Click.Giftload + svchost.exe

**ThatstheTonyG** · 2011-04-13, 02:36

Hi Leute!

Ich bekomme auf meinem Rechner sporadisch folgendes Problem angezeigt.

Problemsignatur:
Problemereignisname: APPCRASH
Anwendungsname: svchost.exe
Anwendungsversion: 6.0.6001.18000
Anwendungszeitstempel: 47918b89
Fehlermodulname: ntdll.dll
Fehlermodulversion: 6.0.6002.18327
Fehlermodulzeitstempel: 4cb73436
Ausnahmecode: c000071b
Ausnahmeoffset: 00088d15
Betriebsystemversion: 6.0.6002.2.2.0.768.3
Gebietsschema-ID: 1031
Zusatzinformation 1: 0e02
Zusatzinformation 2: b21b56b606e7544720668ce364087082
Zusatzinformation 3: 0e02
Zusatzinformation 4: b21b56b606e7544720668ce364087082

Lesen Sie unsere Datenschutzrichtlinie:
http://go.microsoft.com/fwlink/?link...3&clcid=0x0407

Danach funktioniert nichts mehr.Internetverbindung geht nichtmehr und ich muss rebooten.

Ich hab mit Spybot gescannt und habe das gleiche Problem wie in diesem Thread:

http://forums.spybot.info/showthread.php?t=62192

Am Ende des Pfades wird eben auch diese svchost.exe genannt.

Ich habe bereits eine logfile erstellt.Vielleicht ist jemand so lieb und schaut sich das mal an.Ich verdiene mein Geld über das Internet und bin total verzweifelt weil ich nicht arbeiten kann :(

PS: Die Logfile ist riesengroß und ich muss sie auf mehrere postings splitten.Braucht ihr da einen speziellen Abschnitt, soll ich alles posten oder reicht euch das was unten steht?

**ThatstheTonyG** · 2011-04-13, 02:43

--- Search result list ---
Click.GiftLoad: [SBI $89783858] Benutzereinstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-04-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-04-05 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-04-05 Includes\TrojansC-02.sbi (*)
2011-03-29 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-04-06 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)

--- Startup entries list ---
Located: HK_LM:Run, Acer Empowering Technology Monitor
command: C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
file: C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
size: 319488
MD5: 5673EC459FA2F335A05594249609BB2B

Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 262401
MD5: 42A1FA44622A6E247EB6FF5C4ADCC0FE

Located: HK_LM:Run, eDataSecurity Loader
command: C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
file: C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
size: 526896
MD5: 4BC8167722B6C79B1B13F1F2076B9EEC

Located: HK_LM:Run, EmpoweringTechnology
command: C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
file: C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
size: 319488
MD5: 2DFA4AD2E8693A6ECA601CA827F7EA12

Located: HK_LM:Run, eRecoveryService
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 142120
MD5: 59C0BDCFE273334D3133C7F2B57A2A13

Located: HK_LM:Run, Kernel and Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\Windows\KHALMNPR.EXE
size: 55824
MD5: E42A642E162B0468B2C4E9D803079C7F

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 421888
MD5: ED7A6D40B20DC34BE06F4AE196AE7D50

Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 5369856
MD5: 151B2D097C7182898387994CEA34890B

Located: HK_LM:Run, StartCCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 61440
MD5: E1E71D80D078C576801B6FE2A29FCF85

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 249064
MD5: 2E5212A0BFB98FE0167C92C76C87AFE3

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_LM:RunOnce, SpybotSnD
command: "D:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: D:\Programme\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89

Located: HK_CU:Run,
where: S-1-5-21-857499010-4245490431-3267434082-1000...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Compinit
where: S-1-5-21-857499010-4245490431-3267434082-1000...
command: rundll32 "C:\Windows\Devifc.dll",DllEntryPoint
file: C:\Windows\Devifc.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, DAEMON Tools Lite
where: S-1-5-21-857499010-4245490431-3267434082-1000...
command: "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
file: D:\Programme\DAEMON Tools Lite\DTLite.exe
size: 357696
MD5: F34E7705751BB413283434697BF8E55D

Located: HK_CU:Run, F.lux
where: S-1-5-21-857499010-4245490431-3267434082-1000...
command: "C:\Users\Muecke\Local Settings\Apps\F.lux\flux.exe" /noshow
file: C:\Users\Muecke\Local Settings\Apps\F.lux\flux.exe
size: 966656
MD5: A1F86A5A0DA1BEC12B7DD19C6234BB15

Located: HK_CU:Run, ICQ
where: S-1-5-21-857499010-4245490431-3267434082-1000...
command: "D:\Programme\ICQ6.5\ICQ.exe" silent
file: D:\Programme\ICQ6.5\ICQ.exe
size: 172856
MD5: 247CE93275CCB87FEF5D5C49CCA3EBFE

Located: HK_CU:Run, msnmsgr
where: S-1-5-21-857499010-4245490431-3267434082-1000...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3872080
MD5: E01B7A2EB4EC9AD8643BDCDE15427C4D

Located: HK_CU:Run, Octoshape Streaming Services
where: S-1-5-21-857499010-4245490431-3267434082-1000...
command: "C:\Users\Muecke\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
file: C:\Users\Muecke\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
size: 214648
MD5: 3A8956CF0720EB9C7F930B323254B009

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-857499010-4245490431-3267434082-1000...
command: D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
file: D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, swg
where: S-1-5-21-857499010-4245490431-3267434082-1000...
command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: HK_CU:Run, Ygesunanerulato
where: S-1-5-21-857499010-4245490431-3267434082-1000...
command: rundll32.exe "C:\Users\Muecke\AppData\Local\roler3DE.dll",Startup
file: "C:\Users\Muecke\AppData\Local\roler3DE.dll"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (allgemein), Logitech SetPoint.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: D:\Programme\Setpoint\SetPoint\SetPoint.exe
file: D:\Programme\Setpoint\SetPoint\SetPoint.exe
size: 813584
MD5: B624202660474516E73AA95238FD9843

Located: Startup (allgemein), McAfee Security Scan Plus.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
file: C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
size: 255536
MD5: 89F7C30A91E5581BDF14C62AB46A2B2D

Located: Startup (Benutzer), OpenOffice.org 3.2.lnk
where: C:\Users\Muecke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\OpenOffice.org 3\program\quickstart.exe
file: C:\Program Files\OpenOffice.org 3\program\quickstart.exe
size: 1195008
MD5: A9A9F5163F79DF7134BF9735850E2ABD

--- Browser helper object list ---
{000123B4-9B42-4900-B3F7-F4B073EFC214} (btorbit.com)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: btorbit.com
CLSID name: Octh Class
Path: D:\Programme\Orbitdownloader\
Long name: orbitcth.dll
Short name:
Date (created): 07.05.2009 02:47:26
Date (last access): 07.11.2010 05:56:28
Date (last write): 18.10.2010 12:00:20
Filesize: 237644
Attributes: archive
MD5: BED3B37F10988B866F14B5EF1B68B570
CRC32: F9242633
Version: 2.4.0.9

{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} (Winamp Toolbar Loader)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Winamp Toolbar Loader
CLSID name: Winamp Toolbar Loader
Path: C:\Program Files\Winamp Toolbar\
Long name: winamptb.dll
Short name:
Date (created): 16.07.2008 22:51:34
Date (last access): 26.11.2008 22:58:54
Date (last write): 16.07.2008 22:51:34
Filesize: 1266992
Attributes: archive
MD5: 945FEFD0146F5870765F4FF8477BBD3D
CRC32: E85ADBBB
Version: 5.1.28.2

{40c3cc16-7269-4b32-9531-17f2950fb06f} (Winload Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Winload Toolbar
Path: C:\Program Files\Winload\
Long name: tbWinl.dll
Short name:
Date (created): 04.12.2010 19:49:16
Date (last access): 04.12.2010 19:49:16
Date (last write): 17.03.2010 16:45:32
Filesize: 2355224
Attributes: archive
MD5: EB339C24DC8A9B00D59A912656CB2C8A
CRC32: 474B8C4A
Version: 5.3.7.1

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: D:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 22.01.2009 15:17:00
Date (last access): 12.04.2011 22:54:58
Date (last write): 26.01.2009 15:31:02
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} (ShowBarObj Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: ShowBarObj Class
Path: C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\
Long name: ActiveToolBand.dll
Short name: ACTIVE~1.DLL
Date (created): 04.03.2008 23:37:24
Date (last access): 23.05.2008 23:37:10
Date (last write): 04.03.2008 23:37:24
Filesize: 312880
Attributes: archive
MD5: 3A2ABA382593F15A32352F6E9943E6DC
CRC32: E359E87E
Version: 3.0.4.0

{872b5b88-9db5-4310-bdd0-ac189557e5f5} (DVDVideoSoftTB Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: DVDVideoSoftTB Toolbar
Path: C:\Program Files\DVDVideoSoftTB\
Long name: tbDVDV.dll
Short name:
Date (created): 18.10.2010 06:07:54
Date (last access): 18.10.2010 06:07:54
Date (last write): 27.04.2010 10:08:38
Filesize: 2393184
Attributes: archive
MD5: 94C790AE25B8D4F00C0A386AF8D1C093
CRC32: D8390FEA
Version: 5.5.2.0

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Anmelde-Hilfsprogramm)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Anmelde-Hilfsprogramm
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 22.01.2009 15:41:30
Date (last access): 21.05.2010 02:53:22
Date (last write): 22.01.2009 15:41:30
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} (SkypeIEPluginBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: SkypeIEPluginBHO
CLSID name: Skype add-on for Internet Explorer
Path: C:\Program Files\Skype\Toolbars\Internet Explorer\
Long name: skypeieplugin.dll
Short name: SKYPEI~1.DLL
Date (created): 08.02.2010 13:28:14
Date (last access): 27.04.2010 07:04:04
Date (last write): 08.02.2010 13:28:14
Filesize: 804136
Attributes: archive
MD5: 7D52D1B380C1231FCEC11A707726A781
CRC32: 798DC164
Version: 4.2.0.4997

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\
Long name: swg.dll
Short name:
Date (created): 03.10.2010 14:01:42
Date (last access): 03.10.2010 14:01:42
Date (last write): 03.10.2010 14:01:42
Filesize: 842296
Attributes: archive
MD5: 085940DBB5DB03B0C60774D193A3B48D
CRC32: CEA52A15
Version: 5.6.5612.1312

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 09.02.2011 16:31:20
Date (last access): 13.04.2011 02:05:46
Date (last write): 09.02.2011 16:31:20
Filesize: 41760
Attributes: archive
MD5: 88E49C2B7E75B1D9695D6A063F28A8BB
CRC32: A5ABF297
Version: 6.0.240.7

--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 08.11.2010 16:51:00
Date (last access): 02.02.2075 21:42:20
Date (last write): 02.02.2011 21:40:28
Filesize: 112416
Attributes: archive
MD5: 8E66E95FCD0218767CC5953F7BA64D19
CRC32: F9A66843
Version: 6.0.240.7

{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_06
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 08.11.2010 16:51:00
Date (last access): 02.02.2075 21:42:20
Date (last write): 02.02.2011 21:40:28
Filesize: 112416
Attributes: archive
MD5: 8E66E95FCD0218767CC5953F7BA64D19
CRC32: F9A66843
Version: 6.0.240.7

{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 08.11.2010 16:51:00
Date (last access): 02.02.2075 21:42:20
Date (last write): 02.02.2011 21:40:28
Filesize: 112416
Attributes: archive
MD5: 8E66E95FCD0218767CC5953F7BA64D19
CRC32: F9A66843
Version: 6.0.240.7

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_24.dll
Short name: NPJPI1~1.DLL
Date (created): 02.02.2011 19:19:42
Date (last access): 02.02.2011 21:42:34
Date (last write): 02.02.2011 21:40:34
Filesize: 141088
Attributes: archive
MD5: 1DA2629EEE65A34D54BB9741CE30DE3D
CRC32: 64BB8CA2
Version: 6.0.240.7

--- Process list ---
PID: 836 (1208) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 01DD1004181FD46ECDC3628228EB269D
PID: 1344 (1556) C:\Windows\Explorer.EXE
size: 2926592
MD5: D07D4C3038F3578FFCE1C0237F2A1253
PID: 604 (1244) C:\Windows\system32\taskeng.exe
size: 171520
MD5: 3D50C4B10352367D5CB20ED1F50F8DA2
PID: 3588 ( 944) C:\Windows\System32\mobsync.exe
size: 95744
MD5: 9B89B3BB79EA1ACF041F40A7B6FC5827
PID: 3852 (1344) C:\Windows\RtHDVCpl.exe
size: 5369856
MD5: 151B2D097C7182898387994CEA34890B
PID: 3860 (1344) C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
size: 319488
MD5: 2DFA4AD2E8693A6ECA601CA827F7EA12
PID: 3868 (1344) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
size: 526896
MD5: 4BC8167722B6C79B1B13F1F2076B9EEC
PID: 3884 (1344) C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
size: 319488
MD5: 5673EC459FA2F335A05594249609BB2B
PID: 3912 (1344) C:\Program Files\iTunes\iTunesHelper.exe
size: 142120
MD5: 59C0BDCFE273334D3133C7F2B57A2A13
PID: 3928 (1344) C:\Users\Muecke\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
size: 214648
MD5: 3A8956CF0720EB9C7F930B323254B009
PID: 3936 (1344) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
PID: 3956 (1344) D:\Programme\DAEMON Tools Lite\DTLite.exe
size: 357696
MD5: F34E7705751BB413283434697BF8E55D
PID: 3988 (1344) C:\Users\Muecke\Local Settings\Apps\F.lux\flux.exe
size: 966656
MD5: A1F86A5A0DA1BEC12B7DD19C6234BB15
PID: 4000 (1344) D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 4020 (1344) C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
size: 255536
MD5: 89F7C30A91E5581BDF14C62AB46A2B2D
PID: 2636 (3588) C:\Program Files\Windows Media Player\wmplayer.exe
size: 168960
MD5: 2D821AFA5A1A9CA7F9F997A1AAD09E72
PID: 1228 (3844) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
size: 49152
MD5: E681281D9BFC9D45D3B72532717E5880
PID: 1084 (4028) C:\Program Files\OpenOffice.org 3\program\soffice.exe
size: 11318784
MD5: 569E547273C25B019054A12A40400ECE
PID: 3824 (1084) C:\Program Files\OpenOffice.org 3\program\soffice.bin
size: 11312128
MD5: 4B723F33D7331F20E06F3A2FD76EC1D5
PID: 4412 (1228) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
size: 49152
MD5: 25CA1677AAA3CDC99CD4FCF940886F3C
PID: 5852 (1344) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
PID: 2088 (1344) C:\Program Files\Mozilla Firefox\firefox.exe
size: 912344
MD5: 0F3FA9FDB976C567EC0491685CF4FDF7
PID: 5404 (1344) D:\Programme\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4388 (2088) C:\Program Files\Mozilla Firefox\plugin-container.exe
size: 16856
MD5: 3AFF6B10C34CB8EAA6D6D5AA55193571
PID: 6020 (3192) C:\Windows\system32\taskeng.exe
size: 171520
MD5: 3D50C4B10352367D5CB20ED1F50F8DA2
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 456 ( 4) smss.exe
size: 64000
PID: 600 ( 588) csrss.exe
size: 6144
PID: 676 ( 588) wininit.exe
size: 96768
PID: 684 ( 668) csrss.exe
size: 6144
PID: 720 ( 676) services.exe
size: 279552
PID: 736 ( 676) lsass.exe
size: 9728
PID: 744 ( 676) lsm.exe
size: 229888
PID: 768 ( 668) winlogon.exe
size: 314368
PID: 944 ( 720) svchost.exe
size: 21504
PID: 1004 ( 720) svchost.exe
size: 21504
PID: 1076 ( 720) svchost.exe
size: 21504
PID: 1140 ( 720) Ati2evxx.exe
size: 655360
PID: 1160 ( 720) svchost.exe
size: 21504
PID: 1208 ( 720) svchost.exe
size: 21504
PID: 1360 (1160) audiodg.exe
size: 88576
PID: 1424 ( 720) SLsvc.exe
size: 3408896
PID: 1464 (1140) Ati2evxx.exe
size: 655360
PID: 1488 ( 720) svchost.exe
size: 21504
PID: 1604 ( 720) svchost.exe
size: 21504
PID: 1812 ( 720) spoolsv.exe
size: 128000
PID: 1836 ( 720) svchost.exe
size: 21504
PID: 1876 (1244) taskeng.exe
size: 171520
PID: 716 (1728) GoogleCrashHandler.exe
PID: 2128 ( 720) CLMSServer.exe
PID: 2208 ( 720) AppleMobileDeviceService.exe
PID: 2224 ( 720) mDNSResponder.exe
PID: 2244 ( 720) Agentsvc.exe
PID: 2268 ( 720) eDSService.exe
PID: 2364 ( 720) ETService.exe
PID: 2444 ( 720) LSSrvc.exe
PID: 2496 ( 720) NMSAccessU.exe
PID: 2540 ( 720) BackupSvc.exe
PID: 2556 ( 720) SchedulerSvc.exe
PID: 2572 ( 720) PDAgent.exe
PID: 2676 ( 720) pg_ctl.exe
PID: 2692 ( 720) PnkBstrA.exe
size: 75064
PID: 2716 ( 720) svchost.exe
size: 21504
PID: 2728 (2676) postgres.exe
PID: 2748 ( 720) svchost.exe
size: 21504
PID: 2792 ( 720) TeamViewer_Service.exe
PID: 2844 ( 720) wanmpsvc.exe
size: 65536
PID: 2904 ( 720) svchost.exe
size: 21504
PID: 2936 ( 720) SearchIndexer.exe
size: 441344
PID: 3104 (2728) postgres.exe
PID: 3160 (2728) postgres.exe
PID: 3168 (2728) postgres.exe
PID: 3176 (2728) postgres.exe
PID: 3184 (2728) postgres.exe
PID: 3300 (1208) WUDFHost.exe
size: 142336
PID: 3364 ( 720) PDEngine.exe
PID: 3536 (1244) taskeng.exe
size: 171520
PID: 4552 ( 720) iPodService.exe
PID: 5916 ( 720) wmpnetwk.exe
PID: 4840 ( 720) VSSVC.exe
size: 1055232
PID: 4764 ( 720) svchost.exe
size: 21504
PID: 5808 (2904) wermgr.exe
size: 56320
PID: 3192 ( 720) svchost.exe
size: 21504
PID: 5376 (3192) taskeng.exe
size: 171520
PID: 216 (2040) GoogleUpdate.exe

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 13.04.2011 02:19:34

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SYSTEM32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.msn.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.msn.com/

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD-Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 1: MSAFD-Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 2: MSAFD-Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 3: MSAFD-Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 4: MSAFD-Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 5: MSAFD-Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 6: RSVP-TCPv6-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP-TCP-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP-UDPv6-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP-UDP-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{064EBB9D-4C9E-4D41-8D40-E669A599348F}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{064EBB9D-4C9E-4D41-8D40-E669A599348F}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6BDDB292-8AEE-4A24-83D8-4A5F71180F31}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6BDDB292-8AEE-4A24-83D8-4A5F71180F31}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8A92DFFC-EEC3-4481-89A2-4E19FCDB4844}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8A92DFFC-EEC3-4481-89A2-4E19FCDB4844}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7CAF4827-2491-4EFE-B123-B8872DA8E2AE}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7CAF4827-2491-4EFE-B123-B8872DA8E2AE}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{31D06AB4-9191-4C04-812B-93D8E2CADF7E}] SEQPACKET 34
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{31D06AB4-9191-4C04-812B-93D8E2CADF7E}] DATAGRAM 34
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{58E2CE0A-1AFE-4775-AD42-4F39FAC987FD}] SEQPACKET 43
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{58E2CE0A-1AFE-4775-AD42-4F39FAC987FD}] DATAGRAM 43
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0FCCA2EA-95AA-47B5-8D46-EE7FAAEEA7A3}] SEQPACKET 55
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0FCCA2EA-95AA-47B5-8D46-EE7FAAEEA7A3}] DATAGRAM 55
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5992004B-3B85-44F5-96FF-4659A550D8F3}] SEQPACKET 56
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5992004B-3B85-44F5-96FF-4659A550D8F3}] DATAGRAM 56
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BB61C6CA-E39B-4B95-B798-C7E86C417491}] SEQPACKET 59
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BB61C6CA-E39B-4B95-B798-C7E86C417491}] DATAGRAM 59
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F7374A58-5D92-4442-B482-231302C24D83}] SEQPACKET 60
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F7374A58-5D92-4442-B482-231302C24D83}] DATAGRAM 60
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DE2C9444-2826-4E2D-825D-FBF57198670A}] SEQPACKET 61
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 31: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DE2C9444-2826-4E2D-825D-FBF57198670A}] DATAGRAM 61
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 32: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3DD4EC22-79B0-430E-BEE8-088E41F8F298}] SEQPACKET 62
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 33: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3DD4EC22-79B0-430E-BEE8-088E41F8F298}] DATAGRAM 62
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 34: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9D84C629-8281-417D-A1D0-FE05466015E7}] SEQPACKET 63
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 35: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9D84C629-8281-417D-A1D0-FE05466015E7}] DATAGRAM 63
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 36: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7D367F9D-5C0F-4C64-A0AA-B3650A05F1A7}] SEQPACKET 64
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 37: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7D367F9D-5C0F-4C64-A0AA-B3650A05F1A7}] DATAGRAM 64
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 38: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{342E9E2F-7206-4490-80AD-AA8F05268E3B}] SEQPACKET 66
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 39: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{342E9E2F-7206-4490-80AD-AA8F05268E3B}] DATAGRAM 66
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 40: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7FB15065-9A54-4BF5-9D4D-1375B20AA31E}] SEQPACKET 69
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 41: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7FB15065-9A54-4BF5-9D4D-1375B20AA31E}] DATAGRAM 69
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 42: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0012790A-7F58-46D9-B72A-7861263B9B25}] SEQPACKET 74
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 43: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0012790A-7F58-46D9-B72A-7861263B9B25}] DATAGRAM 74
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 44: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{79EB589B-7121-480E-9C9D-F53928631E01}] SEQPACKET 76
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 45: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{79EB589B-7121-480E-9C9D-F53928631E01}] DATAGRAM 76
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 46: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{43262E1A-6613-46A4-9B87-A324F3D09715}] SEQPACKET 77
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 47: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{43262E1A-6613-46A4-9B87-A324F3D09715}] DATAGRAM 77
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 48: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7D9C3F0B-DBBD-4100-A8D6-4778CD485FDF}] SEQPACKET 79
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 49: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7D9C3F0B-DBBD-4100-A8D6-4778CD485FDF}] DATAGRAM 79
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 50: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F40CA327-AEF5-4F70-8133-2DBD1AC82D2C}] SEQPACKET 80
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 51: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F40CA327-AEF5-4F70-8133-2DBD1AC82D2C}] DATAGRAM 80
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 52: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{84226ED5-16FE-45D9-B026-FDA70658D635}] SEQPACKET 81
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 53: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{84226ED5-16FE-45D9-B026-FDA70658D635}] DATAGRAM 81
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 54: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F68E89F2-576D-48E2-8EC4-917DAB643A71}] SEQPACKET 82
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 55: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F68E89F2-576D-48E2-8EC4-917DAB643A71}] DATAGRAM 82
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 56: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{39631164-FFB6-45D6-96FE-759B5090144B}] SEQPACKET 83
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 57: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{39631164-FFB6-45D6-96FE-759B5090144B}] DATAGRAM 83
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 58: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{ED0DC43E-81D0-48C5-B1E0-711F63FF36B2}] SEQPACKET 84
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 59: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{ED0DC43E-81D0-48C5-B1E0-711F63FF36B2}] DATAGRAM 84
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 60: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{38F27D17-13D4-4605-A279-D1D55098D14B}] SEQPACKET 85
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 61: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{38F27D17-13D4-4605-A279-D1D55098D14B}] DATAGRAM 85
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 62: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F2D243FB-010B-4B17-B876-5E7678FB1ED5}] SEQPACKET 86
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 63: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F2D243FB-010B-4B17-B876-5E7678FB1ED5}] DATAGRAM 86
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 64: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DD6F76A1-695B-4F0E-8943-D3738F2C8C11}] SEQPACKET 95
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 65: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DD6F76A1-695B-4F0E-8943-D3738F2C8C11}] DATAGRAM 95
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 66: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8C6FF141-34BC-42BF-B330-7ED0FE861F2B}] SEQPACKET 96
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 67: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8C6FF141-34BC-42BF-B330-7ED0FE861F2B}] DATAGRAM 96
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 68: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F9DF2B91-6F0F-42EC-A91F-5519E97F12BA}] SEQPACKET 97
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 69: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F9DF2B91-6F0F-42EC-A91F-5519E97F12BA}] DATAGRAM 97
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 70: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{92795B31-07B3-41F2-BB14-2D20CAD8425E}] SEQPACKET 98
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 71: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{92795B31-07B3-41F2-BB14-2D20CAD8425E}] DATAGRAM 98
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 72: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3CE42488-D476-422C-BEF0-D95914F41DFB}] SEQPACKET 99
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 73: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3CE42488-D476-422C-BEF0-D95914F41DFB}] DATAGRAM 99
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 74: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D7C73E30-C932-4773-9879-40148E49B5A4}] SEQPACKET 101
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 75: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D7C73E30-C932-4773-9879-40148E49B5A4}] DATAGRAM 101
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 76: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7B3903C6-1E9D-4950-8666-BE888560C1E2}] SEQPACKET 103
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 77: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7B3903C6-1E9D-4950-8666-BE888560C1E2}] DATAGRAM 103
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 78: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F229DE4F-784D-4C35-A499-B25A3C91C629}] SEQPACKET 105
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 79: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F229DE4F-784D-4C35-A499-B25A3C91C629}] DATAGRAM 105
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 80: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{88DED191-47DC-4420-9EB9-CB75E53D35BF}] SEQPACKET 107
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

**Yodama** · 2011-04-14, 08:12

diese folgenden 3 Einträge im Autorun sind schonmal äusserst verdächtig:

Located: HK_CU:Run, Compinit
where: S-1-5-21-857499010-4245490431-3267434082-1000...
command: rundll32 "C:\Windows\Devifc.dll",DllEntryPoint
file: C:\Windows\Devifc.dll

Located: HK_CU:Run, F.lux
where: S-1-5-21-857499010-4245490431-3267434082-1000...
command: "C:\Users\Muecke\Local Settings\Apps\F.lux\flux.exe" /noshow
file: C:\Users\Muecke\Local Settings\Apps\F.lux\flux.exe
size: 966656
MD5: A1F86A5A0DA1BEC12B7DD19C6234BB15

Located: HK_CU:Run, Ygesunanerulato
where: S-1-5-21-857499010-4245490431-3267434082-1000...
command: rundll32.exe "C:\Users\Muecke\AppData\Local\roler3DE.dll",Startup
file: "C:\Users\Muecke\AppData\Local\roler3DE.dll"

es ist sehr wahrscheinlich, daß es noch mehr Spuren von Schädlingen auf dem Computer gibt.

Am besten wie im anderen Thread per mail bei uns melden (detections@spybot.info) damit wir die Datei zuschicken können um zu schauen wo sich noch weitere verdächtige Dateien befinden.

In der mail am besten auch einen Link zu diesem Thread setzen, damit wir leichter den Zusammenhang herstellen können.

**ThatstheTonyG** · 2011-04-15, 15:38

Servus.

Richtig, die 2 waren verdächtig und auch infiziert!FLux war nur ein Programm um den Bildschirm abzudunkeln, aber mir auch nicht geheuer...

Ich habe jetzt C:\ komplett plattgemacht weil ich nichtmehr weiter wusste und das system 100% frei haben will.D: und E: jedoch hab ich im Urzustand belassen weil dort nur Daten ala Musik, Filme etc liegen.

Das Click.Giftload aber ist immernoch da.Ich hab jetzt nochmal ne neue logfile mit spybot erstellt.

Ihr werdet dazu vermutl. noch mehr infos brauchen.Aber wieso zum Teufel ist das noch da obwohl ich c: formatiert habe?

**ThatstheTonyG** · 2011-04-15, 15:56

Formatiert hab ich mit Partition Wizard und mit den Recovery Cds von Vista neuinstalliert falls das relevant ist.

**raman** · 2011-04-15, 16:15

Nutze bitte den TDSS Killer nach Anleitung
http://support.kaspersky.com/de/faq/?qid=207620123
und poste bitte den Report

und erstelle einen DDS REport:
http://download.bleepingcomputer.com/sUBs/dds.scr
auf den desktop herunterladen und ausführen.

es öffnen sich zwei logs, dds.txt und attach.txt. Den Inhalt der dds.txt DAtei bitte hier posten.

**ThatstheTonyG** · 2011-04-15, 16:46

Der TDSS Report

2011/04/15 16:27:35.0992 4472 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/15 16:27:36.0945 4472 ================================================================================
2011/04/15 16:27:36.0945 4472 SystemInfo:
2011/04/15 16:27:36.0945 4472
2011/04/15 16:27:36.0945 4472 OS Version: 6.0.6001 ServicePack: 1.0
2011/04/15 16:27:36.0945 4472 Product type: Workstation
2011/04/15 16:27:36.0946 4472 ComputerName: MUECKE-PC
2011/04/15 16:27:36.0946 4472 UserName: Muecke
2011/04/15 16:27:36.0946 4472 Windows directory: C:\Windows
2011/04/15 16:27:36.0946 4472 System windows directory: C:\Windows
2011/04/15 16:27:36.0946 4472 Processor architecture: Intel x86
2011/04/15 16:27:36.0946 4472 Number of processors: 4
2011/04/15 16:27:36.0946 4472 Page size: 0x1000
2011/04/15 16:27:36.0946 4472 Boot type: Normal boot
2011/04/15 16:27:36.0946 4472 ================================================================================
2011/04/15 16:27:37.0321 4472 Initialize success
2011/04/15 16:27:44.0060 2480 ================================================================================
2011/04/15 16:27:44.0060 2480 Scan started
2011/04/15 16:27:44.0060 2480 Mode: Manual;
2011/04/15 16:27:44.0060 2480 ================================================================================
2011/04/15 16:27:45.0894 2480 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/04/15 16:27:46.0849 2480 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/15 16:27:47.0918 2480 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/15 16:27:48.0945 2480 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/15 16:27:50.0085 2480 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/15 16:27:51.0148 2480 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/04/15 16:27:52.0179 2480 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/15 16:27:53.0140 2480 ahcix86s (0dee2b628d4c6e23285bb91effdabfde) C:\Windows\system32\drivers\ahcix86s.sys
2011/04/15 16:27:54.0188 2480 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/15 16:27:55.0214 2480 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/15 16:27:56.0165 2480 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/15 16:27:57.0090 2480 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/15 16:27:58.0040 2480 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/15 16:27:58.0974 2480 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/15 16:27:59.0941 2480 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/15 16:28:00.0967 2480 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/15 16:28:02.0017 2480 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/15 16:28:02.0946 2480 atapi (92210921eefc081693f649c3631deec2) C:\Windows\system32\drivers\atapi.sys
2011/04/15 16:28:04.0024 2480 atikmdag (8ae1745bfc7d383daa3f82fe8d7be7c0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/15 16:28:05.0003 2480 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/04/15 16:28:05.0952 2480 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/15 16:28:06.0936 2480 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/15 16:28:07.0887 2480 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/15 16:28:08.0853 2480 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/15 16:28:09.0862 2480 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/15 16:28:10.0813 2480 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/15 16:28:11.0789 2480 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/15 16:28:12.0805 2480 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/15 16:28:13.0814 2480 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/15 16:28:14.0847 2480 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/15 16:28:15.0807 2480 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/15 16:28:16.0741 2480 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/15 16:28:17.0657 2480 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/15 16:28:18.0516 2480 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/04/15 16:28:19.0451 2480 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/15 16:28:20.0393 2480 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/04/15 16:28:21.0342 2480 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/15 16:28:22.0284 2480 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/15 16:28:23.0269 2480 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/04/15 16:28:24.0236 2480 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/04/15 16:28:25.0213 2480 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/15 16:28:26.0158 2480 DXGKrnl (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/15 16:28:27.0122 2480 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/15 16:28:28.0090 2480 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/04/15 16:28:29.0061 2480 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/15 16:28:30.0117 2480 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/15 16:28:31.0136 2480 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/04/15 16:28:32.0145 2480 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/04/15 16:28:33.0120 2480 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/15 16:28:34.0054 2480 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/15 16:28:34.0988 2480 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/15 16:28:35.0938 2480 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/15 16:28:36.0899 2480 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/04/15 16:28:37.0814 2480 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/15 16:28:38.0791 2480 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/15 16:28:39.0794 2480 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/15 16:28:40.0731 2480 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/15 16:28:41.0659 2480 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/15 16:28:42.0567 2480 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/15 16:28:43.0475 2480 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/15 16:28:44.0400 2480 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/15 16:28:45.0350 2480 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/04/15 16:28:46.0297 2480 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/15 16:28:47.0231 2480 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/15 16:28:48.0160 2480 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/15 16:28:49.0176 2480 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/15 16:28:50.0138 2480 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2011/04/15 16:28:51.0187 2480 IntcAzAudAddService (4c01298060cf930d26a75a86b874b6ae) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/15 16:28:52.0118 2480 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/15 16:28:53.0052 2480 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/15 16:28:54.0452 2480 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/15 16:28:56.0294 2480 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/15 16:28:57.0212 2480 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/15 16:28:58.0158 2480 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/15 16:28:59.0091 2480 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/15 16:29:00.0012 2480 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/15 16:29:00.0933 2480 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/15 16:29:01.0888 2480 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/15 16:29:02.0805 2480 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/15 16:29:03.0730 2480 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/15 16:29:04.0665 2480 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/15 16:29:05.0637 2480 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/15 16:29:06.0571 2480 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/15 16:29:07.0589 2480 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/15 16:29:08.0589 2480 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/15 16:29:09.0607 2480 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/15 16:29:10.0632 2480 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/15 16:29:11.0580 2480 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/15 16:29:12.0612 2480 mfeavfk (21dd45cae791d0cde10631b80f16f653) C:\Windows\system32\drivers\mfeavfk.sys
2011/04/15 16:29:13.0537 2480 mfebopk (decde1c615c256fa2893b5962b0b91e5) C:\Windows\system32\drivers\mfebopk.sys
2011/04/15 16:29:14.0465 2480 mfehidk (f85cd2b918202b7ee49757c361c7eac2) C:\Windows\system32\drivers\mfehidk.sys
2011/04/15 16:29:15.0389 2480 mferkdk (5f33a57f904b64d1c6a548eca47a8656) C:\Windows\system32\drivers\mferkdk.sys
2011/04/15 16:29:16.0289 2480 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\Windows\system32\drivers\mfesmfk.sys
2011/04/15 16:29:17.0199 2480 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/15 16:29:18.0116 2480 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/15 16:29:19.0048 2480 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/15 16:29:19.0965 2480 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/15 16:29:20.0882 2480 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/15 16:29:21.0835 2480 MPFP (96cf5286bc370b558735a7b891232d92) C:\Windows\system32\Drivers\Mpfp.sys
2011/04/15 16:29:22.0769 2480 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/15 16:29:23.0777 2480 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/15 16:29:24.0711 2480 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/15 16:29:25.0645 2480 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/04/15 16:29:26.0655 2480 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/15 16:29:27.0574 2480 mrxsmb10 (67e55ced3fc143c82a8197988bfc1f9a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/15 16:29:28.0507 2480 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/15 16:29:29.0432 2480 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/15 16:29:30.0333 2480 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/15 16:29:31.0365 2480 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/15 16:29:32.0265 2480 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/15 16:29:33.0218 2480 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/15 16:29:34.0127 2480 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/15 16:29:35.0102 2480 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/15 16:29:36.0029 2480 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/04/15 16:29:36.0987 2480 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/15 16:29:37.0912 2480 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/15 16:29:38.0829 2480 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/04/15 16:29:39.0773 2480 NativeWifiP (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/15 16:29:40.0704 2480 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/04/15 16:29:41.0625 2480 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/15 16:29:42.0559 2480 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/15 16:29:43.0494 2480 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/15 16:29:44.0394 2480 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/15 16:29:45.0311 2480 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/15 16:29:46.0255 2480 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/15 16:29:47.0191 2480 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/15 16:29:48.0123 2480 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/04/15 16:29:49.0031 2480 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/15 16:29:49.0993 2480 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/04/15 16:29:50.0933 2480 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/04/15 16:29:51.0850 2480 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/15 16:29:52.0784 2480 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/15 16:29:53.0894 2480 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/15 16:29:54.0919 2480 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/15 16:29:55.0846 2480 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/15 16:29:58.0647 2480 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/15 16:29:59.0582 2480 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/15 16:30:00.0574 2480 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/04/15 16:30:01.0473 2480 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/15 16:30:02.0451 2480 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/04/15 16:30:03.0393 2480 pciide (bf238450e8121b43b13e9c902f9d7b6c) C:\Windows\system32\drivers\pciide.sys
2011/04/15 16:30:04.0303 2480 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/15 16:30:05.0276 2480 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/15 16:30:06.0293 2480 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/15 16:30:07.0187 2480 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/04/15 16:30:08.0139 2480 PSched (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/15 16:30:09.0075 2480 PSDFilter (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/04/15 16:30:10.0040 2480 PSDNServ (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\drivers\PSDNServ.sys
2011/04/15 16:30:10.0982 2480 psdvdisk (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\drivers\psdvdisk.sys
2011/04/15 16:30:11.0950 2480 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/15 16:30:12.0941 2480 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/15 16:30:13.0983 2480 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/15 16:30:14.0891 2480 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/15 16:30:15.0850 2480 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/15 16:30:16.0759 2480 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/15 16:30:17.0660 2480 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/15 16:30:18.0588 2480 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/15 16:30:19.0520 2480 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/15 16:30:20.0458 2480 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/15 16:30:21.0421 2480 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/15 16:30:22.0368 2480 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/04/15 16:30:23.0428 2480 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/15 16:30:24.0339 2480 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/15 16:30:25.0374 2480 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/15 16:30:26.0299 2480 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/15 16:30:27.0208 2480 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/15 16:30:28.0175 2480 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/15 16:30:29.0117 2480 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/15 16:30:30.0079 2480 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/15 16:30:31.0029 2480 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/15 16:30:31.0987 2480 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/15 16:30:32.0988 2480 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/15 16:30:33.0913 2480 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/15 16:30:34.0846 2480 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/15 16:30:35.0871 2480 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/04/15 16:30:36.0804 2480 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/15 16:30:37.0730 2480 srv (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
2011/04/15 16:30:38.0639 2480 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/15 16:30:39.0572 2480 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/15 16:30:40.0524 2480 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/15 16:30:41.0466 2480 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/15 16:30:42.0383 2480 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/15 16:30:43.0308 2480 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/15 16:30:44.0275 2480 Tcpip (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\drivers\tcpip.sys
2011/04/15 16:30:45.0225 2480 Tcpip6 (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/15 16:30:46.0161 2480 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/15 16:30:47.0070 2480 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/15 16:30:47.0979 2480 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/15 16:30:48.0902 2480 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/15 16:30:49.0835 2480 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/15 16:30:50.0802 2480 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/15 16:30:51.0735 2480 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/15 16:30:52.0661 2480 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/15 16:30:53.0605 2480 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\Windows\system32\drivers\tvicport.sys
2011/04/15 16:30:54.0587 2480 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/15 16:30:55.0511 2480 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/04/15 16:30:56.0457 2480 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/15 16:30:57.0406 2480 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/15 16:30:58.0410 2480 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/15 16:30:59.0426 2480 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/15 16:31:00.0477 2480 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/15 16:31:01.0503 2480 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/15 16:31:02.0462 2480 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/15 16:31:03.0370 2480 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/15 16:31:04.0287 2480 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/15 16:31:05.0214 2480 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/15 16:31:06.0128 2480 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/15 16:31:07.0075 2480 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/04/15 16:31:08.0033 2480 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/15 16:31:08.0967 2480 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/15 16:31:09.0901 2480 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/15 16:31:10.0817 2480 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/15 16:31:11.0760 2480 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/15 16:31:12.0710 2480 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/15 16:31:13.0635 2480 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/15 16:31:14.0579 2480 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/15 16:31:15.0525 2480 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/04/15 16:31:16.0459 2480 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/04/15 16:31:17.0377 2480 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/15 16:31:18.0452 2480 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/15 16:31:19.0361 2480 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/15 16:31:19.0402 2480 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/15 16:31:20.0344 2480 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/15 16:31:21.0269 2480 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/15 16:31:22.0298 2480 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/15 16:31:23.0240 2480 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/15 16:31:24.0267 2480 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/15 16:31:25.0230 2480 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/04/15 16:31:26.0167 2480 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\Windows\system32\drivers\zntport.sys
2011/04/15 16:31:26.0288 2480 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/15 16:31:26.0296 2480 ================================================================================
2011/04/15 16:31:26.0296 2480 Scan finished
2011/04/15 16:31:26.0296 2480 ================================================================================
2011/04/15 16:31:26.0316 5872 Detected object count: 1
2011/04/15 16:31:56.0744 5872 \HardDisk1 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/15 16:31:56.0744 5872 \HardDisk1 - ok
2011/04/15 16:31:56.0748 5872 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2011/04/15 16:34:18.0973 6020 Deinitialize success

**ThatstheTonyG** · 2011-04-15, 16:47

Der DDS Report

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Muecke at 16:43:20,28 on 15.04.2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3070.2047 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
E:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Muecke\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hiergehtslos.de
mStart Page = hxxp://de.intl.acer.yahoo.com
mDefault_Page_URL = hxxp://de.intl.acer.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6172\SiteAdv.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6172\SiteAdv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SiteAdvisor] c:\program files\siteadvisor\6172\SiteAdv.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Skytel] Skytel.exe
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [eRecoveryService]
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: {FD154607-F035-4542-A0F6-A1B8267E1D97} = 213.191.74.19 62.109.123.197
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6172\SiteAdv.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\muecke\appdata\roaming\mozilla\firefox\profiles\qvk40ax2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hiergehtslos.de
FF - plugin: e:\programme\videolan\vlc\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-3-16 201288]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-3-16 269448]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-2-25 21752]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-3-16 24576]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-3-16 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-3-16 144704]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-2-25 49152]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-2-25 131072]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-3-16 695624]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-3-16 79304]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-3-16 35240]
R3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2008-3-16 40488]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2008-3-16 33800]
.
=============== Created Last 30 ================
.
2011-04-15 14:22:06 -------- d-----w- c:\users\muecke\appdata\roaming\mIRC
2011-04-15 12:32:32 -------- d-----w- c:\users\muecke\appdata\local\Mozilla
2011-04-15 07:10:41 187392 ----a-w- c:\windows\Acer(Normal).scr
2011-04-15 07:10:40 187392 ----a-w- c:\windows\Acer(Wide).scr
2011-04-15 07:10:40 -------- d-----w- c:\windows\Acer_Wide
2011-04-15 07:10:40 -------- d-----w- c:\program files\Acer Incorporated
2011-04-15 07:07:38 -------- d-----w- c:\windows\Acer_Normal
2011-04-15 07:03:20 -------- d-----w- c:\users\muecke\appdata\local\Downloaded Installations
2011-04-15 06:58:53 98360 ----a-w- c:\windows\system32\hcwi2c32.dll
2011-04-15 06:58:53 36921 ----a-w- c:\windows\system32\hcwutl32_priv.dll
2011-04-15 06:58:53 36921 ----a-w- c:\windows\system32\hcwutl32.dll
2011-04-15 06:58:53 262200 ----a-w- c:\windows\system32\hcwpnp32_priv.dll
2011-04-15 06:58:53 262200 ----a-w- c:\windows\system32\hcwpnp32.dll
2011-04-15 06:58:27 -------- d-----w- c:\users\muecke\appdata\local\Adobe
2011-04-15 06:55:27 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-04-15 06:55:04 -------- d-----w- c:\program files\YUAN
2011-04-15 06:54:09 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2011-04-15 06:54:09 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2011-04-15 06:54:09 16440 ----a-w- c:\windows\system32\drivers\pciide.sys
2011-04-15 06:54:09 110136 ----a-w- c:\windows\system32\drivers\ataport.sys
2011-04-15 06:53:43 29240 ----a-w- c:\windows\system32\drivers\Dumpata.sys
2011-04-15 06:52:51 -------- d-----w- c:\users\muecke\appdata\local\ATI
2011-04-15 06:52:44 -------- d-----w- c:\users\muecke\appdata\local\PowerCinema
2011-04-15 06:52:42 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-15 06:52:00 -------- d-----w- c:\users\muecke\appdata\roaming\SiteAdvisor
2011-04-15 06:46:51 -------- d-sh--we C:\Programme
2011-04-15 06:46:51 -------- d-sh--we c:\program files\Gemeinsame Dateien
2011-04-15 06:46:51 -------- d-sh--we c:\progra~2\Vorlagen
2011-04-15 06:46:51 -------- d-sh--we c:\progra~2\Startmenü
2011-04-15 06:46:51 -------- d-sh--we c:\progra~2\Favoriten
2011-04-15 06:46:51 -------- d-sh--we c:\progra~2\Dokumente
2011-04-15 06:46:51 -------- d-sh--we c:\progra~2\Anwendungsdaten
2011-04-15 06:46:51 -------- d-sh--we C:\Dokumente und Einstellungen
2011-04-15 06:43:11 697344 ----a-w- c:\windows\system32\RtkPgExt.dll
2011-04-15 06:43:11 5369856 ----a-w- c:\windows\RtHDVCpl.exe
2011-04-15 06:43:11 2160640 ----a-w- c:\windows\system32\RtkAPO.dll
2011-04-15 06:43:11 2103512 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-04-15 06:43:11 140800 ----a-w- c:\windows\system32\FMAPO.dll
2011-04-15 06:41:40 -------- d-----w- c:\program files\ATI Technologies
2011-04-15 06:41:33 0 ----a-w- c:\windows\ativpsrm.bin
2011-04-15 06:41:13 -------- d-----w- c:\program files\ATI
.
==================== Find3M ====================
.
2011-04-15 06:43:14 319456 ----a-w- c:\windows\DIFxAPI.dll
.
============= FINISH: 16:44:01,03 ===============

**raman** · 2011-04-15, 17:03

Mache bitte ein paar Kontrollscans mit Esets onlinescanner
http://www.trojaner-board.de/80603-e...ner-nod32.html
und Emsi´s Emergency Kit
http://www.emsisoft.de/de/software/eek/

Poste bitte die Ergebnisse. Du solltest dir ein aktuelleres AV Programm zulegen. Dein Mcafee ist extrem veraltet......

**ThatstheTonyG** · 2011-04-16, 01:21

Ja ich hab schon nen aktuellen Virenscanner.Der war drauf weil ich das system neu aufsetzte.Hab nen Avira nun

Puh, das dauerte etz aber lange

Hier das Eset-log.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=33ef8cf217d5534cbeb2fa32fb85a4d0
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-15 06:43:13
# local_time=2011-04-15 08:43:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 0 39421281 0 0
# compatibility_mode=5121 16776573 83 96 27033 117605962 0 0
# compatibility_mode=5892 16776573 100 95 101997951 140413588 0 0
# compatibility_mode=8192 67108863 100 0 92 92 0 0
# scanned=289199
# found=0
# cleaned=0
# scan_time=12145

Thread: Click.Giftload + svchost.exe

Thread Tools

Display

Click.Giftload + svchost.exe

Posting Permissions