0612 hamachi (2deb17cfff838cd3091753269959687b) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/04/04 18:33:56.0109 0612 hcmon (f835915ddff5a97d1212cd30eff91324) C:\WINDOWS\system32\Drivers\hcmon.sys
2011/04/04 18:33:56.0265 0612 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/04 18:33:56.0437 0612 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/04 18:33:56.0609 0612 hotcore (18ccafbf84b23c0da0f1ab46847f6c0b) C:\WINDOWS\system32\drivers\hotcore.sys
2011/04/04 18:33:56.0796 0612 HotCPUDRV (9a841ad01ad9d11899f2c8117583c547) C:\WINDOWS\system32\drivers\HotCPUDRV.sys
2011/04/04 18:33:57.0031 0612 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
2011/04/04 18:33:57.0203 0612 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
2011/04/04 18:33:57.0390 0612 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/04 18:33:57.0734 0612 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/04 18:33:57.0890 0612 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2011/04/04 18:33:58.0375 0612 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/04 18:33:58.0453 0612 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/04 18:33:58.0625 0612 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/04 18:33:58.0796 0612 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/04 18:33:58.0937 0612 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/04 18:33:59.0078 0612 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/04 18:33:59.0250 0612 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/04 18:33:59.0390 0612 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/04/04 18:33:59.0546 0612 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/04 18:33:59.0640 0612 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/04 18:33:59.0812 0612 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/04 18:33:59.0968 0612 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/04 18:34:00.0062 0612 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/04 18:34:00.0203 0612 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/04 18:34:00.0375 0612 L8042PR2 (0f8b7bf7097d1e8d78f2f52a2bea03cd) C:\WINDOWS\system32\Drivers\l8042pr2.sys
2011/04/04 18:34:00.0734 0612 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
2011/04/04 18:34:00.0875 0612 LHidUsb (ffb851b1b2f6596b7d3182b977a85206) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
2011/04/04 18:34:01.0046 0612 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\WINDOWS\system32\Drivers\LMouFlt2.sys
2011/04/04 18:34:01.0187 0612 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/04/04 18:34:01.0281 0612 mmc_2K (0a35ad036de912858a1c5e9637840724) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/04/04 18:34:01.0437 0612 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/04 18:34:01.0593 0612 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/04 18:34:01.0734 0612 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/04 18:34:01.0875 0612 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/04 18:34:01.0953 0612 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/04 18:34:02.0187 0612 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/04 18:34:02.0343 0612 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/04 18:34:02.0515 0612 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/04 18:34:02.0625 0612 MSIRCOMM (95c6432151ccff8617352f8e616a1aa4) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
2011/04/04 18:34:02.0765 0612 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/04 18:34:02.0937 0612 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/04 18:34:03.0015 0612 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/04 18:34:03.0187 0612 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/04 18:34:03.0343 0612 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/04 18:34:03.0515 0612 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/04 18:34:03.0671 0612 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/04 18:34:03.0843 0612 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20110324.016\naveng.sys
2011/04/04 18:34:03.0953 0612 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20110324.016\navex15.sys
2011/04/04 18:34:04.0125 0612 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/04 18:34:04.0265 0612 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/04 18:34:04.0343 0612 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/04 18:34:04.0515 0612 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/04 18:34:04.0656 0612 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/04 18:34:04.0843 0612 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/04 18:34:04.0984 0612 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/04 18:34:05.0140 0612 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/04 18:34:05.0312 0612 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/04/04 18:34:05.0390 0612 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/04/04 18:34:05.0546 0612 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/04 18:34:05.0718 0612 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/04 18:34:05.0906 0612 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/04 18:34:06.0046 0612 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/04 18:34:06.0187 0612 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/04 18:34:06.0265 0612 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/04 18:34:06.0406 0612 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/04 18:34:06.0484 0612 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/04 18:34:06.0640 0612 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/04/04 18:34:06.0734 0612 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/04 18:34:06.0968 0612 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/04/04 18:34:07.0125 0612 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/04 18:34:07.0968 0612 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/04 18:34:08.0046 0612 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/04 18:34:08.0203 0612 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/04 18:34:08.0296 0612 pwd_2k (1840112f3f3b7ece84dbbd93a70c4135) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/04/04 18:34:08.0968 0612 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/04 18:34:09.0093 0612 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/04/04 18:34:09.0218 0612 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/04 18:34:09.0375 0612 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/04 18:34:09.0453 0612 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/04 18:34:09.0609 0612 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/04 18:34:09.0750 0612 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/04 18:34:09.0875 0612 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/04 18:34:10.0062 0612 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/04 18:34:10.0218 0612 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/04 18:34:10.0359 0612 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Programme\Symantec AntiVirus\savrt.sys
2011/04/04 18:34:10.0406 0612 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Programme\Symantec AntiVirus\Savrtpel.sys
2011/04/04 18:34:10.0578 0612 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/04 18:34:10.0718 0612 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/04 18:34:10.0859 0612 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/04 18:34:11.0031 0612 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/04 18:34:11.0187 0612 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
2011/04/04 18:34:11.0406 0612 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/04 18:34:11.0578 0612 smwdm (3a11abb30c6a64173f99c8c42e76827c) C:\WINDOWS\system32\drivers\smwdm.sys
2011/04/04 18:34:11.0859 0612 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/04/04 18:34:12.0031 0612 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/04 18:34:12.0203 0612 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/04 18:34:12.0203 0612 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/04/04 18:34:12.0218 0612 sptd - detected Locked file (1)
2011/04/04 18:34:12.0359 0612 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/04 18:34:12.0531 0612 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/04 18:34:12.0687 0612 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/04 18:34:12.0781 0612 STUSB2Ir (16cbe6445c9e7451ad17ad6ed6e66933) C:\WINDOWS\system32\DRIVERS\stusb2ir.sys
2011/04/04 18:34:12.0953 0612 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/04 18:34:13.0109 0612 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/04 18:34:13.0390 0612 SymEvent (de6d1102d55926354171ae4e73936725) C:\Programme\Symantec\SYMEVENT.SYS
2011/04/04 18:34:13.0531 0612 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/04/04 18:34:13.0609 0612 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/04/04 18:34:13.0953 0612 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/04 18:34:14.0109 0612 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/04 18:34:14.0250 0612 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/04 18:34:14.0343 0612 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/04 18:34:14.0484 0612 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/04 18:34:14.0734 0612 UdfReadr_xp (e1b5bfba7f1cde1fc28934639e83b3cf) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/04/04 18:34:14.0875 0612 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/04 18:34:15.0062 0612 UnlockerDriver5 (4847639d852763ee39415c929470f672) D:\Programme\Tools\Unlocker\UnlockerDriver5.sys
2011/04/04 18:34:15.0156 0612 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/04 18:34:15.0328 0612 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/04/04 18:34:15.0437 0612 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/04 18:34:15.0578 0612 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/04 18:34:15.0734 0612 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/04 18:34:15.0890 0612 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/04 18:34:16.0062 0612 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/04 18:34:16.0203 0612 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/04/04 18:34:16.0359 0612 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/04/04 18:34:16.0515 0612 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/04 18:34:16.0671 0612 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/04 18:34:16.0828 0612 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/04 18:34:17.0156 0612 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) C:\WINDOWS\system32\Drivers\Video3D32.sys
2011/04/04 18:34:17.0265 0612 VMnetAdapter (d15ef095acfb12ee7acb8c6198e1c1a1) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
2011/04/04 18:34:17.0421 0612 VMnetBridge (e480ddf1191d462489fe50f24911e3a1) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
2011/04/04 18:34:17.0593 0612 VMnetuserif (53449800df117a046e73dd6dcf030ab0) C:\WINDOWS\system32\drivers\vmnetuserif.sys
2011/04/04 18:34:17.0765 0612 VMparport (d692fa28ec331634cb2115d085d2aa17) C:\WINDOWS\system32\Drivers\VMparport.sys
2011/04/04 18:34:17.0953 0612 vmx86 (f6da0588b051036f6d2e190965cc15e5) C:\WINDOWS\system32\Drivers\vmx86.sys
2011/04/04 18:34:18.0125 0612 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/04 18:34:18.0234 0612 vstor2 (99d7010cd019ea359e21d05c3ca440f4) C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys
2011/04/04 18:34:18.0390 0612 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/04 18:34:18.0562 0612 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/04/04 18:34:18.0781 0612 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/04 18:34:18.0968 0612 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
2011/04/04 18:34:19.0171 0612 WinBootDRV (b2a6156eda80c20f81a691b13fc3dc32) C:\WINDOWS\system32\drivers\WinBootDRV.sys
2011/04/04 18:34:19.0390 0612 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/04/04 18:34:19.0562 0612 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/04 18:34:19.0734 0612 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/04 18:34:19.0906 0612 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/04 18:34:20.0093 0612 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/04 18:34:20.0390 0612 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/04 18:34:20.0390 0612 ================================================================================
2011/04/04 18:34:20.0390 0612 Scan finished
2011/04/04 18:34:20.0390 0612 ================================================================================
2011/04/04 18:34:20.0421 1584 Detected object count: 2
2011/04/04 18:46:49.0250 1584 Locked file(sptd) - User select action: Skip
2011/04/04 18:46:49.0296 1584 \HardDisk1 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/04 18:46:49.0312 1584 \HardDisk1 - ok
2011/04/04 18:46:49.0312 1584 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2011/04/04 18:51:28.0796 3956 Deinitialize success
Regards "hearing" you again, thank you!
Headking
Can you run these scans and post the logs please
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswmbrscan.gif
Click the "Scan" button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswmbrsavelog.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
headking
2011-04-04, 23:13
aswMBR.txt >>>
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-04 21:55:47
-----------------------------
21:55:47.781 OS Version: Windows 5.1.2600 Service Pack 3
21:55:47.781 Number of processors: 1 586 0x209
21:55:47.781 ComputerName: SIEGENTH-185917 UserName: Administrator
21:55:48.156 Initialize success
21:58:35.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:58:35.703 Disk 0 Vendor: WDC_WD400BB-75FJA1 14.03G14 Size: 38146MB BusType: 3
21:58:35.703 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
21:58:35.703 Disk 1 Vendor: WDC_WD5000AAKB-00YSA0 12.01C02 Size: 476940MB BusType: 3
21:58:35.718 Disk 0 MBR read error
21:58:35.718 Disk 0 MBR scan
21:58:35.718 MBR BIOS signature not found 0
21:58:35.718 Disk 0 scanning sectors +78108030
21:58:35.718 Disk 0 scanning C:\WINDOWS\system32\drivers
21:58:44.312 Service scanning
21:58:45.312 Disk 0 trace - called modules:
21:58:45.312 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spcp.sys hal.dll >>UNKNOWN [0x8a384938]<<
21:58:45.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2f3ab8]
21:58:45.312 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a31ad98]
21:58:45.875 Scan finished successfully
Extras.txt >>>
OTL Extras logfile created on: 04.04.2011 22:23:02 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37.24 Gb Total Space | 20.65 Gb Free Space | 55.43% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 211.68 Gb Free Space | 72.25% Space Free | Partition Type: NTFS
Computer Name: SIEGENTH-185917 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\Tools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\Tools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"D:\Programme\Spiele\FIFA 09\FIFA09.exe" = D:\Programme\Spiele\FIFA 09\FIFA09.exe:*:Enabled:FIFA09 -- ()
"D:\Programme\Spiele\Praetorians\Praetorians.exe" = D:\Programme\Spiele\Praetorians\Praetorians.exe:*:Enabled:Praetorians -- ()
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"D:\Programme\Spiele\Empire Earth\Empire Earth.exe" = D:\Programme\Spiele\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0930F613-9331-972C-F07F-3E795214E65F}" = CCC Help Korean
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1B372CF9-7C2E-003C-3D90-37ACC8E41DA9}" = ccc-core-static
"{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities
"{1FC05942-BA18-BF55-DDF1-2978CEA4F009}" = CCC Help Finnish
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{2F7A7614-FB96-A328-8974-D234FA12B7A1}" = CCC Help Russian
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39165CF8-0ACA-451F-B1F6-6FB60EB09B00}_is1" = Copy-Discovery 2000 2.06
"{3DBD33CF-E905-7E8C-7FBF-BD80FFD71031}" = Nero 7 Demo
"{3DC91D8B-0C19-4D67-930B-D0AAD2009632}" = Startup Control Panel
"{40444C12-5D96-90CF-03B8-068BD23BFF1A}" = CCC Help Swedish
"{45E2473A-E45E-77AE-5049-8F55DF241E1C}" = CCC Help Czech
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA0E562-0E5B-DA6C-BC7B-37727786037B}" = CCC Help Dutch
"{59FBD7A0-A5C8-22DC-A0FF-23236A5B0E1F}" = CCC Help Japanese
"{5D6E0656-C386-C2D2-3A8A-B2E0B74E8749}" = CCC Help Italian
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{770CE596-F3A5-D2F4-630A-6F4C0FBDACC2}" = CCC Help Chinese Traditional
"{7A0A5F8C-0526-F9EA-DA9C-ED2D41D5901E}" = CCC Help Hungarian
"{7A1EAF98-AF57-2766-0B12-8105A3514B06}" = Catalyst Control Center Core Implementation
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{7C29753D-CC92-17A7-EAA4-75529E5DBFBF}" = CCC Help Norwegian
"{7EC3589A-E496-ABC4-1E48-5EB0502D95DE}" = ccc-core-preinstall
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{90150409-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002
"{901E0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP German User Interface Pack
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{98D1A713-438C-4A23-8AB6-41B37C4A2D47}" = VMware Workstation
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{999966B1-86A7-8A36-2242-8E0EAFC57C8B}" = Catalyst Control Center Graphics Full Existing
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8B2F6F7-F6D3-24D6-1A55-050152EA8D29}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A961C6FD-C583-45F6-A0A4-5E4376C29E41}" = Catalyst Control Center - Branding
"{ABD242CD-998F-4145-DF05-AFEB9FBD5CCD}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.6 - Deutsch
"{AD1EE65D-00BC-94F4-327F-91204818FC51}" = CCC Help German
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B426AB74-536F-2AC2-5447-42D9F9374674}" = ccc-utility
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{B8B63367-FCA7-C7A1-CB00-A1449CD80D0F}" = CCC Help French
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1BADED6-3D01-F0FF-D671-8D75D3FE2FD7}" = Catalyst Control Center Localization All
"{C230687B-745A-34FB-C501-543686AFD42B}" = CCC Help Greek
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{CBFEF652-FFC7-21AF-4984-50BA980DA73E}" = CCC Help Spanish
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CD780B1C-23B1-1BA8-6F9B-CDCCFB88AFF9}" = Catalyst Control Center Graphics Full New
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0517921-0CC8-5EBE-4F44-F3AD4DA41CF6}" = CCC Help Danish
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D81CEF26-01DA-4D23-4616-BC5A0E08DE05}" = CCC Help English
"{D8A21278-116D-DA21-1556-74EDAD5C48B2}" = Skins
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{D8EB271A-5063-2939-8411-B11404A7FB00}" = CCC Help Chinese Standard
"{EA7D8FBB-74EA-97D4-AF61-E8BEFC27E3A8}" = CCC Help Polish
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F79480EA-CD65-50BF-951F-95A39399857C}" = CCC Help Thai
"{F7F275A8-3B77-5723-DCBD-D4D1785D0CF7}" = CCC Help Portuguese
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows-Treiberpaket - Nokia Modem (05/24/2007 6.84.0.1)
"CDex" = CDex extraction audio
"Copy Profiler" = Copy Profiler 6 Beta 3
"Dkill95" = Dkill95
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"DVD43_is1" = DVD43 v3.9.0
"DVDFab HD Decrypter 4_is1" = DVDFab HD Decrypter 4.0.3.0
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"EW : Cossacks" = EW : Cossacks
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"jv16 PowerTools_is1" = jv16 PowerTools 1.3
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"MadOnion.com/3DMark2000" = MadOnion.com/3DMark2000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"PROSet" = Intel(R) PRO Network Connections Drivers
"ProtectDisc Driver" = ProtectDisc Helper Driver
"Security Task Manager" = Security Task Manager 1.8c
"SnagIt6" = SnagIt 6
"Total Uninstall_is1" = Total Uninstall 2.10
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 1.1.7
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinISO_is1" = WinISO 5.3
"WinZip" = WinZip
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Professional V5.8.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"xvid" = XviD MPEG-4 Video Codec
"Yahoo! Toolbar" = Yahoo! Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27.03.2011 01:15:10 | Computer Name = SIEGENTH-185917 | Source = sdCoreService | ID = 0
Description =
Error - 27.03.2011 01:34:45 | Computer Name = SIEGENTH-185917 | Source = sdCoreService | ID = 0
Description =
Error - 27.03.2011 01:36:25 | Computer Name = SIEGENTH-185917 | Source = pctsSvc.exe | ID = 0
Description =
Error - 27.03.2011 16:48:42 | Computer Name = SIEGENTH-185917 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dmcr.exe, Version 1.0.0.1, fehlgeschlagenes
Modul dmcr.exe, Version 1.0.0.1, Fehleradresse 0x000024a4.
Error - 27.03.2011 17:37:00 | Computer Name = SIEGENTH-185917 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 27.03.2011 17:37:00 | Computer Name = SIEGENTH-185917 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 27.03.2011 17:37:01 | Computer Name = SIEGENTH-185917 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 27.03.2011 17:37:01 | Computer Name = SIEGENTH-185917 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 02.04.2011 07:19:29 | Computer Name = SIEGENTH-185917 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.6612.0, faulting module
msb1core.dll, version 1.0.2223.1, fault address 0x0000ec19.
Error - 02.04.2011 10:59:54 | Computer Name = SIEGENTH-185917 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.6612.0, faulting module
winword.exe, version 10.0.6612.0, fault address 0x0016996f.
[ System Events ]
Error - 03.04.2011 04:19:50 | Computer Name = SIEGENTH-185917 | Source = DCOM | ID = 10010
Description = Der Server "{ABC01078-F197-4B0B-ADBC-CFE684B39C82}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 03.04.2011 04:20:21 | Computer Name = SIEGENTH-185917 | Source = DCOM | ID = 10010
Description = Der Server "{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 03.04.2011 07:45:25 | Computer Name = SIEGENTH-185917 | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
Bibliothek USB DISK 2.0 USB Device nicht laden.
Error - 03.04.2011 07:45:27 | Computer Name = SIEGENTH-185917 | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
Bibliothek USB DISK 2.0 USB Device nicht laden.
Error - 03.04.2011 08:38:36 | Computer Name = SIEGENTH-185917 | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
Bibliothek USB DISK 2.0 USB Device nicht laden.
Error - 03.04.2011 08:38:37 | Computer Name = SIEGENTH-185917 | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
Bibliothek USB DISK 2.0 USB Device nicht laden.
Error - 04.04.2011 11:49:54 | Computer Name = SIEGENTH-185917 | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration
nicht gestartet zu sein.
Error - 04.04.2011 11:51:23 | Computer Name = SIEGENTH-185917 | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
Bibliothek USB DISK 2.0 USB Device nicht laden.
Error - 04.04.2011 11:51:31 | Computer Name = SIEGENTH-185917 | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
Bibliothek USB DISK 2.0 USB Device nicht laden.
Error - 04.04.2011 11:52:53 | Computer Name = SIEGENTH-185917 | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
"Automatische Updates" hergestellt werden, daher können Updates nicht nach dem
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
eine Verbindung herzustellen.
< End of report >
headking
2011-04-04, 23:16
OTL.Txt >>>
OTL logfile created on: 04.04.2011 22:23:02 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37.24 Gb Total Space | 20.65 Gb Free Space | 55.43% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 211.68 Gb Free Space | 72.25% Space Free | Partition Type: NTFS
Computer Name: SIEGENTH-185917 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2008.07.29 17:20:54 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.26 14:26:06 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
PRC - [2008.01.15 03:40:04 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006.11.27 16:24:20 | 000,126,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\VPTray.exe
PRC - [2006.11.27 16:21:02 | 001,836,640 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\Rtvscan.exe
PRC - [2006.11.27 16:18:28 | 000,031,840 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\DefWatch.exe
PRC - [2006.11.13 14:01:04 | 000,142,128 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2006.11.13 14:00:58 | 000,224,048 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe
PRC - [2006.11.13 14:00:48 | 000,113,456 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2006.11.13 13:43:56 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2006.07.19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
PRC - [2006.07.19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
PRC - [2006.04.11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2003.08.28 15:01:22 | 000,061,440 | ---- | M] () -- C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
PRC - [2001.02.23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
========== Modules (SafeList) ==========
MOD - [2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (clr_optimization_v2.0.50727_32)
SRV - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.29 17:20:54 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2008.01.15 03:40:04 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.11.27 16:22:04 | 000,120,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Programme\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006.11.27 16:21:02 | 001,836,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006.11.27 16:18:28 | 000,031,840 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006.11.13 14:01:04 | 000,142,128 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2006.11.13 14:00:58 | 000,224,048 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2006.11.13 14:00:48 | 000,113,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2006.11.13 13:43:56 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2006.09.08 15:47:28 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006.08.07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006.07.19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006.07.19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006.04.11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.08.28 15:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2001.02.23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
========== Driver Services (SafeList) ==========
DRV - [2010.12.17 11:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20110324.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2010.12.17 11:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20110324.016\NAVENG.SYS -- (NAVENG)
DRV - [2010.08.19 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.07.04 14:21:12 | 000,010,345 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.05.28 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.10.06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.10.06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.10.06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.05.16 00:58:44 | 004,069,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.04.01 08:28:32 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.03.27 19:24:20 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.29 17:20:58 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008.07.29 17:20:58 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2008.07.29 17:20:54 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.01.26 14:27:40 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative-SoundFont-Verwaltungstreiber (WDM)
DRV - [2008.01.26 14:26:14 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2008.01.26 14:26:00 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative-Schnittstellen-Verwaltungstreiber (WDM)
DRV - [2008.01.26 14:26:00 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2007.12.17 14:14:29 | 000,241,280 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2007.12.17 14:14:29 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2007.12.17 14:14:29 | 000,144,250 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2007.12.17 14:14:29 | 000,062,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007.12.17 14:14:29 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2007.12.17 14:14:29 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2007.12.17 14:14:29 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007.06.18 15:10:42 | 000,373,568 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv09.sys -- (acedrv09)
DRV - [2007.05.30 18:54:22 | 000,201,696 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp09.sys -- (acehlp09)
DRV - [2007.01.29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006.11.13 14:01:38 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2006.11.13 14:01:34 | 000,031,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2006.11.13 14:01:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2006.11.13 14:01:28 | 000,102,576 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2006.11.13 14:01:26 | 000,022,576 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2006.11.13 14:00:46 | 000,016,176 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2006.11.13 13:43:56 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2006.09.18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006.09.06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006.09.06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006.08.07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006.08.07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006.06.14 13:44:30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2006.04.11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005.10.21 09:04:22 | 000,018,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore.sys -- (hotcore)
DRV - [2004.05.28 07:22:24 | 000,046,104 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stusb2ir.sys -- (STUSB2Ir)
DRV - [2003.12.17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2003.12.17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)
DRV - [2003.12.17 10:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003.12.17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003.03.19 08:37:12 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECBatteryDRV.sys -- (ECBatteryDRV)
DRV - [2003.01.29 05:03:56 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECUtilityDRV.sys -- (ECUtilityDRV)
DRV - [2003.01.29 05:03:46 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECMonitorDRV.sys -- (ECMonitorDRV)
DRV - [2003.01.29 05:03:00 | 000,007,240 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\HotCPUDRV.sys -- (HotCPUDRV)
DRV - [2003.01.29 05:02:06 | 000,007,242 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\WinBootDRV.sys -- (WinBootDRV)
DRV - [2002.07.17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2011.03.24 13:56:46 | 000,431,749 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O1 - Hosts: 127.0.0.1 coo0lnet.net
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 14861 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [vptray] C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] D:\Programme\Tools\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = [binary data]
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233350009690 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300835333359 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.17 13:25:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.04.04 21:40:29 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe
[2011.04.04 21:40:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.04.02 11:53:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011.04.02 10:22:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\erunt-setup.exe
[2011.03.27 23:41:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.03.27 13:34:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PackageAware
[2011.03.26 12:36:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2011.03.26 12:00:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.03.26 00:55:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2011.03.26 00:55:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager
[2011.03.24 14:22:56 | 000,952,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2011.03.20 20:45:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011.03.20 20:45:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011.03.20 12:26:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2011.03.20 12:26:54 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2011.03.20 12:23:05 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.03.20 12:23:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.03.20 12:23:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.03.20 12:23:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.03.19 14:31:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.03.18 21:49:29 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.03.17 22:12:51 | 000,000,000 | ---D | C] -- C:\bd_logs
[2011.03.12 18:35:20 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2011.03.12 18:35:19 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2011.03.12 15:26:58 | 000,000,000 | ---D | C] -- C:\MRecord
[2011.03.10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TDSSKiller.exe
[2011.03.09 01:17:06 | 000,071,880 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll-204976953
[2011.03.06 17:50:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2011.03.06 16:35:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\My ISO Files
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.04.04 21:59:44 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat
[2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.04.04 21:27:18 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe
[2011.04.04 19:54:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.04 19:41:23 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.04.04 18:53:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.04 18:52:52 | 2146,504,704 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.02 11:53:30 | 000,000,650 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2011.04.02 10:22:35 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\erunt-setup.exe
[2011.04.02 10:03:26 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.02 00:59:07 | 000,001,728 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT Task.vbs
[2011.04.02 00:22:03 | 000,000,082 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011.03.28 23:10:36 | 000,625,664 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dds.scr
[2011.03.27 17:26:22 | 000,002,530 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Test.jpg
[2011.03.27 10:46:07 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011.03.27 07:43:38 | 000,451,582 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.03.27 07:43:38 | 000,435,468 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.03.27 07:43:38 | 000,081,742 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.03.27 07:43:38 | 000,068,950 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.03.26 16:07:59 | 000,002,453 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft PowerPoint.lnk
[2011.03.26 01:05:22 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\TaskMan.lnk
[2011.03.24 13:56:46 | 000,431,749 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.03.24 00:05:53 | 000,000,770 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\OnlineScanner ESET.lnk
[2011.03.22 00:08:41 | 000,431,479 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110324-125646.backup
[2011.03.21 22:25:52 | 000,431,479 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110321-230841.backup
[2011.03.20 20:45:51 | 000,000,849 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.03.19 14:31:14 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.03.18 21:50:52 | 000,000,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\default.pls
[2011.03.12 18:31:48 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TDSSKiller.exe
[2011.03.09 01:41:51 | 000,013,272 | ---- | M] () -- C:\WINDOWS\System32\0
[2011.03.09 01:17:06 | 000,071,880 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll-204976953
[2011.03.06 17:40:04 | 000,001,089 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110321-212552.backup
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.04.04 21:59:44 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat
[2011.04.02 11:53:30 | 000,000,650 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2011.04.01 21:54:57 | 000,625,664 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dds.scr
[2011.03.27 17:26:22 | 000,002,530 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Test.jpg
[2011.03.26 01:05:22 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\TaskMan.lnk
[2011.03.25 16:45:17 | 2146,504,704 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.24 00:05:53 | 000,000,770 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\OnlineScanner ESET.lnk
[2011.03.20 20:45:51 | 000,000,849 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.03.09 01:41:44 | 000,013,272 | ---- | C] () -- C:\WINDOWS\System32\0
[2010.12.31 15:48:05 | 000,007,240 | R--- | C] () -- C:\WINDOWS\System32\drivers\HotCPUDRV.sys
[2010.12.31 15:48:03 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECUtilityDRV.sys
[2010.12.31 15:48:02 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECMonitorDRV.sys
[2010.12.31 15:48:01 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECBatteryDRV.sys
[2010.12.31 15:47:59 | 000,007,242 | R--- | C] () -- C:\WINDOWS\System32\WinBootDRV.sys
[2010.12.31 15:47:59 | 000,007,242 | R--- | C] () -- C:\WINDOWS\System32\drivers\WinBootDRV.sys
[2010.12.31 15:47:59 | 000,007,240 | R--- | C] () -- C:\WINDOWS\System32\HotCPUDRV.sys
[2010.12.31 15:47:59 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECUtilityDRV.sys
[2010.12.31 15:47:59 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECMonitorDRV.sys
[2010.12.31 15:47:58 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECBatteryDRV.sys
[2010.12.31 15:47:57 | 000,217,088 | R--- | C] () -- C:\WINDOWS\System32\DriverInstall.exe
[2010.08.18 23:39:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.10.11 14:31:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.05.21 22:34:19 | 000,071,812 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NMM-MetaData.db
[2009.05.15 22:54:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.05.15 22:54:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.04.27 21:07:02 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.23 15:04:54 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.04.05 23:25:36 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.04.05 01:28:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin
[2009.04.05 01:28:09 | 000,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin
[2009.04.05 01:28:09 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin
[2009.04.05 01:28:09 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin
[2009.04.05 01:28:09 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009.04.05 01:28:07 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2009.04.05 01:28:07 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2009.04.05 01:28:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.04.05 01:28:06 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2009.04.05 01:28:06 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2009.04.05 01:28:06 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2009.04.05 01:28:06 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2009.04.05 01:28:06 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2009.04.05 01:28:05 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.04.05 01:28:05 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2009.04.04 23:37:37 | 000,000,082 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.04.04 22:11:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.02.20 22:44:44 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FixVTS.ini
[2009.02.18 13:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009.02.03 16:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008.08.25 19:23:52 | 000,000,762 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008.04.15 19:58:46 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008.02.15 00:43:59 | 000,000,269 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2008.01.27 15:06:04 | 000,000,234 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008.01.26 11:18:34 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008.01.20 13:07:59 | 000,008,380 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.01.06 23:11:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.12.24 19:30:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI
[2007.12.24 17:45:27 | 000,000,176 | ---- | C] () -- C:\WINDOWS\ImageExplorer.INI
[2007.12.24 17:37:31 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2007.12.17 14:53:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007.12.17 14:44:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.12.17 13:28:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007.12.17 13:21:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007.12.17 12:59:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.12.17 12:58:22 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.03.20 17:16:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ASDR.exe
[2005.03.29 17:54:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005.03.29 17:54:44 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.10.11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2004.08.04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 12:00:00 | 000,451,582 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 12:00:00 | 000,435,468 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 12:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 12:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004390_.tmp.dll
[2004.08.04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 12:00:00 | 000,081,742 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 12:00:00 | 000,068,950 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 12:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 12:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004358_.tmp.dll
[2004.08.04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2010.10.06 14:22:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.05.14 12:13:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GetRightToGo
[2009.02.20 17:15:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterVideo
[2009.03.28 14:38:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech
[2010.02.07 15:30:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia
[2009.02.22 01:36:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Odyssee_Sib
[2010.12.04 20:07:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite
[2009.04.09 09:42:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RipIt4Me
[2008.06.02 17:06:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Crenetic
[2010.02.07 15:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2011.02.02 20:26:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011.03.26 11:29:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2011.03.27 07:37:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
< End of report >
Hi,
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
[2011.03.22 00:08:41 | 000,431,479 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110324-125646.backup
[2011.03.21 22:25:52 | 000,431,479 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110321-230841.backup
[2011.03.06 17:40:04 | 000,001,089 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110321-212552.backup
@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
headking
2011-04-05, 02:18
Hi Ken
Here the results:
All processes killed >>>
========== PROCESSES ==========
========== OTL ==========
C:\WINDOWS\system32\drivers\etc\hosts.20110324-125646.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110321-230841.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110321-212552.backup moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Administrator\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 8645459 bytes
->Temporary Internet Files folder emptied: 6511440 bytes
->Java cache emptied: 4748800 bytes
->Flash cache emptied: 90391 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Kinder
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49554 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 6788420 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 123156 bytes
->Flash cache emptied: 456 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 5336338 bytes
%systemroot%\System32 .tmp files removed: 212359 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 493056 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 32.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04052011_014511
Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF10E3.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF13B9.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF19C7.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF1B57.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF20A1.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF3C29.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF3C2E.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF3ED1.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF3EE6.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF4194.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF419C.tmp not found!
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF592C.tmp moved successfully.
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF8AC.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF8EAB.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DFB8EA.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DFDEE9.tmp not found!
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~WRD0000.doc moved successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~WRS0001.tmp moved successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...
New OTL >>>
OTL logfile created on: 05.04.2011 01:58:28 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37.24 Gb Total Space | 20.62 Gb Free Space | 55.37% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 211.68 Gb Free Space | 72.25% Space Free | Partition Type: NTFS
Drive F: | 3.72 Gb Total Space | 1.19 Gb Free Space | 31.84% Space Free | Partition Type: FAT32
Computer Name: SIEGENTH-185917 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2008.07.29 17:20:54 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.26 14:26:06 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
PRC - [2008.01.15 03:40:04 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006.11.27 16:24:20 | 000,126,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\VPTray.exe
PRC - [2006.11.27 16:21:02 | 001,836,640 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\Rtvscan.exe
PRC - [2006.11.27 16:18:28 | 000,031,840 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\DefWatch.exe
PRC - [2006.11.13 14:01:04 | 000,142,128 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2006.11.13 14:00:58 | 000,224,048 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe
PRC - [2006.11.13 14:00:48 | 000,113,456 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2006.11.13 13:43:56 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2006.07.19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
PRC - [2006.07.19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
PRC - [2006.04.11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2003.08.28 15:01:22 | 000,061,440 | ---- | M] () -- C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
PRC - [2001.02.23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
========== Modules (SafeList) ==========
MOD - [2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (clr_optimization_v2.0.50727_32)
SRV - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.29 17:20:54 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2008.01.15 03:40:04 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.11.27 16:22:04 | 000,120,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Programme\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006.11.27 16:21:02 | 001,836,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006.11.27 16:18:28 | 000,031,840 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006.11.13 14:01:04 | 000,142,128 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2006.11.13 14:00:58 | 000,224,048 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2006.11.13 14:00:48 | 000,113,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2006.11.13 13:43:56 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2006.09.08 15:47:28 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006.08.07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006.07.19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006.07.19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006.04.11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.08.28 15:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2001.02.23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
========== Driver Services (SafeList) ==========
DRV - [2010.12.17 11:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20110324.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2010.12.17 11:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20110324.016\NAVENG.SYS -- (NAVENG)
DRV - [2010.08.19 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.07.04 14:21:12 | 000,010,345 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.05.28 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.10.06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.10.06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.10.06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.05.16 00:58:44 | 004,069,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.04.01 08:28:32 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.03.27 19:24:20 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.29 17:20:58 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008.07.29 17:20:58 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2008.07.29 17:20:54 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.01.26 14:27:40 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative-SoundFont-Verwaltungstreiber (WDM)
DRV - [2008.01.26 14:26:14 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2008.01.26 14:26:00 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative-Schnittstellen-Verwaltungstreiber (WDM)
DRV - [2008.01.26 14:26:00 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2007.12.17 14:14:29 | 000,241,280 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2007.12.17 14:14:29 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2007.12.17 14:14:29 | 000,144,250 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2007.12.17 14:14:29 | 000,062,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007.12.17 14:14:29 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2007.12.17 14:14:29 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2007.12.17 14:14:29 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007.06.18 15:10:42 | 000,373,568 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv09.sys -- (acedrv09)
DRV - [2007.05.30 18:54:22 | 000,201,696 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp09.sys -- (acehlp09)
DRV - [2007.01.29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006.11.13 14:01:38 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2006.11.13 14:01:34 | 000,031,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2006.11.13 14:01:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2006.11.13 14:01:28 | 000,102,576 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2006.11.13 14:01:26 | 000,022,576 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2006.11.13 14:00:46 | 000,016,176 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2006.11.13 13:43:56 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2006.09.18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006.09.06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006.09.06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006.08.07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006.08.07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006.06.14 13:44:30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2006.04.11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005.10.21 09:04:22 | 000,018,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore.sys -- (hotcore)
DRV - [2004.05.28 07:22:24 | 000,046,104 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stusb2ir.sys -- (STUSB2Ir)
DRV - [2003.12.17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2003.12.17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)
DRV - [2003.12.17 10:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003.12.17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003.03.19 08:37:12 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECBatteryDRV.sys -- (ECBatteryDRV)
DRV - [2003.01.29 05:03:56 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECUtilityDRV.sys -- (ECUtilityDRV)
DRV - [2003.01.29 05:03:46 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECMonitorDRV.sys -- (ECMonitorDRV)
DRV - [2003.01.29 05:03:00 | 000,007,240 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\HotCPUDRV.sys -- (HotCPUDRV)
DRV - [2003.01.29 05:02:06 | 000,007,242 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\WinBootDRV.sys -- (WinBootDRV)
DRV - [2002.07.17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2011.04.05 01:45:16 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [vptray] C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] D:\Programme\Tools\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = [binary data]
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233350009690 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300835333359 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.17 13:25:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.04.05 01:45:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.04 21:40:29 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe
[2011.04.04 21:40:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.04.02 11:53:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011.04.02 10:22:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\erunt-setup.exe
[2011.03.27 23:41:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.03.27 13:34:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PackageAware
[2011.03.26 12:36:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2011.03.26 12:00:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.03.26 00:55:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2011.03.26 00:55:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager
[2011.03.24 14:22:56 | 000,952,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2011.03.20 20:45:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011.03.20 20:45:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011.03.20 12:26:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2011.03.20 12:26:54 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2011.03.20 12:23:05 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.03.20 12:23:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.03.20 12:23:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.03.20 12:23:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.03.19 14:31:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.03.18 21:49:29 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.03.17 22:12:51 | 000,000,000 | ---D | C] -- C:\bd_logs
[2011.03.12 18:35:20 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2011.03.12 18:35:19 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2011.03.12 15:26:58 | 000,000,000 | ---D | C] -- C:\MRecord
[2011.03.10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TDSSKiller.exe
[2011.03.09 01:17:06 | 000,071,880 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll-204976953
[2011.03.06 17:50:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2011.03.06 16:35:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\My ISO Files
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.04.05 01:49:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.05 01:48:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.05 01:48:04 | 2146,504,704 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.05 01:45:16 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.04.04 21:59:44 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat
[2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.04.04 21:27:18 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe
[2011.04.04 19:41:23 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.04.02 11:53:30 | 000,000,650 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2011.04.02 10:22:35 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\erunt-setup.exe
[2011.04.02 10:03:26 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.02 00:59:07 | 000,001,728 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT Task.vbs
[2011.04.02 00:22:03 | 000,000,082 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011.03.28 23:10:36 | 000,625,664 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dds.scr
[2011.03.27 17:26:22 | 000,002,530 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Test.jpg
[2011.03.27 10:46:07 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011.03.27 07:43:38 | 000,451,582 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.03.27 07:43:38 | 000,435,468 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.03.27 07:43:38 | 000,081,742 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.03.27 07:43:38 | 000,068,950 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.03.26 16:07:59 | 000,002,453 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft PowerPoint.lnk
[2011.03.26 01:05:22 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\TaskMan.lnk
[2011.03.24 00:05:53 | 000,000,770 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\OnlineScanner ESET.lnk
[2011.03.20 20:45:51 | 000,000,849 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.03.19 14:31:14 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.03.18 21:50:52 | 000,000,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\default.pls
[2011.03.12 18:31:48 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TDSSKiller.exe
[2011.03.09 01:41:51 | 000,013,272 | ---- | M] () -- C:\WINDOWS\System32\0
[2011.03.09 01:17:06 | 000,071,880 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll-204976953
========== Files Created - No Company Name ==========
[2011.04.04 21:59:44 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat
[2011.04.02 11:53:30 | 000,000,650 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2011.04.01 21:54:57 | 000,625,664 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dds.scr
[2011.03.27 17:26:22 | 000,002,530 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Test.jpg
[2011.03.26 01:05:22 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\TaskMan.lnk
[2011.03.25 16:45:17 | 2146,504,704 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.24 00:05:53 | 000,000,770 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\OnlineScanner ESET.lnk
[2011.03.20 20:45:51 | 000,000,849 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.03.09 01:41:44 | 000,013,272 | ---- | C] () -- C:\WINDOWS\System32\0
[2010.12.31 15:48:05 | 000,007,240 | R--- | C] () -- C:\WINDOWS\System32\drivers\HotCPUDRV.sys
[2010.12.31 15:48:03 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECUtilityDRV.sys
[2010.12.31 15:48:02 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECMonitorDRV.sys
[2010.12.31 15:48:01 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECBatteryDRV.sys
[2010.12.31 15:47:59 | 000,007,242 | R--- | C] () -- C:\WINDOWS\System32\WinBootDRV.sys
[2010.12.31 15:47:59 | 000,007,242 | R--- | C] () -- C:\WINDOWS\System32\drivers\WinBootDRV.sys
[2010.12.31 15:47:59 | 000,007,240 | R--- | C] () -- C:\WINDOWS\System32\HotCPUDRV.sys
[2010.12.31 15:47:59 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECUtilityDRV.sys
[2010.12.31 15:47:59 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECMonitorDRV.sys
[2010.12.31 15:47:58 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECBatteryDRV.sys
[2010.12.31 15:47:57 | 000,217,088 | R--- | C] () -- C:\WINDOWS\System32\DriverInstall.exe
[2010.08.18 23:39:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.10.11 14:31:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.05.21 22:34:19 | 000,071,812 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NMM-MetaData.db
[2009.05.15 22:54:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.05.15 22:54:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.04.27 21:07:02 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.23 15:04:54 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.04.05 23:25:36 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.04.05 01:28:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin
[2009.04.05 01:28:09 | 000,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin
[2009.04.05 01:28:09 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin
[2009.04.05 01:28:09 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin
[2009.04.05 01:28:09 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009.04.05 01:28:07 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2009.04.05 01:28:07 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2009.04.05 01:28:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.04.05 01:28:06 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2009.04.05 01:28:06 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2009.04.05 01:28:06 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2009.04.05 01:28:06 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2009.04.05 01:28:06 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2009.04.05 01:28:05 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.04.05 01:28:05 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2009.04.04 23:37:37 | 000,000,082 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.04.04 22:11:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.02.20 22:44:44 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FixVTS.ini
[2009.02.18 13:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009.02.03 16:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008.08.25 19:23:52 | 000,000,762 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008.04.15 19:58:46 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008.02.15 00:43:59 | 000,000,269 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2008.01.27 15:06:04 | 000,000,234 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008.01.26 11:18:34 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008.01.20 13:07:59 | 000,008,380 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.01.06 23:11:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.12.24 19:30:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI
[2007.12.24 17:45:27 | 000,000,176 | ---- | C] () -- C:\WINDOWS\ImageExplorer.INI
[2007.12.24 17:37:31 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2007.12.17 14:53:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007.12.17 14:44:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.12.17 13:28:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007.12.17 13:21:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007.12.17 12:59:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.12.17 12:58:22 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.03.20 17:16:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ASDR.exe
[2005.03.29 17:54:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005.03.29 17:54:44 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.10.11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2004.08.04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 12:00:00 | 000,451,582 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 12:00:00 | 000,435,468 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 12:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 12:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004390_.tmp.dll
[2004.08.04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 12:00:00 | 000,081,742 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 12:00:00 | 000,068,950 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 12:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 12:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004358_.tmp.dll
[2004.08.04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
< End of report >
Thank you so, now it's late I will go to bed! ;-)
Looking good
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
headking
2011-04-05, 22:59
Hi Ken
Log to ESET OnlineScanner>>>
D:\Downloads\Tools\Cleaning-Tools\Registry Booster 2011\registrybooster.exe Win32/RegistryBooster application
For me a little surprising; Software from Uniblue. I downloaded only (not installed) --> no problem to deled (I don't need)!
Well, not sure why if flagged it but so you know registry cleaners are not recommended, remove the wrong entry or entries and you can severely damage your system. If you install Uniblue, good luck finding an uninstall in the control panel, not my favorite software company..
How are things running now ?
headking
2011-04-06, 00:28
Now I'm able to connect to http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=de again! :)
Start up needs certain time (especially WITH Spybot S&D). Might be that you have a good idea!?
I still have --> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\\svchost.exe
Could it be that I still have some unnecessary svchost processes?!
We can remove that with OTL
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
:Services
:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-
:Files
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
headking
2011-04-07, 00:10
Hello Ken
Here the reports.
- The first one looks good to me. Spybot-SD doesn’t find anything now.
- The second report looks in one point strange to me.
----> C:\WINDOWS\system32\drivers\etc\hosts
Here the Hosts file actually has 421KB!!! Beside of that there is a file called
“hosts.20110405-224731.backup” with 1KB. Here I’m able to see the content.
127.0.0.1 localhost
::1 localhost
I shorted the OTL.Txt file in the strange area very much!
Except of this issue everything seems to run fine so far.
Thank you so much!
Below the reports:
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\\svchost.exe deleted successfully.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 208387 bytes
->Temporary Internet Files folder emptied: 7569517 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Kinder
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66444 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 8.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04062011_005311
Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF2E53.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF4430.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF444A.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF4911.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF4972.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF4D3E.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF4D51.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF6A4B.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF8295.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DFA746.tmp not found!
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DFE669.tmp moved successfully.
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DFF0C9.tmp not found!
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~WRD1889.doc moved successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~WRS0002.tmp moved successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2KMPZSP7\showthread[3].htm moved successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...
And >>> the shorted OTL
OTL logfile created on: 06.04.2011 21:57:42 - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37.24 Gb Total Space | 20.66 Gb Free Space | 55.46% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 211.68 Gb Free Space | 72.25% Space Free | Partition Type: NTFS
Computer Name: SIEGENTH-185917 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.07.29 17:20:54 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.26 14:26:06 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
PRC - [2008.01.15 03:40:04 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006.11.27 16:24:20 | 000,126,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\VPTray.exe
PRC - [2006.11.27 16:21:02 | 001,836,640 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\Rtvscan.exe
PRC - [2006.11.27 16:18:28 | 000,031,840 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\DefWatch.exe
PRC - [2006.11.13 14:01:04 | 000,142,128 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2006.11.13 14:00:58 | 000,224,048 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe
PRC - [2006.11.13 14:00:48 | 000,113,456 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2006.11.13 13:43:56 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2006.07.19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
PRC - [2006.07.19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
PRC - [2006.04.11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2003.08.28 15:01:22 | 000,061,440 | ---- | M] () -- C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
PRC - [2001.02.23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
========== Modules (SafeList) ==========
MOD - [2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (clr_optimization_v2.0.50727_32)
SRV - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.29 17:20:54 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2008.01.15 03:40:04 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.11.27 16:22:04 | 000,120,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Programme\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006.11.27 16:21:02 | 001,836,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006.11.27 16:18:28 | 000,031,840 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006.11.13 14:01:04 | 000,142,128 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2006.11.13 14:00:58 | 000,224,048 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2006.11.13 14:00:48 | 000,113,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2006.11.13 13:43:56 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2006.09.08 15:47:28 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006.08.07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006.07.19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006.07.19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006.04.11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.08.28 15:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2001.02.23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
========== Driver Services (SafeList) ==========
DRV - [2011.04.05 10:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20110405.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.04.05 10:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20110405.019\NAVENG.SYS -- (NAVENG)
DRV - [2010.08.19 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.07.04 14:21:12 | 000,010,345 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.05.28 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.10.06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.10.06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.10.06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.05.16 00:58:44 | 004,069,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.04.01 08:28:32 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.03.27 19:24:20 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.29 17:20:58 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008.07.29 17:20:58 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2008.07.29 17:20:54 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.01.26 14:27:40 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative-SoundFont-Verwaltungstreiber (WDM)
DRV - [2008.01.26 14:26:14 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2008.01.26 14:26:00 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative-Schnittstellen-Verwaltungstreiber (WDM)
DRV - [2008.01.26 14:26:00 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2007.12.17 14:14:29 | 000,241,280 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2007.12.17 14:14:29 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2007.12.17 14:14:29 | 000,144,250 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2007.12.17 14:14:29 | 000,062,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007.12.17 14:14:29 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2007.12.17 14:14:29 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2007.12.17 14:14:29 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007.06.18 15:10:42 | 000,373,568 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv09.sys -- (acedrv09)
DRV - [2007.05.30 18:54:22 | 000,201,696 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp09.sys -- (acehlp09)
DRV - [2007.01.29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006.11.13 14:01:38 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2006.11.13 14:01:34 | 000,031,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2006.11.13 14:01:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2006.11.13 14:01:28 | 000,102,576 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2006.11.13 14:01:26 | 000,022,576 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2006.11.13 14:00:46 | 000,016,176 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2006.11.13 13:43:56 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2006.09.18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006.09.06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006.09.06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006.08.07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006.08.07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006.06.14 13:44:30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2006.04.11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005.10.21 09:04:22 | 000,018,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore.sys -- (hotcore)
DRV - [2004.05.28 07:22:24 | 000,046,104 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stusb2ir.sys -- (STUSB2Ir)
DRV - [2003.12.17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2003.12.17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)
DRV - [2003.12.17 10:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003.12.17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003.03.19 08:37:12 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECBatteryDRV.sys -- (ECBatteryDRV)
DRV - [2003.01.29 05:03:56 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECUtilityDRV.sys -- (ECUtilityDRV)
DRV - [2003.01.29 05:03:46 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECMonitorDRV.sys -- (ECMonitorDRV)
DRV - [2003.01.29 05:03:00 | 000,007,240 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\HotCPUDRV.sys -- (HotCPUDRV)
DRV - [2003.01.29 05:02:06 | 000,007,242 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\WinBootDRV.sys -- (WinBootDRV)
DRV - [2002.07.17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2011.04.05 22:47:32 | 000,430,795 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: റ⌊匠慴瑲漠湥牴敩湩敳瑲摥戠⁹灓批瑯ⴠ匠慥捲…敄瑳潲൹ㄊ㜲〮〮ㄮ眉睷〮㜰畧牡潣൭ㄊ㜲〮〮ㄮ〉㜰畧牡潣൭ㄊ㜲〮〮ㄮ〉㠰潣൭ㄊ㜲〮〮ㄮ眉睷〮㠰潣൭ㄊ㜲〮〮ㄮ〉㠰潣൭ㄊ㜲〮〮ㄮ眉睷〮栰潣൭ㄊ㜲〮〮ㄮ〉栰潣൭ㄊ㜲〮〮ㄮ〉〱〴⸲潣൭ㄊ㜲〮〮ㄮ眉睷〮㈳㌴⸹潣൭ㄊ㜲〮〮ㄮ〉㈳㌴⸹潣൭ㄊ㜲〮〮ㄮ眉睷〮捳湡挮浯㈱⸷⸰⸰ऱ猰慣潣൭ㄊ㜲〮〮ㄮㄉ〰朰慲楴灳潲敢潣൭ㄊ㜲〮〮ㄮ眉睷ㄮ〰朰慲楴灳潲敢潣൭ㄊ㜲〮〮ㄮㄉ〰渱浡湥挮浯㈱⸷⸰⸰ऱ睷〱慮敭潣൭ㄊ㜲〮〮ㄮㄉ〰㠸㈸〹獣挮浯㈱⸷⸰⸰ऱ睷〱㠰㠸㤲挰潣൭ㄊ㜲〮〮ㄮ眉睷ㄮ〰敳汸湩獫挮浯㈱⸷⸰⸰ऱ〱猰硥楬歮潣൭ㄊ㜲〮〮ㄮ眉睷種煩湡浫挮൮ㄊ㜲〮〮ㄮ稉煩湡浫挮൮ㄊ㜲〮〮ㄮ稉煩楱挮浯㈱⸷⸰⸰ऱ睷楺煱潣൭ㄊ㜲〮〮ㄮ眉睷種癩湩捸挮൮ㄊ㜲〮〮ㄮ稉癩湩捸挮൮ㄊ㜲〮〮ㄮ稉歪睪朮癯挮൮ㄊ㜲〮〮ㄮ眉睷種歪睪朮癯挮൮ㄊ㜲〮〮ㄮ稉楬慨数湣㈱⸷⸰⸰ऱ睷決桩灡癥挮൮ㄊ㜲〮〮ㄮ稉敮瑸挮浯㈱⸷⸰⸰ऱ睷湺硥潣൭ㄊ㜲〮〮ㄮ稉湯慥慬浲搭睯汮慯ⵤ潮潣൭ㄊ㜲〮〮ㄮ眉睷種湯慥慬浲搭睯汮慯ⵤ潮潣൭ㄊ㜲〮〮ㄮ稉湯慥慬浲猭潴潣൭ㄊ㜲〮〮ㄮ眉睷種湯慥慬浲猭潴潣൭ㄊ㜲〮〮ㄮ稉湯ⵥ敭楤潣൭ㄊ㜲〮〮ㄮ眉睷種湯ⵥ敭楤潣൭ㄊ㜲〮〮ㄮ稉湯潥晦敲灥牯潣൭ㄊ㜲〮〮ㄮ稉潯楦潣൭ㄊ㜲〮〮ㄮ稉潯敭慧楳整挮浯㈱⸷⸰⸰ऱ潺浯異獬敮൴ㄊ㜲〮〮ㄮ眉睷種潯灭汵敳渮瑥㈱⸷⸰⸰ऱ睷灺晵獯穡挮൮ㄊ㜲〮〮ㄮ稉異潦慳湣㈱⸷⸰⸰ऱ灺敷獢畯捲潣൭ㄊ㜲〮〮ㄮ眉睷種睰扥潳牵散挮浯㈱⸷⸰⸰ऱ煺癡湡灪楢ൺㄊ㜲〮〮ㄮ眉睷種慱慶橮湰戮穩㈱⸷⸰⸰ऱ畱獥潣൭ㄊ㜲〮〮ㄮ眉睷種焭敵瑳挮浯㈱⸷⸰⸰ऱ睷牺睩畳潭湣㈱⸷⸰⸰ऱ牺睩畳潭湣㈱⸷⸰⸰ऱ睷獺晩灯橥挮൮ㄊ㜲〮〮ㄮ稉楳潦数湣㈱⸷⸰⸰ऱ睷獺灵牥癥瑩㈱⸷⸰⸰ऱ獺灵牥癥瑩㈱⸷⸰⸰ऱ睷獺捶浯慰祮挮浯㈱⸷⸰⸰ऱ獺捶浯慰祮挮浯㈱⸷⸰⸰ऱ睷畺潦普湣㈱⸷⸰⸰ऱ畺潦普湣㈱⸷⸰⸰ऱ睷畺祯畯敷湩湡挮浯㈱⸷⸰⸰ऱ畺祯畯敷湩湡挮浯㈱⸷⸰⸰ऱ睷畺牲獵潣挮浯㈱⸷⸰⸰ऱ畺牲獵潣挮浯㈱⸷⸰⸰ऱ睷畺灶煩湵挮൮ㄊ㜲〮〮ㄮ稉癵楰畱湣㈱⸷⸰⸰ऱ睷畺潷硨湣㈱⸷⸰⸰ऱ畺潷硨湣㈱⸷⸰⸰ऱ睷発浡祺捵潣൭ㄊ㜲〮〮ㄮ稉慶穭畹畣挮浯㈱⸷⸰⸰ऱ発浩杩慤潣൭ㄊ㜲〮〮ㄮ眉睷種楶畺整湣㈱⸷⸰⸰ऱ発穩瑵湥挮൮ㄊ㜲〮〮ㄮ眉睷種捸潳畬楴湯挮浯㈱⸷⸰⸰ऱ硺獣汯瑵潩潣൭ㄊ㜲〮〮ㄮ眉睷種汸湩獫挮浯㈱⸷⸰⸰ऱ硺楬歮潣൭ㄊ㜲〮〮ㄮ眉睷種潸慱慣湣㈱⸷⸰⸰ऱ硺煯捡牡挮൮ㄊ㜲〮〮ㄮ眉睷種獸硥⸲湩潦㈱⸷⸰⸰ऱ硺敳㉸椮普൯ㄊ㜲〮〮ㄮ稉批湡稭捯牯氭癥瑩慲挮浯‣桔獩氠獩⁴獩䌠灯特杩瑨㈠〰ⴰ〲㠰匠晡牥丠瑥潷歲湩楌業整⌊䔠摮漠湥牴敩湩敳瑲摥戠⁹灓批瑯ⴠ匠慥捲…敄瑳潲൹
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [vptray] C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] D:\Programme\Tools\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = [binary data]
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233350009690 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300835333359 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.17 13:25:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.04.05 01:45:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.04 21:40:29 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe
[2011.04.04 21:40:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.04.02 11:53:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011.04.02 10:22:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\erunt-setup.exe
[2011.03.27 23:41:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.03.27 13:34:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PackageAware
[2011.03.26 12:36:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2011.03.26 12:00:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.03.26 00:55:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2011.03.26 00:55:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager
[2011.03.24 14:22:56 | 000,952,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2011.03.20 20:45:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011.03.20 20:45:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011.03.20 12:26:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2011.03.20 12:26:54 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2011.03.20 12:23:05 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.03.20 12:23:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.03.20 12:23:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.03.20 12:23:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.03.19 14:31:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.03.18 21:49:29 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.03.17 22:12:51 | 000,000,000 | ---D | C] -- C:\bd_logs
[2011.03.12 18:35:20 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2011.03.12 18:35:19 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2011.03.12 15:26:58 | 000,000,000 | ---D | C] -- C:\MRecord
[2011.03.10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TDSSKiller.exe
[2011.03.09 01:17:06 | 000,071,880 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll-204976953
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.04.05 22:47:32 | 000,430,795 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.04.05 17:53:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.05 17:52:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.05 17:52:00 | 2146,504,704 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.05 01:45:16 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110405-224731.backup
[2011.04.04 21:59:44 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat
[2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.04.04 21:27:18 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe
[2011.04.04 19:41:23 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.04.02 11:53:30 | 000,000,650 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2011.04.02 10:22:35 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\erunt-setup.exe
[2011.04.02 10:03:26 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.02 00:59:07 | 000,001,728 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT Task.vbs
[2011.04.02 00:22:03 | 000,000,082 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011.03.28 23:10:36 | 000,625,664 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dds.scr
[2011.03.27 17:26:22 | 000,002,530 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Test.jpg
[2011.03.27 10:46:07 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011.03.27 07:43:38 | 000,451,582 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.03.27 07:43:38 | 000,435,468 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.03.27 07:43:38 | 000,081,742 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.03.27 07:43:38 | 000,068,950 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.03.26 16:07:59 | 000,002,453 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft PowerPoint.lnk
[2011.03.26 01:05:22 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\TaskMan.lnk
[2011.03.24 00:05:53 | 000,000,770 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\OnlineScanner ESET.lnk
[2011.03.20 20:45:51 | 000,000,849 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.03.19 14:31:14 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.03.18 21:50:52 | 000,000,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\default.pls
[2011.03.12 18:31:48 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TDSSKiller.exe
[2011.03.09 01:41:51 | 000,013,272 | ---- | M] () -- C:\WINDOWS\System32\0
[2011.03.09 01:17:06 | 000,071,880 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll-204976953
========== Files Created - No Company Name ==========
[2011.04.04 21:59:44 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat
[2011.04.02 11:53:30 | 000,000,650 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2011.04.01 21:54:57 | 000,625,664 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dds.scr
[2011.03.27 17:26:22 | 000,002,530 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Test.jpg
[2011.03.26 01:05:22 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\TaskMan.lnk
[2011.03.25 16:45:17 | 2146,504,704 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.24 00:05:53 | 000,000,770 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\OnlineScanner ESET.lnk
[2011.03.20 20:45:51 | 000,000,849 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.03.09 01:41:44 | 000,013,272 | ---- | C] () -- C:\WINDOWS\System32\0
[2010.12.31 15:48:05 | 000,007,240 | R--- | C] () -- C:\WINDOWS\System32\drivers\HotCPUDRV.sys
[2010.12.31 15:48:03 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECUtilityDRV.sys
[2010.12.31 15:48:02 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECMonitorDRV.sys
[2010.12.31 15:48:01 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECBatteryDRV.sys
[2010.12.31 15:47:59 | 000,007,242 | R--- | C] () -- C:\WINDOWS\System32\WinBootDRV.sys
[2010.12.31 15:47:59 | 000,007,242 | R--- | C] () -- C:\WINDOWS\System32\drivers\WinBootDRV.sys
[2010.12.31 15:47:59 | 000,007,240 | R--- | C] () -- C:\WINDOWS\System32\HotCPUDRV.sys
[2010.12.31 15:47:59 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECUtilityDRV.sys
[2010.12.31 15:47:59 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECMonitorDRV.sys
[2010.12.31 15:47:58 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECBatteryDRV.sys
[2010.12.31 15:47:57 | 000,217,088 | R--- | C] () -- C:\WINDOWS\System32\DriverInstall.exe
[2010.08.18 23:39:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.10.11 14:31:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.05.21 22:34:19 | 000,071,812 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NMM-MetaData.db
[2009.05.15 22:54:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.05.15 22:54:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.04.27 21:07:02 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.23 15:04:54 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.04.05 23:25:36 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.04.05 01:28:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin
[2009.04.05 01:28:09 | 000,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin
[2009.04.05 01:28:09 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin
[2009.04.05 01:28:09 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin
[2009.04.05 01:28:09 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009.04.05 01:28:07 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2009.04.05 01:28:07 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2009.04.05 01:28:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.04.05 01:28:06 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2009.04.05 01:28:06 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2009.04.05 01:28:06 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2009.04.05 01:28:06 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2009.04.05 01:28:06 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2009.04.05 01:28:05 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.04.05 01:28:05 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2009.04.04 23:37:37 | 000,000,082 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.04.04 22:11:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.02.20 22:44:44 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FixVTS.ini
[2009.02.18 13:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009.02.03 16:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008.08.25 19:23:52 | 000,000,762 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008.04.15 19:58:46 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008.02.15 00:43:59 | 000,000,269 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2008.01.27 15:06:04 | 000,000,234 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008.01.26 11:18:34 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008.01.20 13:07:59 | 000,008,380 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.01.06 23:11:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.12.24 19:30:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI
[2007.12.24 17:45:27 | 000,000,176 | ---- | C] () -- C:\WINDOWS\ImageExplorer.INI
[2007.12.24 17:37:31 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2007.12.17 14:53:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007.12.17 14:44:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.12.17 13:28:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007.12.17 13:21:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007.12.17 12:59:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.12.17 12:58:22 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.03.20 17:16:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ASDR.exe
[2005.03.29 17:54:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005.03.29 17:54:44 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.10.11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2004.08.04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 12:00:00 | 000,451,582 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 12:00:00 | 000,435,468 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 12:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 12:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004390_.tmp.dll
[2004.08.04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 12:00:00 | 000,081,742 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 12:00:00 | 000,068,950 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 12:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 12:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004358_.tmp.dll
[2004.08.04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
< End of report >
Hello ,
This one is infected and needs to go
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
[2011.04.05 01:45:16 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110405-224731.backup
:Services
:Reg
:Files
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
headking
2011-04-07, 01:24
Hello Ken
Now it looks much better! I hope I can keep this condition.
Or do you see anything?
All processes killed
========== PROCESSES ==========
========== OTL ==========
C:\WINDOWS\system32\drivers\etc\hosts.20110405-224731.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 132608 bytes
->Temporary Internet Files folder emptied: 6300029 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Kinder
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17037 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 6.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04072011_005429
Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF2EEC.tmp moved successfully.
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF380C.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF3811.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF388A.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF388F.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF38D9.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF38DE.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\QS2RJU49\showthread[4].htm not found!
Registry entries deleted on Reboot...
And the OTL
OTL logfile created on: 07.04.2011 01:11:17 - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37.24 Gb Total Space | 20.66 Gb Free Space | 55.47% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 211.68 Gb Free Space | 72.25% Space Free | Partition Type: NTFS
Drive F: | 3.72 Gb Total Space | 1.18 Gb Free Space | 31.73% Space Free | Partition Type: FAT32
Computer Name: SIEGENTH-185917 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.07.29 17:20:54 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.26 14:26:06 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
PRC - [2008.01.15 03:40:04 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006.11.27 16:24:20 | 000,126,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\VPTray.exe
PRC - [2006.11.27 16:21:02 | 001,836,640 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\Rtvscan.exe
PRC - [2006.11.27 16:18:28 | 000,031,840 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\DefWatch.exe
PRC - [2006.11.13 14:01:04 | 000,142,128 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2006.11.13 14:00:58 | 000,224,048 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe
PRC - [2006.11.13 14:00:48 | 000,113,456 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2006.11.13 13:43:56 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2006.07.19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
PRC - [2006.07.19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
PRC - [2006.04.11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2003.08.28 15:01:22 | 000,061,440 | ---- | M] () -- C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
PRC - [2001.02.23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
========== Modules (SafeList) ==========
MOD - [2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (clr_optimization_v2.0.50727_32)
SRV - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.29 17:20:54 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2008.01.15 03:40:04 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.11.27 16:22:04 | 000,120,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Programme\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006.11.27 16:21:02 | 001,836,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006.11.27 16:18:28 | 000,031,840 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006.11.13 14:01:04 | 000,142,128 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2006.11.13 14:00:58 | 000,224,048 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2006.11.13 14:00:48 | 000,113,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2006.11.13 13:43:56 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2006.09.08 15:47:28 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006.08.07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006.07.19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006.07.19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006.04.11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.08.28 15:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2001.02.23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
========== Driver Services (SafeList) ==========
DRV - [2011.04.05 10:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20110405.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.04.05 10:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20110405.019\NAVENG.SYS -- (NAVENG)
DRV - [2010.08.19 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.07.04 14:21:12 | 000,010,345 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.05.28 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.10.06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.10.06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.10.06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.05.16 00:58:44 | 004,069,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.04.01 08:28:32 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.03.27 19:24:20 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.29 17:20:58 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008.07.29 17:20:58 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2008.07.29 17:20:54 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.01.26 14:27:40 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative-SoundFont-Verwaltungstreiber (WDM)
DRV - [2008.01.26 14:26:14 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2008.01.26 14:26:00 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative-Schnittstellen-Verwaltungstreiber (WDM)
DRV - [2008.01.26 14:26:00 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2007.12.17 14:14:29 | 000,241,280 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2007.12.17 14:14:29 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2007.12.17 14:14:29 | 000,144,250 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2007.12.17 14:14:29 | 000,062,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007.12.17 14:14:29 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2007.12.17 14:14:29 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2007.12.17 14:14:29 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007.06.18 15:10:42 | 000,373,568 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv09.sys -- (acedrv09)
DRV - [2007.05.30 18:54:22 | 000,201,696 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp09.sys -- (acehlp09)
DRV - [2007.01.29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006.11.13 14:01:38 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2006.11.13 14:01:34 | 000,031,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2006.11.13 14:01:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2006.11.13 14:01:28 | 000,102,576 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2006.11.13 14:01:26 | 000,022,576 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2006.11.13 14:00:46 | 000,016,176 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2006.11.13 13:43:56 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2006.09.18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006.09.06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006.09.06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006.08.07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006.08.07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006.06.14 13:44:30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2006.04.11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005.10.21 09:04:22 | 000,018,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore.sys -- (hotcore)
DRV - [2004.05.28 07:22:24 | 000,046,104 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stusb2ir.sys -- (STUSB2Ir)
DRV - [2003.12.17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2003.12.17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)
DRV - [2003.12.17 10:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003.12.17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003.03.19 08:37:12 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECBatteryDRV.sys -- (ECBatteryDRV)
DRV - [2003.01.29 05:03:56 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECUtilityDRV.sys -- (ECUtilityDRV)
DRV - [2003.01.29 05:03:46 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECMonitorDRV.sys -- (ECMonitorDRV)
DRV - [2003.01.29 05:03:00 | 000,007,240 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\HotCPUDRV.sys -- (HotCPUDRV)
DRV - [2003.01.29 05:02:06 | 000,007,242 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\WinBootDRV.sys -- (WinBootDRV)
DRV - [2002.07.17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2011.04.07 00:54:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [vptray] C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] D:\Programme\Tools\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = [binary data]
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233350009690 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300835333359 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.17 13:25:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.04.05 01:45:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.04 21:40:29 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe
[2011.04.04 21:40:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.04.02 11:53:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011.04.02 10:22:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\erunt-setup.exe
[2011.03.27 23:41:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.03.27 13:34:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PackageAware
[2011.03.26 12:36:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2011.03.26 12:00:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.03.26 00:55:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2011.03.26 00:55:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager
[2011.03.24 14:22:56 | 000,952,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2011.03.20 20:45:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011.03.20 20:45:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011.03.20 12:26:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2011.03.20 12:26:54 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2011.03.20 12:23:05 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.03.20 12:23:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.03.20 12:23:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.03.20 12:23:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.03.19 14:31:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.03.18 21:49:29 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.03.17 22:12:51 | 000,000,000 | ---D | C] -- C:\bd_logs
[2011.03.12 18:35:20 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2011.03.12 18:35:19 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2011.03.12 15:26:58 | 000,000,000 | ---D | C] -- C:\MRecord
[2011.03.10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TDSSKiller.exe
[2011.03.09 01:17:06 | 000,071,880 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll-204976953
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.04.07 00:59:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.07 00:56:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.07 00:56:23 | 2146,504,704 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.07 00:54:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.04.04 21:59:44 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat
[2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.04.04 21:27:18 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe
[2011.04.04 19:41:23 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.04.02 11:53:30 | 000,000,650 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2011.04.02 10:22:35 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\erunt-setup.exe
[2011.04.02 10:03:26 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.02 00:59:07 | 000,001,728 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT Task.vbs
[2011.04.02 00:22:03 | 000,000,082 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011.03.28 23:10:36 | 000,625,664 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dds.scr
[2011.03.27 17:26:22 | 000,002,530 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Test.jpg
[2011.03.27 10:46:07 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011.03.27 07:43:38 | 000,451,582 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.03.27 07:43:38 | 000,435,468 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.03.27 07:43:38 | 000,081,742 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.03.27 07:43:38 | 000,068,950 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.03.26 16:07:59 | 000,002,453 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft PowerPoint.lnk
[2011.03.26 01:05:22 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\TaskMan.lnk
[2011.03.24 00:05:53 | 000,000,770 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\OnlineScanner ESET.lnk
[2011.03.20 20:45:51 | 000,000,849 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.03.19 14:31:14 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.03.18 21:50:52 | 000,000,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\default.pls
[2011.03.12 18:31:48 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TDSSKiller.exe
[2011.03.09 01:41:51 | 000,013,272 | ---- | M] () -- C:\WINDOWS\System32\0
[2011.03.09 01:17:06 | 000,071,880 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll-204976953
========== Files Created - No Company Name ==========
[2011.04.04 21:59:44 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat
[2011.04.02 11:53:30 | 000,000,650 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2011.04.01 21:54:57 | 000,625,664 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dds.scr
[2011.03.27 17:26:22 | 000,002,530 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Test.jpg
[2011.03.26 01:05:22 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\TaskMan.lnk
[2011.03.25 16:45:17 | 2146,504,704 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.24 00:05:53 | 000,000,770 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\OnlineScanner ESET.lnk
[2011.03.20 20:45:51 | 000,000,849 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.03.09 01:41:44 | 000,013,272 | ---- | C] () -- C:\WINDOWS\System32\0
[2010.12.31 15:48:05 | 000,007,240 | R--- | C] () -- C:\WINDOWS\System32\drivers\HotCPUDRV.sys
[2010.12.31 15:48:03 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECUtilityDRV.sys
[2010.12.31 15:48:02 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECMonitorDRV.sys
[2010.12.31 15:48:01 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECBatteryDRV.sys
[2010.12.31 15:47:59 | 000,007,242 | R--- | C] () -- C:\WINDOWS\System32\WinBootDRV.sys
[2010.12.31 15:47:59 | 000,007,242 | R--- | C] () -- C:\WINDOWS\System32\drivers\WinBootDRV.sys
[2010.12.31 15:47:59 | 000,007,240 | R--- | C] () -- C:\WINDOWS\System32\HotCPUDRV.sys
[2010.12.31 15:47:59 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECUtilityDRV.sys
[2010.12.31 15:47:59 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECMonitorDRV.sys
[2010.12.31 15:47:58 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECBatteryDRV.sys
[2010.12.31 15:47:57 | 000,217,088 | R--- | C] () -- C:\WINDOWS\System32\DriverInstall.exe
[2010.08.18 23:39:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.10.11 14:31:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.05.21 22:34:19 | 000,071,812 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NMM-MetaData.db
[2009.05.15 22:54:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.05.15 22:54:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.04.27 21:07:02 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.23 15:04:54 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.04.05 23:25:36 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.04.05 01:28:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin
[2009.04.05 01:28:09 | 000,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin
[2009.04.05 01:28:09 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin
[2009.04.05 01:28:09 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin
[2009.04.05 01:28:09 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009.04.05 01:28:07 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2009.04.05 01:28:07 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2009.04.05 01:28:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.04.05 01:28:06 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2009.04.05 01:28:06 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2009.04.05 01:28:06 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2009.04.05 01:28:06 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2009.04.05 01:28:06 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2009.04.05 01:28:05 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.04.05 01:28:05 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2009.04.04 23:37:37 | 000,000,082 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.04.04 22:11:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.02.20 22:44:44 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FixVTS.ini
[2009.02.18 13:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009.02.03 16:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008.08.25 19:23:52 | 000,000,762 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008.04.15 19:58:46 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008.02.15 00:43:59 | 000,000,269 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2008.01.27 15:06:04 | 000,000,234 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008.01.26 11:18:34 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008.01.20 13:07:59 | 000,008,380 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.01.06 23:11:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.12.24 19:30:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI
[2007.12.24 17:45:27 | 000,000,176 | ---- | C] () -- C:\WINDOWS\ImageExplorer.INI
[2007.12.24 17:37:31 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2007.12.17 14:53:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007.12.17 14:44:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.12.17 13:28:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007.12.17 13:21:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007.12.17 12:59:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.12.17 12:58:22 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.03.20 17:16:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ASDR.exe
[2005.03.29 17:54:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005.03.29 17:54:44 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.10.11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2004.08.04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 12:00:00 | 000,451,582 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 12:00:00 | 000,435,468 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 12:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 12:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004390_.tmp.dll
[2004.08.04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 12:00:00 | 000,081,742 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 12:00:00 | 000,068,950 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 12:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 12:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004358_.tmp.dll
[2004.08.04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
< End of report >
:bigthumb:
How are things running now ?
headking
2011-04-08, 01:20
Hello Ken!
It seems everything is working well! I realy can do everything on the computer. No blue sceen, no re-direction, nothing. After your reply yesterday I was running OnlineScanner ESET one more time and Spybot as well. Then a surfed for about 2hours (realy clean pages).
And now the bad news. I got the same infection as yesterday!!
--> Hosts (422 KB) in etc folder.
What does that mean? What can it do?
Here the shorted OTL log again.
OTL logfile created on: 08.04.2011 00:53:25 - Run 7
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37.24 Gb Total Space | 20.60 Gb Free Space | 55.30% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 211.69 Gb Free Space | 72.25% Space Free | Partition Type: NTFS
Drive F: | 3.72 Gb Total Space | 1.18 Gb Free Space | 31.56% Space Free | Partition Type: FAT32
Computer Name: SIEGENTH-185917 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2011.01.22 07:06:20 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.07.29 17:20:54 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.26 14:26:06 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
PRC - [2008.01.15 03:40:04 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006.11.27 16:24:20 | 000,126,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\VPTray.exe
PRC - [2006.11.27 16:21:02 | 001,836,640 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\Rtvscan.exe
PRC - [2006.11.27 16:18:28 | 000,031,840 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\DefWatch.exe
PRC - [2006.11.13 14:01:04 | 000,142,128 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2006.11.13 14:00:58 | 000,224,048 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe
PRC - [2006.11.13 14:00:48 | 000,113,456 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2006.11.13 13:43:56 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2006.07.19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
PRC - [2006.07.19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
PRC - [2006.04.11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2003.08.28 15:01:22 | 000,061,440 | ---- | M] () -- C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
PRC - [2001.02.23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
========== Modules (SafeList) ==========
MOD - [2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (clr_optimization_v2.0.50727_32)
SRV - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.29 17:20:54 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2008.01.15 03:40:04 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.11.27 16:22:04 | 000,120,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Programme\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006.11.27 16:21:02 | 001,836,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006.11.27 16:18:28 | 000,031,840 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006.11.13 14:01:04 | 000,142,128 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2006.11.13 14:00:58 | 000,224,048 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2006.11.13 14:00:48 | 000,113,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2006.11.13 13:43:56 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2006.09.08 15:47:28 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006.08.07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006.07.19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006.07.19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006.04.11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.08.28 15:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2001.02.23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
========== Driver Services (SafeList) ==========
DRV - [2011.04.05 10:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20110405.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.04.05 10:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20110405.019\NAVENG.SYS -- (NAVENG)
DRV - [2010.08.19 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.07.04 14:21:12 | 000,010,345 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.05.28 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.10.06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.10.06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.10.06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.05.16 00:58:44 | 004,069,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.04.01 08:28:32 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.03.27 19:24:20 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.29 17:20:58 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008.07.29 17:20:58 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2008.07.29 17:20:54 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.01.26 14:27:40 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative-SoundFont-Verwaltungstreiber (WDM)
DRV - [2008.01.26 14:26:14 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2008.01.26 14:26:00 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative-Schnittstellen-Verwaltungstreiber (WDM)
DRV - [2008.01.26 14:26:00 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2007.12.17 14:14:29 | 000,241,280 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2007.12.17 14:14:29 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2007.12.17 14:14:29 | 000,144,250 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2007.12.17 14:14:29 | 000,062,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007.12.17 14:14:29 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2007.12.17 14:14:29 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2007.12.17 14:14:29 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007.06.18 15:10:42 | 000,373,568 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv09.sys -- (acedrv09)
DRV - [2007.05.30 18:54:22 | 000,201,696 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp09.sys -- (acehlp09)
DRV - [2007.01.29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006.11.13 14:01:38 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2006.11.13 14:01:34 | 000,031,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2006.11.13 14:01:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2006.11.13 14:01:28 | 000,102,576 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2006.11.13 14:01:26 | 000,022,576 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2006.11.13 14:00:46 | 000,016,176 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2006.11.13 13:43:56 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2006.09.18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006.09.06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006.09.06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006.08.07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006.08.07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006.06.14 13:44:30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2006.04.11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005.10.21 09:04:22 | 000,018,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore.sys -- (hotcore)
DRV - [2004.05.28 07:22:24 | 000,046,104 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stusb2ir.sys -- (STUSB2Ir)
DRV - [2003.12.17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2003.12.17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)
DRV - [2003.12.17 10:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003.12.17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003.03.19 08:37:12 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECBatteryDRV.sys -- (ECBatteryDRV)
DRV - [2003.01.29 05:03:56 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECUtilityDRV.sys -- (ECUtilityDRV)
DRV - [2003.01.29 05:03:46 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECMonitorDRV.sys -- (ECMonitorDRV)
DRV - [2003.01.29 05:03:00 | 000,007,240 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\HotCPUDRV.sys -- (HotCPUDRV)
DRV - [2003.01.29 05:02:06 | 000,007,242 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\WinBootDRV.sys -- (WinBootDRV)
DRV - [2002.07.17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2011.04.07 20:59:39 | 000,431,555 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: റ⌊匠慴瑲漠湥牴敩湩敳瑲摥戠⁹灓批瑯ⴠ匠慥捲…敄瑳潲൹ㄊ㜲〮〮ㄮ眉睷〮㜰畧牡潣൭ㄊ㜲〮〮ㄮ〉㜰畧牡潣൭ㄊ㜲〮〮ㄮ〉㠰潣൭ㄊ㜲〮〮ㄮ眉睷〮㠰潣൭ㄊ㜲〮〮ㄮ〉㠰潣൭ㄊ㜲〮〮ㄮ眉睷〮栰潣൭ㄊ㜲〮〮ㄮ〉栰潣൭ㄊ㜲〮〮ㄮ〉〱〴⸲潣൭ㄊ㜲〮〮ㄮ眉睷〮㈳㌴⸹潣൭ㄊ㜲〮〮ㄮ〉㈳㌴⸹潣൭ㄊ㜲〮〮ㄮ眉睷〮捳湡挮浯㈱⸷⸰⸰ऱ猰慣潣൭ㄊ㜲〮〮ㄮㄉ〰朰慲楴灳潲敢潣൭ㄊ㜲〮〮ㄮ眉睷ㄮ〰㈱⸷⸰⸰ऱ硺獣汯瑵潩潣൭ㄊ㜲〮〮ㄮ眉睷種汸湩獫挮浯㈱⸷⸰⸰ऱ硺楬歮潣൭ㄊ㜲〮〮ㄮ眉睷種潸慱慣湣㈱⸷⸰⸰ऱ硺煯捡牡挮൮ㄊ㜲〮〮ㄮ眉睷種獸硥⸲湩潦㈱⸷⸰⸰ऱ硺敳㉸椮普൯ㄊ㜲〮〮ㄮ稉批湡稭捯牯氭癥瑩慲挮浯‣桔獩氠獩⁴獩䌠灯特杩瑨㈠〰ⴰ〲㠰匠晡牥丠瑥潷歲湩楌業整⌊䔠摮漠湥牴敩湩敳瑲摥戠⁹灓批瑯ⴠ匠慥捲…敄瑳潲൹
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [vptray] C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] D:\Programme\Tools\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = [binary data]
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233350009690 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300835333359 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.17 13:25:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.04.07 19:40:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011.04.05 01:45:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.04 21:40:29 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe
[2011.04.04 21:40:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.04.02 11:53:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011.04.02 10:22:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\erunt-setup.exe
[2011.03.27 23:41:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.03.27 13:34:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PackageAware
[2011.03.26 12:36:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2011.03.26 12:00:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.03.26 00:55:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2011.03.26 00:55:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager
[2011.03.24 14:22:56 | 000,952,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2011.03.20 20:45:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011.03.20 20:45:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011.03.20 12:26:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2011.03.20 12:26:54 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2011.03.20 12:23:05 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.03.20 12:23:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.03.20 12:23:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.03.20 12:23:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.03.19 14:31:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.03.18 21:49:29 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.03.17 22:12:51 | 000,000,000 | ---D | C] -- C:\bd_logs
[2011.03.12 18:35:20 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2011.03.12 18:35:19 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2011.03.12 15:26:58 | 000,000,000 | ---D | C] -- C:\MRecord
[2011.03.10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TDSSKiller.exe
[2011.03.09 01:17:06 | 000,071,880 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll-204976953
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.04.08 00:08:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.07 20:59:39 | 000,431,555 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.04.07 19:22:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.07 19:21:46 | 2146,504,704 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.07 00:54:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110407-205939.backup
[2011.04.04 21:59:44 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat
[2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.04.04 21:27:18 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe
[2011.04.04 19:41:23 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.04.02 11:53:30 | 000,000,650 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2011.04.02 10:22:35 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\erunt-setup.exe
[2011.04.02 10:04:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.02 00:59:07 | 000,001,728 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT Task.vbs
[2011.04.02 00:22:03 | 000,000,082 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011.03.28 23:10:36 | 000,625,664 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dds.scr
[2011.03.27 17:26:22 | 000,002,530 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Test.jpg
[2011.03.27 10:46:07 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011.03.27 07:43:38 | 000,451,582 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.03.27 07:43:38 | 000,435,468 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.03.27 07:43:38 | 000,081,742 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.03.27 07:43:38 | 000,068,950 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.03.26 16:07:59 | 000,002,453 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft PowerPoint.lnk
[2011.03.26 01:05:22 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\TaskMan.lnk
[2011.03.24 00:05:53 | 000,000,770 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\OnlineScanner ESET.lnk
[2011.03.20 20:45:51 | 000,000,849 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.03.19 14:31:14 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.03.18 21:50:52 | 000,000,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\default.pls
[2011.03.12 18:31:48 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TDSSKiller.exe
[2011.03.09 01:41:51 | 000,013,272 | ---- | M] () -- C:\WINDOWS\System32\0
[2011.03.09 01:17:06 | 000,071,880 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll-204976953
========== Files Created - No Company Name ==========
[2011.04.07 19:39:54 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011.04.07 19:39:53 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011.04.04 21:59:44 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat
[2011.04.02 11:53:30 | 000,000,650 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2011.04.01 21:54:57 | 000,625,664 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dds.scr
[2011.03.27 17:26:22 | 000,002,530 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Test.jpg
[2011.03.26 01:05:22 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\TaskMan.lnk
[2011.03.25 16:45:17 | 2146,504,704 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.24 00:05:53 | 000,000,770 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\OnlineScanner ESET.lnk
[2011.03.20 20:45:51 | 000,000,849 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.03.09 01:41:44 | 000,013,272 | ---- | C] () -- C:\WINDOWS\System32\0
[2010.12.31 15:48:05 | 000,007,240 | R--- | C] () -- C:\WINDOWS\System32\drivers\HotCPUDRV.sys
[2010.12.31 15:48:03 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECUtilityDRV.sys
[2010.12.31 15:48:02 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECMonitorDRV.sys
[2010.12.31 15:48:01 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECBatteryDRV.sys
[2010.12.31 15:47:59 | 000,007,242 | R--- | C] () -- C:\WINDOWS\System32\WinBootDRV.sys
[2010.12.31 15:47:59 | 000,007,242 | R--- | C] () -- C:\WINDOWS\System32\drivers\WinBootDRV.sys
[2010.12.31 15:47:59 | 000,007,240 | R--- | C] () -- C:\WINDOWS\System32\HotCPUDRV.sys
[2010.12.31 15:47:59 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECUtilityDRV.sys
[2010.12.31 15:47:59 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECMonitorDRV.sys
[2010.12.31 15:47:58 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECBatteryDRV.sys
[2010.12.31 15:47:57 | 000,217,088 | R--- | C] () -- C:\WINDOWS\System32\DriverInstall.exe
[2010.08.18 23:39:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.10.11 14:31:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.05.21 22:34:19 | 000,071,812 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NMM-MetaData.db
[2009.05.15 22:54:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.05.15 22:54:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.04.27 21:07:02 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.23 15:04:54 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.04.05 23:25:36 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.04.05 01:28:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin
[2009.04.05 01:28:09 | 000,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin
[2009.04.05 01:28:09 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin
[2009.04.05 01:28:09 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin
[2009.04.05 01:28:09 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009.04.05 01:28:07 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2009.04.05 01:28:07 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2009.04.05 01:28:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.04.05 01:28:06 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2009.04.05 01:28:06 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2009.04.05 01:28:06 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2009.04.05 01:28:06 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2009.04.05 01:28:06 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2009.04.05 01:28:05 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.04.05 01:28:05 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2009.04.04 23:37:37 | 000,000,082 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.04.04 22:11:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.02.20 22:44:44 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FixVTS.ini
[2009.02.18 13:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009.02.03 16:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008.08.25 19:23:52 | 000,000,762 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008.04.15 19:58:46 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008.02.15 00:43:59 | 000,000,269 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2008.01.27 15:06:04 | 000,000,234 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008.01.26 11:18:34 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008.01.20 13:07:59 | 000,008,380 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.01.06 23:11:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.12.24 19:30:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI
[2007.12.24 17:45:27 | 000,000,176 | ---- | C] () -- C:\WINDOWS\ImageExplorer.INI
[2007.12.24 17:37:31 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2007.12.17 14:53:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007.12.17 14:44:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.12.17 13:28:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007.12.17 13:21:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007.12.17 12:59:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.12.17 12:58:22 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.03.20 17:16:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ASDR.exe
[2005.03.29 17:54:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005.03.29 17:54:44 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.10.11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2004.08.04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 12:00:00 | 000,451,582 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 12:00:00 | 000,435,468 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 12:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 12:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004390_.tmp.dll
[2004.08.04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 12:00:00 | 000,081,742 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 12:00:00 | 000,068,950 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 12:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 12:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004358_.tmp.dll
[2004.08.04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
< End of report >
Good Morning,
Thats a stange hosts file, never saw it before, I am going to ask other helpers to take a peak and shed some light on it.
Lets fix it one more time and go from there
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
[2011.04.07 00:54:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110407-205939.backup
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
headking
2011-04-10, 01:29
Hello Ken
What I meanwhile did:
First of all I wanted to know more about Spybot’s possibilities.
In advanced mode I saw that there one has the possibility to see what’s written in the hosts file (with Notepad it wasn’t possible).
Further I saw that there is a button called “recover security file” (I have it in German). This was what I did. One would also have the possibility to write protect the hosts file. But originally it isn’t. Since this action everything is running as it should.
Again I did a scan with ESET and Spybot as well. Nothing found! Further I made the OTL log.
How does it look to you?
What about the second line?
O1 - Hosts: 127.0.0.1localhost (good)
O1 - Hosts: ::1 localhost (what about this)??? Does this look good to you?
headking
2011-04-10, 01:31
Sorry, here the remaining:
OTL logfile created on: 09.04.2011 22:06:58 - Run 8
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37.24 Gb Total Space | 20.65 Gb Free Space | 55.44% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 211.69 Gb Free Space | 72.26% Space Free | Partition Type: NTFS
Drive F: | 3.72 Gb Total Space | 1.17 Gb Free Space | 31.51% Space Free | Partition Type: FAT32
Computer Name: SIEGENTH-185917 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.07.29 17:20:54 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.26 14:26:06 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
PRC - [2008.01.15 03:40:04 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006.11.27 16:24:20 | 000,126,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\VPTray.exe
PRC - [2006.11.27 16:21:02 | 001,836,640 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\Rtvscan.exe
PRC - [2006.11.27 16:18:28 | 000,031,840 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\DefWatch.exe
PRC - [2006.11.13 14:01:04 | 000,142,128 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2006.11.13 14:00:58 | 000,224,048 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe
PRC - [2006.11.13 14:00:48 | 000,113,456 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2006.11.13 13:43:56 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2006.07.19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
PRC - [2006.07.19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
PRC - [2006.04.11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2003.08.28 15:01:22 | 000,061,440 | ---- | M] () -- C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
PRC - [2001.02.23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
========== Modules (SafeList) ==========
MOD - [2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (clr_optimization_v2.0.50727_32)
SRV - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.29 17:20:54 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2008.01.15 03:40:04 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.11.27 16:22:04 | 000,120,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Programme\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006.11.27 16:21:02 | 001,836,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006.11.27 16:18:28 | 000,031,840 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006.11.13 14:01:04 | 000,142,128 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2006.11.13 14:00:58 | 000,224,048 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2006.11.13 14:00:48 | 000,113,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2006.11.13 13:43:56 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2006.09.08 15:47:28 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006.08.07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006.07.19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006.07.19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006.04.11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.08.28 15:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2001.02.23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
========== Driver Services (SafeList) ==========
DRV - [2011.04.05 10:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20110409.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.04.05 10:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20110409.002\NAVENG.SYS -- (NAVENG)
DRV - [2010.08.19 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.07.04 14:21:12 | 000,010,345 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.05.28 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.10.06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.10.06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.10.06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.05.16 00:58:44 | 004,069,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.04.01 08:28:32 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.03.27 19:24:20 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.29 17:20:58 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008.07.29 17:20:58 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2008.07.29 17:20:54 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.01.26 14:27:40 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative-SoundFont-Verwaltungstreiber (WDM)
DRV - [2008.01.26 14:26:14 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2008.01.26 14:26:00 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative-Schnittstellen-Verwaltungstreiber (WDM)
DRV - [2008.01.26 14:26:00 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2007.12.17 14:14:29 | 000,241,280 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2007.12.17 14:14:29 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2007.12.17 14:14:29 | 000,144,250 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2007.12.17 14:14:29 | 000,062,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007.12.17 14:14:29 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2007.12.17 14:14:29 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2007.12.17 14:14:29 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007.06.18 15:10:42 | 000,373,568 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv09.sys -- (acedrv09)
DRV - [2007.05.30 18:54:22 | 000,201,696 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp09.sys -- (acehlp09)
DRV - [2007.01.29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006.11.13 14:01:38 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2006.11.13 14:01:34 | 000,031,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2006.11.13 14:01:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2006.11.13 14:01:28 | 000,102,576 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2006.11.13 14:01:26 | 000,022,576 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2006.11.13 14:00:46 | 000,016,176 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2006.11.13 13:43:56 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2006.09.18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006.09.06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006.09.06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006.08.07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006.08.07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006.06.14 13:44:30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2006.04.11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005.10.21 09:04:22 | 000,018,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore.sys -- (hotcore)
DRV - [2004.05.28 07:22:24 | 000,046,104 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stusb2ir.sys -- (STUSB2Ir)
DRV - [2003.12.17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2003.12.17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)
DRV - [2003.12.17 10:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003.12.17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003.03.19 08:37:12 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECBatteryDRV.sys -- (ECBatteryDRV)
DRV - [2003.01.29 05:03:56 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECUtilityDRV.sys -- (ECUtilityDRV)
DRV - [2003.01.29 05:03:46 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECMonitorDRV.sys -- (ECMonitorDRV)
DRV - [2003.01.29 05:03:00 | 000,007,240 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\HotCPUDRV.sys -- (HotCPUDRV)
DRV - [2003.01.29 05:02:06 | 000,007,242 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\WinBootDRV.sys -- (WinBootDRV)
DRV - [2002.07.17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2011.04.07 00:54:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [vptray] C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] D:\Programme\Tools\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = [binary data]
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233350009690 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300835333359 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.17 13:25:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.04.09 16:14:26 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMCTLde.DLL
[2011.04.09 16:14:26 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll
[2011.04.09 16:14:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2011.04.09 16:14:26 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGDE.DLL
[2011.04.09 16:14:26 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMCT2DE.dll
[2011.04.09 16:14:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sweepi
[2011.04.05 01:45:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.04 21:40:29 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe
[2011.04.04 21:40:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.04.02 11:53:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011.04.02 10:22:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\erunt-setup.exe
[2011.03.27 23:41:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.03.27 13:34:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PackageAware
[2011.03.26 12:36:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2011.03.26 12:00:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.03.26 00:55:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2011.03.26 00:55:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager
[2011.03.24 14:22:56 | 000,952,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2011.03.20 20:45:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011.03.20 20:45:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011.03.20 12:26:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2011.03.20 12:26:54 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2011.03.20 12:23:05 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.03.20 12:23:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.03.20 12:23:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.03.20 12:23:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.03.19 14:31:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.03.18 21:49:29 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.03.17 22:12:51 | 000,000,000 | ---D | C] -- C:\bd_logs
[2011.03.12 18:35:20 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2011.03.12 18:35:19 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2011.03.12 15:26:58 | 000,000,000 | ---D | C] -- C:\MRecord
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.04.09 21:40:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.09 21:39:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.09 21:38:54 | 2146,504,704 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.09 16:14:26 | 000,000,764 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Sweepi.lnk
[2011.04.07 20:59:39 | 000,431,555 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110409-144055.backup
[2011.04.07 00:54:33 | 000,000,098 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Hosts_Original
[2011.04.07 00:54:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.04.04 21:59:44 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat
[2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.04.04 21:27:18 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe
[2011.04.04 19:41:23 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.04.02 11:53:30 | 000,000,650 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2011.04.02 10:22:35 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\erunt-setup.exe
[2011.04.02 00:59:07 | 000,001,728 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT Task.vbs
[2011.04.02 00:22:03 | 000,000,082 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011.03.28 23:10:36 | 000,625,664 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dds.scr
[2011.03.27 17:26:22 | 000,002,530 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Test.jpg
[2011.03.27 10:46:07 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011.03.27 07:43:38 | 000,451,582 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.03.27 07:43:38 | 000,435,468 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.03.27 07:43:38 | 000,081,742 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.03.27 07:43:38 | 000,068,950 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.03.26 16:07:59 | 000,002,453 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft PowerPoint.lnk
[2011.03.26 01:05:22 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\TaskMan.lnk
[2011.03.24 00:05:53 | 000,000,770 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\OnlineScanner ESET.lnk
[2011.03.20 20:45:51 | 000,000,849 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.03.19 14:31:14 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.03.18 21:50:52 | 000,000,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\default.pls
[2011.03.12 18:31:48 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2011.04.09 16:14:26 | 000,006,114 | ---- | C] () -- C:\WINDOWS\System32\SHELLLNK.tlb
[2011.04.09 16:14:26 | 000,000,764 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Sweepi.lnk
[2011.04.09 14:59:28 | 000,000,098 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Hosts_Original
[2011.04.07 19:39:54 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011.04.07 19:39:53 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011.04.04 21:59:44 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat
[2011.04.02 11:53:30 | 000,000,650 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2011.04.01 21:54:57 | 000,625,664 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dds.scr
[2011.03.27 17:26:22 | 000,002,530 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Test.jpg
[2011.03.26 01:05:22 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\TaskMan.lnk
[2011.03.25 16:45:17 | 2146,504,704 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.24 00:05:53 | 000,000,770 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\OnlineScanner ESET.lnk
[2011.03.20 20:45:51 | 000,000,849 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010.12.31 15:48:05 | 000,007,240 | R--- | C] () -- C:\WINDOWS\System32\drivers\HotCPUDRV.sys
[2010.12.31 15:48:03 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECUtilityDRV.sys
[2010.12.31 15:48:02 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECMonitorDRV.sys
[2010.12.31 15:48:01 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECBatteryDRV.sys
[2010.12.31 15:47:59 | 000,007,242 | R--- | C] () -- C:\WINDOWS\System32\WinBootDRV.sys
[2010.12.31 15:47:59 | 000,007,242 | R--- | C] () -- C:\WINDOWS\System32\drivers\WinBootDRV.sys
[2010.12.31 15:47:59 | 000,007,240 | R--- | C] () -- C:\WINDOWS\System32\HotCPUDRV.sys
[2010.12.31 15:47:59 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECUtilityDRV.sys
[2010.12.31 15:47:59 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECMonitorDRV.sys
[2010.12.31 15:47:58 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECBatteryDRV.sys
[2010.12.31 15:47:57 | 000,217,088 | R--- | C] () -- C:\WINDOWS\System32\DriverInstall.exe
[2010.08.18 23:39:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.10.11 14:31:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.05.21 22:34:19 | 000,071,812 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NMM-MetaData.db
[2009.05.15 22:54:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.05.15 22:54:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.04.27 21:07:02 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.23 15:04:54 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.04.05 23:25:36 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.04.05 01:28:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin
[2009.04.05 01:28:09 | 000,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin
[2009.04.05 01:28:09 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin
[2009.04.05 01:28:09 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin
[2009.04.05 01:28:09 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009.04.05 01:28:07 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2009.04.05 01:28:07 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2009.04.05 01:28:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.04.05 01:28:06 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2009.04.05 01:28:06 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2009.04.05 01:28:06 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2009.04.05 01:28:06 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2009.04.05 01:28:06 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2009.04.05 01:28:05 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.04.05 01:28:05 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2009.04.04 23:37:37 | 000,000,082 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.04.04 22:11:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.02.20 22:44:44 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FixVTS.ini
[2009.02.18 13:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009.02.03 16:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008.08.25 19:23:52 | 000,000,762 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008.04.15 19:58:46 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008.02.15 00:43:59 | 000,000,269 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2008.01.27 15:06:04 | 000,000,234 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008.01.26 11:18:34 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008.01.20 13:07:59 | 000,008,380 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.01.06 23:11:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.12.24 19:30:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI
[2007.12.24 17:45:27 | 000,000,176 | ---- | C] () -- C:\WINDOWS\ImageExplorer.INI
[2007.12.24 17:37:31 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2007.12.17 14:53:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007.12.17 14:44:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.12.17 13:28:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007.12.17 13:21:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007.12.17 12:59:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.12.17 12:58:22 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.03.20 17:16:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ASDR.exe
[2005.03.29 17:54:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005.03.29 17:54:44 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.10.11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2004.08.04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 12:00:00 | 000,451,582 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 12:00:00 | 000,435,468 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 12:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 12:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004390_.tmp.dll
[2004.08.04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 12:00:00 | 000,081,742 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 12:00:00 | 000,068,950 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 12:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 12:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004358_.tmp.dll
[2004.08.04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
< End of report >
Hi,
O1 - Hosts: 127.0.0.1 localhost <--This is the address of your own computer and its safe
O1 - Hosts: ::1 localhost <--This is the Default Entry of Windows Host File
Still looking at some things that need to go
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
headking
2011-04-10, 23:20
Hello Ken
Stopping AntiVirus wasn't that simple (even with your link)!
Meanwhile I've everything done.
Here the log. How does it look to you?
ComboFix 11-04-09.01 - Administrator 10.04.2011 21:40:38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.41.1031.18.2047.1482 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\_004311_.tmp.dll
c:\windows\system32\_004312_.tmp.dll
c:\windows\system32\_004313_.tmp.dll
c:\windows\system32\_004314_.tmp.dll
c:\windows\system32\_004321_.tmp.dll
c:\windows\system32\_004322_.tmp.dll
c:\windows\system32\_004323_.tmp.dll
c:\windows\system32\_004325_.tmp.dll
c:\windows\system32\_004326_.tmp.dll
c:\windows\system32\_004329_.tmp.dll
c:\windows\system32\_004330_.tmp.dll
c:\windows\system32\_004332_.tmp.dll
c:\windows\system32\_004333_.tmp.dll
c:\windows\system32\_004334_.tmp.dll
c:\windows\system32\_004336_.tmp.dll
c:\windows\system32\_004339_.tmp.dll
c:\windows\system32\_004340_.tmp.dll
c:\windows\system32\_004341_.tmp.dll
c:\windows\system32\_004344_.tmp.dll
c:\windows\system32\_004345_.tmp.dll
c:\windows\system32\_004347_.tmp.dll
c:\windows\system32\_004348_.tmp.dll
c:\windows\system32\_004349_.tmp.dll
c:\windows\system32\_004350_.tmp.dll
c:\windows\system32\_004351_.tmp.dll
c:\windows\system32\_004354_.tmp.dll
c:\windows\system32\_004356_.tmp.dll
c:\windows\system32\_004357_.tmp.dll
c:\windows\system32\_004358_.tmp.dll
c:\windows\system32\_004359_.tmp.dll
c:\windows\system32\_004360_.tmp.dll
c:\windows\system32\_004361_.tmp.dll
c:\windows\system32\_004362_.tmp.dll
c:\windows\system32\_004363_.tmp.dll
c:\windows\system32\_004364_.tmp.dll
c:\windows\system32\_004365_.tmp.dll
c:\windows\system32\_004366_.tmp.dll
c:\windows\system32\_004367_.tmp.dll
c:\windows\system32\_004369_.tmp.dll
c:\windows\system32\_004370_.tmp.dll
c:\windows\system32\_004371_.tmp.dll
c:\windows\system32\_004373_.tmp.dll
c:\windows\system32\_004374_.tmp.dll
c:\windows\system32\_004375_.tmp.dll
c:\windows\system32\_004376_.tmp.dll
c:\windows\system32\_004377_.tmp.dll
c:\windows\system32\_004378_.tmp.dll
c:\windows\system32\_004379_.tmp.dll
c:\windows\system32\_004380_.tmp.dll
c:\windows\system32\_004381_.tmp.dll
c:\windows\system32\_004382_.tmp.dll
c:\windows\system32\_004383_.tmp.dll
c:\windows\system32\_004384_.tmp.dll
c:\windows\system32\_004387_.tmp.dll
c:\windows\system32\_004389_.tmp.dll
c:\windows\system32\_004390_.tmp.dll
c:\windows\system32\_004391_.tmp.dll
c:\windows\system32\_004392_.tmp.dll
c:\windows\system32\_004393_.tmp.dll
c:\windows\system32\_004395_.tmp.dll
c:\windows\system32\_004396_.tmp.dll
c:\windows\system32\_004397_.tmp.dll
c:\windows\system32\_004398_.tmp.dll
c:\windows\system32\_004399_.tmp.dll
c:\windows\system32\_004400_.tmp.dll
c:\windows\system32\_004401_.tmp.dll
c:\windows\system32\_004405_.tmp.dll
c:\windows\system32\_004407_.tmp.dll
c:\windows\system32\_004569_.tmp.dll
c:\windows\system32\_004570_.tmp.dll
c:\windows\system32\_004571_.tmp.dll
c:\windows\system32\_004572_.tmp.dll
c:\windows\system32\_004579_.tmp.dll
c:\windows\system32\_004580_.tmp.dll
c:\windows\system32\_004581_.tmp.dll
c:\windows\system32\_004583_.tmp.dll
c:\windows\system32\_004584_.tmp.dll
c:\windows\system32\_004587_.tmp.dll
c:\windows\system32\_004588_.tmp.dll
c:\windows\system32\_004590_.tmp.dll
c:\windows\system32\_004591_.tmp.dll
c:\windows\system32\_004592_.tmp.dll
c:\windows\system32\_004594_.tmp.dll
c:\windows\system32\_004597_.tmp.dll
c:\windows\system32\_004598_.tmp.dll
c:\windows\system32\_004599_.tmp.dll
c:\windows\system32\_004602_.tmp.dll
c:\windows\system32\_004603_.tmp.dll
c:\windows\system32\_004605_.tmp.dll
c:\windows\system32\_004608_.tmp.dll
c:\windows\system32\_004610_.tmp.dll
c:\windows\system32\_004611_.tmp.dll
c:\windows\system32\_004612_.tmp.dll
c:\windows\system32\_004613_.tmp.dll
c:\windows\system32\_004616_.tmp.dll
c:\windows\system32\_004617_.tmp.dll
c:\windows\system32\_004618_.tmp.dll
c:\windows\system32\_004619_.tmp.dll
c:\windows\system32\_004620_.tmp.dll
c:\windows\system32\_004625_.tmp.dll
c:\windows\system32\_004627_.tmp.dll
c:\windows\system32\CoolXPProgress.ocx
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-10 bis 2011-04-10 ))))))))))))))))))))))))))))))
.
.
2011-04-10 16:07 . 2011-04-10 16:09 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PrevxCSI
2011-04-09 14:14 . 2003-04-18 14:46 1233920 ----a-w- c:\windows\system32\msxml4.dll
2011-04-09 14:14 . 2003-04-18 14:29 82432 ----a-w- c:\windows\system32\msxml4r.dll
2011-04-09 14:14 . 2003-04-18 14:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-04-09 14:14 . 1998-07-06 15:55 33792 ----a-w- c:\windows\system32\CMDLGDE.DLL
2011-04-09 14:14 . 1998-05-05 14:35 24576 ----a-w- c:\windows\system32\CMCT2DE.dll
2011-04-09 14:14 . 1998-05-05 14:35 112640 ----a-w- c:\windows\system32\CMCTLde.DLL
2011-04-07 17:39 . 2011-02-09 13:53 186880 -c----w- c:\windows\system32\dllcache\encdec.dll
2011-04-07 17:39 . 2011-02-09 13:53 270848 -c----w- c:\windows\system32\dllcache\sbe.dll
2011-04-04 23:45 . 2011-04-04 23:45 -------- d-----w- C:\_OTL
2011-03-27 21:41 . 2011-03-27 21:42 -------- dc-h--w- c:\windows\ie8
2011-03-27 11:34 . 2011-03-27 11:34 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PackageAware
2011-03-26 10:36 . 2011-03-26 10:36 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2011-03-26 10:00 . 2011-03-27 05:37 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2011-03-25 22:55 . 2011-04-10 12:02 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan
2011-03-20 18:45 . 2011-03-20 19:57 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2011-03-20 10:26 . 2011-03-20 10:26 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2011-03-20 10:23 . 2011-02-02 20:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-19 12:31 . 2011-03-19 12:31 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-18 19:49 . 2011-03-18 19:49 -------- d-----w- c:\programme\ESET
2011-03-17 20:12 . 2011-03-31 19:06 -------- d-----w- C:\bd_logs
2011-03-15 19:43 . 2011-03-15 19:43 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\PrivacIE
2011-03-15 19:43 . 2011-03-15 19:43 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\IECompatCache
2011-03-12 16:35 . 2011-01-27 11:57 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe
2011-03-12 16:35 . 2011-02-02 07:58 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll
2011-03-12 13:27 . 2011-03-12 13:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-12 13:26 . 2011-03-12 13:26 -------- d-----w- C:\MRecord
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-08 23:17 . 2011-03-08 23:17 71880 ----a-w- c:\windows\system32\PxSecure.dll-204976953
2011-02-18 17:36 . 2011-02-18 17:36 1409 ----a-w- c:\windows\QTFont.for
2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 18:19 . 2009-10-23 22:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2007-12-17 11:20 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2007-12-17 11:20 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 10:00 440832 ----a-w- c:\windows\system32\shimgvw.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-11 39408]
"AlcoholAutomount"="d:\programme\Tools\Alcohol 120\axcmd.exe" [2008-11-23 203720]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Programme\\Spiele\\FIFA 09\\FIFA09.exe"=
"d:\\Programme\\Spiele\\Praetorians\\Praetorians.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Programme\\Spiele\\Empire Earth\\Empire Earth.exe"=
.
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [24.12.2007 17:37 18208]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05.01.2008 19:50 717296]
R2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [18.06.2007 15:10 373568]
R2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [30.05.2007 18:54 201696]
R2 ECBatteryDRV;ECBatteryDRV;c:\windows\system32\drivers\ECBatteryDRV.sys [31.12.2010 15:48 6144]
R2 ECMonitorDRV;ECMonitorDRV;c:\windows\system32\drivers\ECMonitorDRV.sys [31.12.2010 15:48 6144]
R2 ECUtilityDRV;ECUtilityDRV;c:\windows\system32\drivers\ECUtilityDRV.sys [31.12.2010 15:48 6144]
R2 HotCPUDRV;HotCPUDRV;c:\windows\system32\drivers\HotCPUDRV.sys [31.12.2010 15:48 7240]
R2 WinBootDRV;WinBootDRV;c:\windows\system32\drivers\WinBootDRV.sys [31.12.2010 15:47 7242]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29.05.2010 00:15 102448]
S1 ethxcvhp;ethxcvhp; [x]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [29.01.2010 21:02 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
S3 SavRoam;SAVRoam;c:\programme\Symantec AntiVirus\SavRoam.exe [27.11.2006 16:22 120416]
S3 STUSB2Ir;SigmaTel USB 2.0 IrDA Bridge;c:\windows\system32\drivers\stusb2ir.sys [14.02.2009 11:31 46104]
S3 XDva369;XDva369; [x]
S3 XDva383;XDva383; [x]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.bluewin.ch/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-10 21:49
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,04,74,ac,7f,df,0c,4c,85,29,9c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,04,74,ac,7f,df,0c,4c,85,29,9c,\
.
[HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1532)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2176)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programme\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\devldr32.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
c:\programme\Analog Devices\SoundMAX\spkrmon.exe
c:\programme\VMware\VMware Workstation\vmware-authd.exe
c:\programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-10 21:54:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-04-10 19:54
.
Vor Suchlauf: 11 Verzeichnis(se), 22'164'148'224 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 21'973'045'248 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 98FA09E22F3BC6F44BE48FDE4238C83A
Combofix removed what I was hoping it would :bigthumb:
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again
c:\windows\system32\drivers\ECUtilityDRV.sys
If the site is busy you can try this one
http://virusscan.jotti.org/en
headking
2011-04-11, 23:58
Hi Ken
You probably not want to see all the 42 Anti Virus softwares.
Here the final result:
File name: ECUtilityDRV.sys
Submission date: 2011-04-11 20:49:50 (UTC)
Current status: finished
Result: 0/ 42 (0.0%)
Download CKScanner (http://downloads.malwareremoval.com/CKScanner.exe)
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
headking
2011-04-12, 06:56
Here the text file:
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.ZZ.11
----- EOF -----
When a helper on the forum helps you there is a certain trust between helper and user, by altering the CKScanner log you broke that trust and the helper is no longer bound to help you. I suspect that you downloaded and installed illegal software, this is one of the quickest ways to infect your computer as Cracked/Keygen/Warez software about 100% of the time is infected.
This thread is now closed