Security.Hijack infection

[rumi_ws]

Hello from Germany.

my Laptop is infected.

Online-banking doesn't work. The request will be redirect to a server in Paris. This server is working for a company in Great Britian. BTW. I put a Linux-Firewall between my Laptop and the InterNet and captured the IP-traffic via iptraf.

Some Boot-CDs with actual antivir-software don't find any problem ... G-Data-BootCD, c't-rescue-CD early 2010 with actual signatures and some more.

But Malwarebytes found this:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5484

Windows 5.1.2600 Service Pack 3, v.5913

Internet Explorer 8.0.6001.18702

08.01.2011 21:56:30

mbam-log-2011-01-08 (21-56-30).txt

Scan type: Quick scan

Objects scanned: 153950

Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

What's the best way going on ?

Please notice, that windows is not my favorite OS ... normally I use Linux, Solaris and MacOS/X. But I need the WindowsXPpro-Laptop for service-jobs.

Thanks in advance

Michael

[LDTate]

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

[rumi_ws]

Hello LDTate.

thank you for your reply.

This way doesn't work ... same issue as before.

BTW.: After every reboot before and after your way there new files in the c:\win

dows\temp-directory like this

Volume in Laufwerk C: hat keine Bezeichnung.

Volumeseriennummer: 88B1-AC82

Verzeichnis von C:\WINDOWS\Temp

08.01.2011 23:05 <DIR> .

08.01.2011 23:05 <DIR> ..

08.01.2011 22:54 72.704 srvwplay.exe << new.file !!!

08.01.2011 22:53 0 T30DebugLogFile.txt

08.01.2011 22:53 <DIR> tmp00000998

08.01.2011 22:53 483 WGAErrLog.txt

08.01.2011 22:38 72.704 winn.exe << new.file !!!

08.01.2011 23:03 <DIR> _avast4_

4 Datei(en) 145.891 Bytes

4 Verzeichnis(se), 21.826.449.408 Bytes frei

The names of these files are changing every reboot, but this size is every time

equal.

Alert: This Laptop is activ hijacked. I'm not able to send you this reply directly. The malwarebytes-site is now also redirected.

I copied this answer in a txt-file on an usb-stick and send this now via my Ubuntu-10.04-Workstation.

The Logs:

GooredFix by jpshortstuff (03.07.10.1)

Log created at 22:43 on 08/01/2011 (werner)

Firefox version 3.6.13 (de)

========== GooredScan ==========

========== GooredLog ==========

C:\Programme\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [12:38 29/07/2010]

{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [18:34 16/12/2010]

{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [10:19 24/12/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.

5\Windows Presentation Foundation\DotNetAssistantExtension\" [22:37 10/08/2009]

-=E.O.F=-

2011/01/08 22:48:11.0781 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010

09:46:46

2011/01/08 22:48:11.0781 ================================================

================================

2011/01/08 22:48:11.0781 SystemInfo:

2011/01/08 22:48:11.0781

2011/01/08 22:48:11.0781 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/08 22:48:11.0781 Product type: Workstation

2011/01/08 22:48:11.0781 ComputerName: LP-LFB067

2011/01/08 22:48:11.0781 UserName: werner

2011/01/08 22:48:11.0781 Windows directory: C:\WINDOWS

2011/01/08 22:48:11.0781 System windows directory: C:\WINDOWS

2011/01/08 22:48:11.0781 Processor architecture: Intel x86

2011/01/08 22:48:11.0781 Number of processors: 2

2011/01/08 22:48:11.0781 Page size: 0x1000

2011/01/08 22:48:11.0781 Boot type: Normal boot

2011/01/08 22:48:11.0781 ================================================

================================

2011/01/08 22:48:12.0046 Initialize success

2011/01/08 22:48:27.0562 ================================================

================================

2011/01/08 22:48:27.0562 Scan started

2011/01/08 22:48:27.0562 Mode: Manual;

2011/01/08 22:48:27.0562 ================================================

================================

2011/01/08 22:48:28.0093 abp480n5 (6abb91494fe6c59089b9336452ab2ea

3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/01/08 22:48:28.0156 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2

c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/08 22:48:28.0171 ACPIEC (9e1ca3160dafb159ca14f83b1e317f7

5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/01/08 22:48:28.0218 adpu160m (9a11864873da202c996558b2106b0bb

c) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/01/08 22:48:28.0250 aec (8bed39e3c35d6a489438b8141717a55

7) C:\WINDOWS\system32\drivers\aec.sys

2011/01/08 22:48:28.0296 afcdp (60073ff4c0717cf93a77496598b5962

C:\WINDOWS\system32\DRIVERS\afcdp.sys

2011/01/08 22:48:28.0359 AFD (7e775010ef291da96ad17ca4b17137d

7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/08 22:48:28.0390 agp440 (08fd04aa961bdc77fb983f328334e3d

7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/01/08 22:48:28.0421 agpCPQ (03a7e0922acfe1b07d5db2eeb077306

3) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/01/08 22:48:28.0437 Aha154x (c23ea9b5f46c7f7910db3eab648ff01

3) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/01/08 22:48:28.0468 aic78u2 (19dd0fb48b0c18892f70e2e7d61a152

9) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/01/08 22:48:28.0500 aic78xx (b7fe594a7468aa0132deb03fb8e3432

6) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/01/08 22:48:28.0531 AliIde (1140ab9938809700b46bb88e46d72a9

6) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/01/08 22:48:28.0578 alim1541 (cb08aed0de2dd889a8a820cd8082d83

c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/01/08 22:48:28.0656 amdagp (6f49c51fa7db9aa37472f72b25a8859

8) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/01/08 22:48:28.0687 amsint (79f5add8d24bd6893f2903a3e2f3fad

6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/01/08 22:48:28.0718 ApfiltrService (090880e9bf20f928bc341f96d27c019

e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2011/01/08 22:48:28.0796 APPDRV (ec94e05b76d033b74394e7b2175103c

f) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

2011/01/08 22:48:28.0843 Arp1394 (b5b8a80875c1dededa8b02765642c32

f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/01/08 22:48:28.0875 asc (62d318e9a0c8fc9b780008e72428370

7) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/01/08 22:48:28.0921 asc3350p (69eb0cc7714b32896ccbfd5edcbea44

7) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/01/08 22:48:28.0953 asc3550 (5d8de112aa0254b907861e9e9c31d59

7) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/01/08 22:48:29.0000 AsyncMac (b153affac761e7f5fcfa822b9c4e97b

c) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/08 22:48:29.0031 atapi (9f3a2f5aa6875c72bf062c712cfa267

4) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/08 22:48:29.0093 Atmarpc (9916c1225104ba14794209cfa801215

9) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/08 22:48:29.0125 audstub (d9f724aa26c010a217c97606b160ed6

8) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/08 22:48:29.0328 AVMWAN (c997af59c54d69232fb7bbea4dad86e

2) C:\WINDOWS\system32\DRIVERS\avmwan.sys

2011/01/08 22:48:29.0406 b57w2k (c0acd392ece55784884cc208aafa06c

e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/01/08 22:48:29.0531 BCM43XX (9208c78bd9283f79a30252ad954c77a

2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/01/08 22:48:29.0656 Beep (da1f27d85e0d1525f6621372e7b685e

9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/08 22:48:29.0828 BrScnUsb (92a964547b96d697e5e9ed43b4297f5

a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys

2011/01/08 22:48:29.0937 BrSerIf (d48c13f4a409aee8dafaddac81e3455

7) C:\WINDOWS\system32\Drivers\BrSerIf.sys

2011/01/08 22:48:29.0968 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0

d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys

2011/01/08 22:48:30.0031 cbidf (90a673fc8e12a79afbed2576f6a7aaf

9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/01/08 22:48:30.0078 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf

9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/08 22:48:30.0156 CBUSB (1ab1b4fb284f182d73af793db193d32

9) C:\WINDOWS\system32\drivers\CBUSB.sys

2011/01/08 22:48:30.0187 cd20xrnt (f3ec03299634490e97bbce94cd2954c

7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/01/08 22:48:30.0203 Cdaudio (c1b486a7658353d33a10cc15211a873

C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/08 22:48:30.0250 Cdfs (c885b02847f5d2fd45a24e219ed93b3

2) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/08 22:48:30.0328 Cdrom (1f29616b1fc4d66a988cf97531bcf72

9) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/08 22:48:30.0421 CmBatt (0f6c187d38d98f8df904589a5f94d41

1) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/01/08 22:48:30.0468 CmdIde (c687f81290303d90099b027a6474f99

f) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/01/08 22:48:30.0500 Compbatt (6e4c9f21f0fae8940661144f41b1320

3) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/01/08 22:48:30.0562 Cpqarray (3ee529119eed34cd212a215e8c40d4b

6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/01/08 22:48:30.0625 dac2w2k (e550e7418984b65a78299d248f0a7f3

6) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/01/08 22:48:30.0734 dac960nt (683789caa3864eb46125ae86ff677d3

4) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/01/08 22:48:30.0812 Disk (023712144c69e60fcb662cda2715bf1

6) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/08 22:48:30.0921 dmboot (0dcfc8395a99fecbb1ef771cec7fe4e

a) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/08 22:48:31.0062 dmio (53720ab12b48719d00e327da470a619

a) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/08 22:48:31.0125 dmload (e9317282a63ca4d188c0df5e09c6ac5

f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/08 22:48:31.0187 DMusic (8a208dfcf89792a484e76c40e5f50b4

5) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/08 22:48:31.0250 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e2266

0) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/01/08 22:48:31.0343 drmkaud (8f5fcff8e8848afac920905fbd9d33c

8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/08 22:48:31.0421 E100B (a6de5342417fec3c0aa8efebb899c43

1) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/01/08 22:48:31.0546 Fastfat (38d332a6d56af32635675f132548343

e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/08 22:48:31.0640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc8

1) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/01/08 22:48:31.0765 Fips (b0678a548587c5f1967b0d70bacad6c

1) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/08 22:48:31.0812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f

0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/01/08 22:48:31.0875 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b

0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/01/08 22:48:31.0953 fpcmbase (a28343d9ead5556f0456b3f527b3b27

2) C:\WINDOWS\system32\DRIVERS\fpcmbase.sys

2011/01/08 22:48:32.0031 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779

a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/08 22:48:32.0109 Ftdisk (8f1955ce42e1484714b542f34164777

8) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/08 22:48:32.0156 GDBehave (7c395be8064ec103caca8799c56f04e

5) C:\WINDOWS\system32\drivers\GDBehave.sys

2011/01/08 22:48:32.0203 GDMnIcpt (451e1b8fe874515a4b146025344b86c

0) C:\WINDOWS\system32\drivers\MiniIcpt.sys

2011/01/08 22:48:32.0265 GDTdiInterceptor (97d280c243e097c02ab1542a583688

9d) C:\WINDOWS\system32\drivers\GDTdiIcpt.sys

2011/01/08 22:48:32.0281 GearAspiWDM (5dc17164f66380cbfefd895c1846777

3) C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

2011/01/08 22:48:32.0343 Gpc (0a02c63c8b144bd8c86b103dee7c86a

2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/08 22:48:32.0406 GRD (81f66ec889f3d5fe04b25b3c4bfbe2d

f) C:\WINDOWS\system32\drivers\GRD.sys

2011/01/08 22:48:32.0484 HDAudBus (573c7d0a32852b48f3058cfd8026f51

1) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/01/08 22:48:32.0546 HidUsb (5f845228561e9545edc6f9ebfa15d33

8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/08 22:48:32.0656 HookCentre (9420dbb676dc00493622c296b403fa1

3) C:\WINDOWS\system32\drivers\HookCentre.sys

2011/01/08 22:48:32.0703 hpn (b028377dea0546a5fcfba928a8aefae

0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/01/08 22:48:32.0812 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e

9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys

2011/01/08 22:48:32.0890 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c

8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

2011/01/08 22:48:32.0968 HTTP (f80a415ef82cd06ffaf0d971528ead3

8) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/08 22:48:33.0062 i2omgmt (9368670bd426ebea5e8b18a62416ec2

8) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/01/08 22:48:33.0203 i2omp (0b4c3f4d2eafb8f8d683c5dbf9de8c6

1) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/01/08 22:48:33.0328 i8042prt (e283b97cfbeb86c1d86baed5f7846a9

2) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/08 22:48:33.0390 Imapi (e32bf30d20b5c162775f9a3451e87b6

7) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/08 22:48:33.0484 ini910u (4a40e045faee58631fd8d91afc62071

9) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/01/08 22:48:33.0531 IntelIde (69c4e3c9e67a1f103b94e14fdd5f321

3) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/01/08 22:48:33.0578 intelppm (4c7d2750158ed6e7ad642d97bffae35

1) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/01/08 22:48:33.0625 Ip6Fw (3bb22519a194418d5fec05d800a19ad

0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/01/08 22:48:33.0718 IpFilterDriver (731f22ba402ee4b62748adaf6363c18

2) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/08 22:48:33.0750 IpInIp (b87ab476dcf76e72010632b5550955f

5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/08 22:48:33.0843 IpNat (cc748ea12c6effde940ee98098bf96b

C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/08 22:48:33.0890 IPSec (23c74d75e36e7158768dd63d92789a9

1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/08 22:48:33.0921 IRENUM (c93c9ff7b04d772627a3646d89f7bf8

9) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/08 22:48:34.0015 isapnp (6dfb88f64135c525433e87648bda30d

e) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/08 22:48:34.0078 Kbdclass (1704d8c4c8807b889e43c649b478a45

2) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/08 22:48:34.0125 kbdhid (b6d6c117d771c98130497265f26d188

2) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/01/08 22:48:34.0171 kmixer (692bcf44383d056aed41b045a323d37

8) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/08 22:48:34.0250 KSecDD (b467646c54cc746128904e1654c750c

1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/08 22:48:34.0406 mdmxsdk (e246a32c445056996074a397da56e81

5) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/01/08 22:48:34.0500 mfehidk (e7ecf7872bf8f2897ae5a696d908c2f

7) C:\WINDOWS\system32\drivers\mfehidk.sys

2011/01/08 22:48:34.0578 mferkdk (41fe2f288e05a6c8ab85dd56770ffba

d) C:\WINDOWS\system32\drivers\mferkdk.sys

2011/01/08 22:48:34.0656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa

6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/08 22:48:34.0750 Modem (6fb74ebd4ec57a6f1781de3852cc336

2) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/08 22:48:34.0843 Mouclass (d4cb32f616960e5ced68e4dfac0b1c3

C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/08 22:48:34.0906 mouhid (66a6f73c74e1791464160a7065ce711

a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/08 22:48:34.0953 MountMgr (a80b9a0bad1b73637dbcbba7df72d3f

d) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/08 22:48:35.0015 mraid35x (3f4bb95e5a44f3be34824e8e7caf073

7) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/01/08 22:48:35.0078 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81b

d) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/08 22:48:35.0203 MRxSmb (f3aefb11abc521122b67095044169e9

8) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/08 22:48:35.0406 Msfs (c941ea2454ba8350021d774daf0f102

7) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/08 22:48:35.0484 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf

1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/08 22:48:35.0546 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3

e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/08 22:48:35.0593 MSPQM (bad59648ba099da4a17680b39730cb3

d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/08 22:48:35.0640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e1713

6) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/08 22:48:35.0750 Mup (2f625d11385b1a94360bfc70aaefdee

1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/08 22:48:35.0828 NDIS (1df7f42665c94b825322fae71721130

d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/08 22:48:35.0890 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78

f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/08 22:48:36.0000 Ndisuio (f927a4434c5028758a842943ef1a384

9) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/08 22:48:36.0046 NdisWan (edc1531a49c80614b2cfda43ca8659a

B) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/08 22:48:36.0109 NDProxy (9282bd12dfb069d3889eb3fcc1000a9

B) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/08 22:48:36.0140 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf

0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/08 22:48:36.0171 NetBT (74b2b2f5bea5e9a3dc021d685551bd3

d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/08 22:48:36.0296 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383e

a) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/01/08 22:48:36.0328 Npfs (3182d64ae053d6fb034f44b6def8034

a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/08 22:48:36.0375 Ntfs (78a08dd6a8d65e697c18e1db01c5cdc

a) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/08 22:48:36.0468 Null (73c1e1f395918bc2c6dd67af7591a3a

d) C:\WINDOWS\system32\drivers\Null.sys

2011/01/08 22:48:36.0812 nv (77f427e51479c66c09f967d15b639b3

7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/01/08 22:48:37.0171 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc5

7) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/08 22:48:37.0187 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b

9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/08 22:48:37.0234 ohci1394 (ca33832df41afb202ee7aeb05145922

f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/01/08 22:48:37.0312 Parport (f84785660305b9b903fb3bca8ba2983

7) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/01/08 22:48:37.0359 PartMgr (beb3ba25197665d82ec7065b724171c

6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/08 22:48:37.0421 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4

f) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/08 22:48:37.0484 PBADRV (6ef25fb20cd269e3e51d8ca54935fff

2) C:\WINDOWS\system32\drivers\pbadrv.sys

2011/01/08 22:48:37.0531 PCI (1c1912842815de300d28e7cf1e59ed7

2) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/08 22:48:37.0578 PCIIde (59ba86d9a61cbcf4df8e598c331f5b8

2) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/08 22:48:37.0609 Pcmcia (7317f5570b5da1fb9977a2af0ef73b6

5) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/01/08 22:48:37.0750 perc2 (6c14b9c19ba84f73d3a86dba1113310

1) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/01/08 22:48:37.0781 perc2hib (f50f7c27f131afe7beba13e14a3b941

6) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/01/08 22:48:37.0859 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f9

9) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/08 22:48:37.0921 PSched (09298ec810b07e5d582cb3a3f925542

4) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/08 22:48:37.0968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cad

d) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/08 22:48:38.0015 ql1080 (0a63fb54039eb5662433caba3b26dba

7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/01/08 22:48:38.0046 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c70

6) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/01/08 22:48:38.0109 ql12160 (156ed0ef20c15114ca097a34a30d8a0

1) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/01/08 22:48:38.0171 ql1240 (70f016bebde6d29e864c1230a07cc5e

6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/01/08 22:48:38.0250 ql1280 (907f0aeea6bc451011611e732bd31fc

f) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/01/08 22:48:38.0312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9

c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/08 22:48:38.0421 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a

6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/08 22:48:38.0468 RasPppoe (5bc962f2654137c9909c3d4603587de

e) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/08 22:48:38.0515 Raspti (fdbb1d60066fcfbb7452fd8f9829b24

2) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/08 22:48:38.0609 Rdbss (7ad224ad1a1437fe28d89cf22b17780

a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/08 22:48:38.0718 RDPCDD (4912d5b403614ce99c28420f7535333

2) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/08 22:48:38.0765 rdpdr (15cabd0f7c00c47c70124907916af3f

1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/01/08 22:48:38.0828 RDPWD (6728e45b66f93c08f11de2e316fc70d

d) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/08 22:48:38.0875 redbook (9bf7e0e18d33511922fd4e8189ab351

2) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/08 22:48:38.0984 Secdrv (90a3935d05b494a5a39d37e71f09a67

7) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/08 22:48:39.0031 serenum (0f29512ccd6bead730039fb4bd2c85c

e) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/01/08 22:48:39.0046 Serial (cf24eb4f0412c82bcd1f4f35a025e31

d) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/01/08 22:48:39.0109 Sfloppy (8e6b8c671615d126fdc553d1e2de556

2) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/01/08 22:48:39.0250 sisagp (6333e9a9198048ad09a700eb6dc4fa5

3) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/01/08 22:48:39.0343 snapman (5bceb1b306878035dacba6dd18366ed

a) C:\WINDOWS\system32\DRIVERS\snapman.sys

2011/01/08 22:48:39.0421 Sparrow (83c0f71f86d3bdaf915685f3d568b20

e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/01/08 22:48:39.0515 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9

f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/08 22:48:39.0562 sr (50fa898f8c032796d3b1b9951bb5a90

f) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/08 22:48:39.0640 Srv (0f6aefad3641a657e18081f52d0c15a

f) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/08 22:48:39.0828 STHDA (951801dfb54d86f611f0af47825476f

9) C:\WINDOWS\system32\drivers\sthda.sys

2011/01/08 22:48:39.0953 swenum (3941d127aef12e93addf6fe6ee027e0

f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/08 22:48:40.0031 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d0

1) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/08 22:48:40.0140 symc810 (1ff3217614018630d0a6758630fc698

c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/01/08 22:48:40.0203 symc8xx (070e001d95cf725186ef8b20335f933

c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/01/08 22:48:40.0250 sym_hi (80ac1c4abbe2df3b738bf15517a51f2

c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/01/08 22:48:40.0312 sym_u3 (bf4fab949a382a8e105f46ebb493705

8) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/01/08 22:48:40.0406 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf29

0) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/08 22:48:40.0500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3

d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/08 22:48:40.0593 TDPIPE (6471a66807f5e104e4885f5b6734939

7) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/08 22:48:40.0718 tdrpman258 (8de3e45000ba8c9ebb16737d3f83e21

6) C:\WINDOWS\system32\DRIVERS\tdrpm258.sys

2011/01/08 22:48:40.0828 TDTCP (c56b6d0402371cf3700eb322ef3aaf6

1) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/08 22:48:40.0937 TermDD (88155247177638048422893737429d9

e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/08 22:48:41.0015 timounter (3e06987fedbcdfbff8e85ef8108565f

9) C:\WINDOWS\system32\DRIVERS\timntr.sys

2011/01/08 22:48:41.0187 TosIde (d213a9247dc347f305a2d4cc9b95148

7) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/01/08 22:48:41.0312 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06a

e697) C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys

2011/01/08 22:48:41.0390 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c

9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/08 22:48:41.0531 ultra (1b698a51cd528d8da4ffaed66dfc51b

9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/01/08 22:48:41.0609 Update (402ddc88356b1bac0ee3dd1580c76a3

1) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/08 22:48:41.0765 usbccgp (173f317ce0db8e21322e71b7e60a27e

8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/08 22:48:41.0812 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5

c) C:\WINDOWS\system32\DRIVERS\usbccid.sys

2011/01/08 22:48:41.0875 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a

7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/08 22:48:41.0937 usbhub (1ab3cdde553b6e064d2e754efe20285

c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/08 22:48:42.0000 usbprint (a717c8721046828520c9edf31288fc0

0) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/01/08 22:48:42.0062 usbscan (a0b8cf9deb1184fbdd20784a58fa75d

4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/08 22:48:42.0156 USBSTOR (e3eef7ae5105a9f99b1807031edb417

1) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/08 22:48:42.0218 usbuhci (26496f9dee2d787fc3e61ad54821ffe

6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/08 22:48:42.0312 VgaSave (0d3a8fafceacd8b7625cd549757a7df

1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/08 22:48:42.0390 viaagp (754292ce5848b3738281b4f3607eaef

4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/01/08 22:48:42.0468 ViaIde (41162585109a0f46891efe7a309a8df

1) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/01/08 22:48:42.0578 VolSnap (a5a712f4e880874a477af790b5186e1

d) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/08 22:48:42.0656 Wanarp (e20b95baedb550f32dd489265c1da1f

6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/08 22:48:42.0765 wdmaud (6768acf64b18196494413695f0c3a00

f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/08 22:48:42.0875 winachsf (ba6b6fb242a6ba4068c8b763063beb6

3) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys

2011/01/08 22:48:43.0015 WmiAcpi (c42584fd66ce9e17403aebca199f7bd

B) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/01/08 22:48:43.0187 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce

8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/01/08 22:48:43.0281 WudfPf (f15feafffbb3644ccc80c5da584e631

1) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/01/08 22:48:43.0343 WudfRd (28b524262bce6de1f7ef9f510ba3985

B) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/01/08 22:48:43.0640 ================================================

================================

2011/01/08 22:48:43.0640 Scan finished

2011/01/08 22:48:43.0640 ================================================

================================

2011/01/08 22:50:16.0812 Deinitialize success

Any hints ?

Thanks

Michael

rumi@RumiLL64:/media/disk$ more antwort1..txt

Hello LDTate.

thank you for your reply.

This way doesn't work ... same issue as before.

BTW.: After every reboot before and after your way there new files in the c:\windows\temp-directory like this

Volume in Laufwerk C: hat keine Bezeichnung.

Volumeseriennummer: 88B1-AC82

Verzeichnis von C:\WINDOWS\Temp

08.01.2011 23:05 <DIR> .

08.01.2011 23:05 <DIR> ..

08.01.2011 22:54 72.704 srvwplay.exe << new.file !!!

08.01.2011 22:53 0 T30DebugLogFile.txt

08.01.2011 22:53 <DIR> tmp00000998

08.01.2011 22:53 483 WGAErrLog.txt

08.01.2011 22:38 72.704 winn.exe << new.file !!!

08.01.2011 23:03 <DIR> _avast4_

4 Datei(en) 145.891 Bytes

4 Verzeichnis(se), 21.826.449.408 Bytes frei

The names of these files are changing every reboot, but this size is every time equal.

The Logs:

GooredFix by jpshortstuff (03.07.10.1)

Log created at 22:43 on 08/01/2011 (werner)

Firefox version 3.6.13 (de)

========== GooredScan ==========

========== GooredLog ==========

C:\Programme\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [12:38 29/07/2010]

{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [18:34 16/12/2010]

{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [10:19 24/12/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [22:37 10/08/2009]

-=E.O.F=-

2011/01/08 22:48:11.0781 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2011/01/08 22:48:11.0781 ================================================================================

2011/01/08 22:48:11.0781 SystemInfo:

2011/01/08 22:48:11.0781

2011/01/08 22:48:11.0781 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/08 22:48:11.0781 Product type: Workstation

2011/01/08 22:48:11.0781 ComputerName: LP-LFB067

2011/01/08 22:48:11.0781 UserName: werner

2011/01/08 22:48:11.0781 Windows directory: C:\WINDOWS

2011/01/08 22:48:11.0781 System windows directory: C:\WINDOWS

2011/01/08 22:48:11.0781 Processor architecture: Intel x86

2011/01/08 22:48:11.0781 Number of processors: 2

2011/01/08 22:48:11.0781 Page size: 0x1000

2011/01/08 22:48:11.0781 Boot type: Normal boot

2011/01/08 22:48:11.0781 ================================================================================

2011/01/08 22:48:12.0046 Initialize success

2011/01/08 22:48:27.0562 ================================================================================

2011/01/08 22:48:27.0562 Scan started

2011/01/08 22:48:27.0562 Mode: Manual;

2011/01/08 22:48:27.0562 ================================================================================

2011/01/08 22:48:28.0093 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/01/08 22:48:28.0156 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/08 22:48:28.0171 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/01/08 22:48:28.0218 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/01/08 22:48:28.0250 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/01/08 22:48:28.0296 afcdp (60073ff4c0717cf93a77496598b5962b) C:\WINDOWS\system32\DRIVERS\afcdp.sys

2011/01/08 22:48:28.0359 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/08 22:48:28.0390 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/01/08 22:48:28.0421 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/01/08 22:48:28.0437 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/01/08 22:48:28.0468 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/01/08 22:48:28.0500 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/01/08 22:48:28.0531 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/01/08 22:48:28.0578 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/01/08 22:48:28.0656 amdagp (6f49c51fa7db9aa37472f72b25a88598) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/01/08 22:48:28.0687 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/01/08 22:48:28.0718 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2011/01/08 22:48:28.0796 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

2011/01/08 22:48:28.0843 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/01/08 22:48:28.0875 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/01/08 22:48:28.0921 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/01/08 22:48:28.0953 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/01/08 22:48:29.0000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/08 22:48:29.0031 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/08 22:48:29.0093 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/08 22:48:29.0125 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/08 22:48:29.0328 AVMWAN (c997af59c54d69232fb7bbea4dad86e2) C:\WINDOWS\system32\DRIVERS\avmwan.sys

2011/01/08 22:48:29.0406 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/01/08 22:48:29.0531 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/01/08 22:48:29.0656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/08 22:48:29.0828 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys

2011/01/08 22:48:29.0937 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys

2011/01/08 22:48:29.0968 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys

2011/01/08 22:48:30.0031 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/01/08 22:48:30.0078 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/08 22:48:30.0156 CBUSB (1ab1b4fb284f182d73af793db193d329) C:\WINDOWS\system32\drivers\CBUSB.sys

2011/01/08 22:48:30.0187 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/01/08 22:48:30.0203 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/08 22:48:30.0250 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/08 22:48:30.0328 Cdrom (1f29616b1fc4d66a988cf97531bcf729) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/08 22:48:30.0421 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/01/08 22:48:30.0468 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/01/08 22:48:30.0500 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/01/08 22:48:30.0562 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/01/08 22:48:30.0625 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/01/08 22:48:30.0734 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/01/08 22:48:30.0812 Disk (023712144c69e60fcb662cda2715bf16) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/08 22:48:30.0921 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/08 22:48:31.0062 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/08 22:48:31.0125 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/08 22:48:31.0187 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/08 22:48:31.0250 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/01/08 22:48:31.0343 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/08 22:48:31.0421 E100B (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/01/08 22:48:31.0546 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/08 22:48:31.0640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/01/08 22:48:31.0765 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/08 22:48:31.0812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/01/08 22:48:31.0875 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/01/08 22:48:31.0953 fpcmbase (a28343d9ead5556f0456b3f527b3b272) C:\WINDOWS\system32\DRIVERS\fpcmbase.sys

2011/01/08 22:48:32.0031 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/08 22:48:32.0109 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/08 22:48:32.0156 GDBehave (7c395be8064ec103caca8799c56f04e5) C:\WINDOWS\system32\drivers\GDBehave.sys

2011/01/08 22:48:32.0203 GDMnIcpt (451e1b8fe874515a4b146025344b86c0) C:\WINDOWS\system32\drivers\MiniIcpt.sys

2011/01/08 22:48:32.0265 GDTdiInterceptor (97d280c243e097c02ab1542a5836889d) C:\WINDOWS\system32\drivers\GDTdiIcpt.sys

2011/01/08 22:48:32.0281 GearAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

2011/01/08 22:48:32.0343 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/08 22:48:32.0406 GRD (81f66ec889f3d5fe04b25b3c4bfbe2df) C:\WINDOWS\system32\drivers\GRD.sys

2011/01/08 22:48:32.0484 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/01/08 22:48:32.0546 HidUsb (5f845228561e9545edc6f9ebfa15d338) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/08 22:48:32.0656 HookCentre (9420dbb676dc00493622c296b403fa13) C:\WINDOWS\system32\drivers\HookCentre.sys

2011/01/08 22:48:32.0703 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/01/08 22:48:32.0812 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys

2011/01/08 22:48:32.0890 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

2011/01/08 22:48:32.0968 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/08 22:48:33.0062 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/01/08 22:48:33.0203 i2omp (0b4c3f4d2eafb8f8d683c5dbf9de8c61) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/01/08 22:48:33.0328 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/08 22:48:33.0390 Imapi (e32bf30d20b5c162775f9a3451e87b67) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/08 22:48:33.0484 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/01/08 22:48:33.0531 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/01/08 22:48:33.0578 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/01/08 22:48:33.0625 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/01/08 22:48:33.0718 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/08 22:48:33.0750 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/08 22:48:33.0843 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/08 22:48:33.0890 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/08 22:48:33.0921 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/08 22:48:34.0015 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/08 22:48:34.0078 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/08 22:48:34.0125 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/01/08 22:48:34.0171 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/08 22:48:34.0250 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/08 22:48:34.0406 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/01/08 22:48:34.0500 mfehidk (e7ecf7872bf8f2897ae5a696d908c2f7) C:\WINDOWS\system32\drivers\mfehidk.sys

2011/01/08 22:48:34.0578 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

2011/01/08 22:48:34.0656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/08 22:48:34.0750 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/08 22:48:34.0843 Mouclass (d4cb32f616960e5ced68e4dfac0b1c3b) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/08 22:48:34.0906 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/08 22:48:34.0953 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/08 22:48:35.0015 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/01/08 22:48:35.0078 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/08 22:48:35.0203 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/08 22:48:35.0406 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/08 22:48:35.0484 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/08 22:48:35.0546 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/08 22:48:35.0593 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/08 22:48:35.0640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/08 22:48:35.0750 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/08 22:48:35.0828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/08 22:48:35.0890 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/08 22:48:36.0000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/08 22:48:36.0046 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/08 22:48:36.0109 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/08 22:48:36.0140 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/08 22:48:36.0171 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/08 22:48:36.0296 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/01/08 22:48:36.0328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/08 22:48:36.0375 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/08 22:48:36.0468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/08 22:48:36.0812 nv (77f427e51479c66c09f967d15b639b37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/01/08 22:48:37.0171 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/08 22:48:37.0187 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/08 22:48:37.0234 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/01/08 22:48:37.0312 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/01/08 22:48:37.0359 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/08 22:48:37.0421 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/08 22:48:37.0484 PBADRV (6ef25fb20cd269e3e51d8ca54935fff2) C:\WINDOWS\system32\drivers\pbadrv.sys

2011/01/08 22:48:37.0531 PCI (1c1912842815de300d28e7cf1e59ed72) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/08 22:48:37.0578 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/08 22:48:37.0609 Pcmcia (7317f5570b5da1fb9977a2af0ef73b65) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/01/08 22:48:37.0750 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/01/08 22:48:37.0781 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/01/08 22:48:37.0859 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/08 22:48:37.0921 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/08 22:48:37.0968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/08 22:48:38.0015 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/01/08 22:48:38.0046 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/01/08 22:48:38.0109 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/01/08 22:48:38.0171 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/01/08 22:48:38.0250 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/01/08 22:48:38.0312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/08 22:48:38.0421 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/08 22:48:38.0468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/08 22:48:38.0515 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/08 22:48:38.0609 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/08 22:48:38.0718 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/08 22:48:38.0765 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/01/08 22:48:38.0828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/08 22:48:38.0875 redbook (9bf7e0e18d33511922fd4e8189ab3512) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/08 22:48:38.0984 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/08 22:48:39.0031 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/01/08 22:48:39.0046 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/01/08 22:48:39.0109 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/01/08 22:48:39.0250 sisagp (6333e9a9198048ad09a700eb6dc4fa53) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/01/08 22:48:39.0343 snapman (5bceb1b306878035dacba6dd18366eda) C:\WINDOWS\system32\DRIVERS\snapman.sys

2011/01/08 22:48:39.0421 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/01/08 22:48:39.0515 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/08 22:48:39.0562 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/08 22:48:39.0640 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/08 22:48:39.0828 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys

2011/01/08 22:48:39.0953 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/08 22:48:40.0031 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/08 22:48:40.0140 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/01/08 22:48:40.0203 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/01/08 22:48:40.0250 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/01/08 22:48:40.0312 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/01/08 22:48:40.0406 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/08 22:48:40.0500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/08 22:48:40.0593 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/08 22:48:40.0718 tdrpman258 (8de3e45000ba8c9ebb16737d3f83e216) C:\WINDOWS\system32\DRIVERS\tdrpm258.sys

2011/01/08 22:48:40.0828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/08 22:48:40.0937 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/08 22:48:41.0015 timounter (3e06987fedbcdfbff8e85ef8108565f9) C:\WINDOWS\system32\DRIVERS\timntr.sys

2011/01/08 22:48:41.0187 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/01/08 22:48:41.0312 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys

2011/01/08 22:48:41.0390 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/08 22:48:41.0531 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/01/08 22:48:41.0609 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/08 22:48:41.0765 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/08 22:48:41.0812 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys

2011/01/08 22:48:41.0875 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/08 22:48:41.0937 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/08 22:48:42.0000 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/01/08 22:48:42.0062 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/08 22:48:42.0156 USBSTOR (e3eef7ae5105a9f99b1807031edb4171) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/08 22:48:42.0218 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/08 22:48:42.0312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/08 22:48:42.0390 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/01/08 22:48:42.0468 ViaIde (41162585109a0f46891efe7a309a8df1) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/01/08 22:48:42.0578 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/08 22:48:42.0656 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/08 22:48:42.0765 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/08 22:48:42.0875 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys

2011/01/08 22:48:43.0015 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/01/08 22:48:43.0187 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/01/08 22:48:43.0281 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/01/08 22:48:43.0343 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/01/08 22:48:43.0640 ================================================================================

2011/01/08 22:48:43.0640 Scan finished

2011/01/08 22:48:43.0640 ================================================================================

2011/01/08 22:50:16.0812 Deinitialize success

Any hints ?

Thanks

Michael

[rumi_ws]

Sorry ... double post inside the last reply.

[LDTate]

Doesn't appear to be a rootkit which is good.

If need be, Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have SP3, use the SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[rumi_ws]

I'll block now the redirected-port in the linux-firewall ... and restart the Laptop.

I'll answer soon as possilbe.

Thanks Michael

[LDTate]

OK

[rumi_ws]

Now I've the problem, that I'm not able to stop G-Data via autostart :-(

Some programs of G-Data already running ... also after reboot ... should I deinstall G-Data ?

Thanks Michael

[LDTate]

Now I've the problem, that I'm not able to stop G-Data via autostart :-(

Some programs of G-Data already running ... also after reboot ... should I deinstall G-Data ?

Thanks Michael

If you have to but most of the time CF will still run with it active.

[rumi_ws]

I'm deinstalling G-Data now ... the Laptop is already now in a separate DMZ ... now risk no fun ;-)

[LDTate]

So what are we dealing with?

[rumi_ws]

Hi LDTate,

it seems working good, but when I tried to post the cf-result the inet-communication stopped ... don't now. The Firewall-Logs doesn't show any activity.

I remember regedit was infected und desinfected ... but now I'm running a scan from Boot-CD with Avira.

Sorry ... it's late in Germany ... I must go to bed.

Thanks a lot ... send from my Ubuntu-Workstation.

Michael

[LDTate]

OK. Check back in the moring.

[LDTate]

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Custom Scan box paste this in:
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\Fonts\*.com
  %systemroot%\Fonts\*.dll
  %systemroot%\Fonts\*.ini
  %systemroot%\Fonts\*.ini2
  %systemroot%\Fonts\*.exe
  %systemroot%\system32\spool\prtprocs\w32x86\*.*
  %systemroot%\REPAIR\*.bak1
  %systemroot%\REPAIR\*.ini
  %systemroot%\system32\*.jpg
  %systemroot%\*.jpg
  %systemroot%\*.png
  %systemroot%\*.scr
  %systemroot%\*._sy
  %APPDATA%\Adobe\Update\*.*
  %ALLUSERSPROFILE%\Favorites\*.*
  %APPDATA%\Microsoft\*.*
  %PROGRAMFILES%\*.*
  %APPDATA%\Update\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\System32\config\*.sav
  %PROGRAMFILES%\bak. /s
  %systemroot%\system32\bak. /s
  %ALLUSERSPROFILE%\Start Menu\*.lnk /x
  %systemroot%\system32\config\systemprofile\*.dat /x
  %systemroot%\*.config
  %systemroot%\system32\*.db
  %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
  %USERPROFILE%\Desktop\*.exe
  %PROGRAMFILES%\Common Files\*.*
  %systemroot%\*.src
  %systemroot%\install\*.*
  %systemroot%\system32\DLL\*.*
  %systemroot%\system32\HelpFiles\*.*
  %systemroot%\system32\rundll\*.*
  %systemroot%\winn32\*.*
  %systemroot%\Java\*.*
  %systemroot%\system32\test\*.*
  %systemroot%\system32\Rundll32\*.*
  %systemroot%\AppPatch\Custom\*.*
  %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
  %PROGRAMFILES%\PC-Doctor\Downloads\*.*
  %PROGRAMFILES%\Internet Explorer\*.tmp
  %PROGRAMFILES%\Internet Explorer\*.dat
  %USERPROFILE%\My Documents\*.exe
  %USERPROFILE%\*.exe
  %systemroot%\ADDINS\*.*
  %systemroot%\assembly\*.bak2
  %systemroot%\Config\*.*
  %systemroot%\REPAIR\*.bak2
  %systemroot%\SECURITY\Database\*.sdb /x
  %systemroot%\SYSTEM\*.bak2
  %systemroot%\Web\*.bak2
  %systemroot%\Driver Cache\*.*
  %PROGRAMFILES%\Mozilla Firefox\0*.exe
  %ProgramFiles%\Microsoft Common\*.*
  %ProgramFiles%\TinyProxy.
  %USERPROFILE%\Favorites\*.url /x
  %systemroot%\system32\*.bk
  %systemroot%\*.te
  %systemroot%\system32\system32\*.*
  %ALLUSERSPROFILE%\*.dat /x
  %systemroot%\system32\drivers\*.rmv
  dir /b "%systemroot%\system32\*.exe" | find /i " " /c
  dir /b "%systemroot%\*.exe" | find /i " " /c
  %PROGRAMFILES%\Microsoft\*.*
  %systemroot%\System32\Wbem\proquota.exe
  %PROGRAMFILES%\Mozilla Firefox\*.dat
  %USERPROFILE%\Cookies\*.txt /x
  %SystemRoot%\system32\fonts\*.*
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.
  

Please include the following in your next post:

• OTL and Extras logs
  

[rumi_ws]

Good morning from Germany,

the OTL-Log-File:

OTL logfile created on: 09.01.2011 11:19:02 - Run 3

OTL by OldTimer - Version 3.2.20.1 Folder = C:\Dokumente und Einstellungen\werner\Desktop

Windows XP Professional Edition Service Pack 3, v.5913 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 473,00 Mb Available Physical Memory | 46,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 55,80 Gb Total Space | 20,73 Gb Free Space | 37,15% Space Free | Partition Type: NTFS

Drive D: | 313,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: LP-LFB067 | User Name: werner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\werner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)

PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Programme\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)

PRC - C:\Programme\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)

PRC - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe (Acronis)

PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)

========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\werner\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wxvault.dll ()

MOD - C:\WINDOWS\system32\detoured.dll ()

========== Win32 Services (SafeList) ==========

SRV - (DataSvr2) -- C:\Programme\Wave Systems Corp\Common\DataServer.exe File not found

SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)

SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (afcdpsrv) -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe (Acronis)

SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (tcsd_win32.exe) -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()

SRV - (NICCONFIGSVC) -- C:\Programme\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found

DRV - (PavSRK.sys) -- C:\WINDOWS\System32\PavSRK.sys File not found

DRV - (NgVpn) -- C:\WINDOWS\System32\DRIVERS\ngvpn.sys File not found

DRV - (NgLog) -- C:\WINDOWS\System32\DRIVERS\nglog.sys File not found

DRV - (NgFilter) -- C:\WINDOWS\System32\DRIVERS\ngfilter.sys File not found

DRV - (ComFiltr) -- C:\WINDOWS\System32\DRIVERS\COMFiltr.sys File not found

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)

DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)

DRV - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys (Acronis)

DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)

DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (CBUSB) -- C:\WINDOWS\system32\drivers\CBUSB.SYS (MARX CryptoTech LP)

DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.)

DRV - (PBADRV) -- C:\WINDOWS\system32\drivers\pbadrv.sys (Dell Inc)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)

DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)

DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (fpcmbase) -- C:\WINDOWS\system32\drivers\fpcmbase.sys (AVM GmbH)

DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1E 8E F4 C2 18 2F CB 01 [binary data]

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;vpn.kampa.de;www.kampa-ag.de;www.pcvisit.de;<local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.99.20:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..network.proxy.ftp: "192.168.99.20"

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.gopher: "192.168.99.20"

FF - prefs.js..network.proxy.gopher_port: 8080

FF - prefs.js..network.proxy.http: "192.168.99.20"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.no_proxies_on: "192.168.*.*,vpn.kampa.de,www.kampa-ag.de,www.pcvisit.de,localhost,127.0.0.1"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "192.168.99.20"

FF - prefs.js..network.proxy.socks_port: 8080

FF - prefs.js..network.proxy.ssl: "192.168.99.20"

FF - prefs.js..network.proxy.ssl_port: 8080

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.24 09:51:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.01.08 11:12:35 | 000,000,000 | ---D | M]

[2010.07.29 13:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\werner\Anwendungsdaten\Mozilla\Extensions

[2011.01.08 11:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\werner\Anwendungsdaten\Mozilla\Firefox\Profiles\klskt669.default\extensions

[2010.08.02 14:47:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\werner\Anwendungsdaten\Mozilla\Firefox\Profiles\klskt669.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.12.24 11:14:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\werner\Anwendungsdaten\Mozilla\Firefox\Profiles\klskt669.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011.01.09 01:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.12.24 11:19:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.10.26 16:25:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.10.26 16:25:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.10.26 16:25:59 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.10.26 16:25:59 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.10.26 16:25:59 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.01.09 01:07:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: &Ins Deutsche

[LDTate]

Did you setup a proxy server?

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;vpn.kampa.de;www.kampa-ag.de;www.pcvisit.de;<local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.99.20:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..network.proxy.ftp: "192.168.99.20"

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.gopher: "192.168.99.20"

FF - prefs.js..network.proxy.gopher_port: 8080

FF - prefs.js..network.proxy.http: "192.168.99.20"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.no_proxies_on: "192.168.*.*,vpn.kampa.de,www.kampa-ag.de,www.pcvisit.de,localhost,127.0.0.1"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "192.168.99.20"

FF - prefs.js..network.proxy.socks_port: 8080

FF - prefs.js..network.proxy.ssl: "192.168.99.20"

FF - prefs.js..network.proxy.ssl_port: 8080

FF - prefs.js..network.proxy.type: 0

[rumi_ws]

I didn't setup this proxy-server, but my partner "werner" had setup this proxy some years ago.

In our office we use an transparent proxy-server (squid).

How could I resolve this problem ?

Regards Michael

[rumi_ws]

And what's this ?

@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2

[LDTate]

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Internet Explorer (Windows)

1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.

Firefox (Windows)

1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Disable Internet Explorer Proxy Settings and Reset TCP/IP and Winsock

Disable Internet Explorer Proxy Settings and Reset TCP/IP

It is very important that these steps be carried out exactly as shown otherwise the fix will not work.

If you have any questions please ask before moving on.

• Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.
  
• Then save the file as "fixme.bat" to your Desktop
  
• In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.
  

  @ECHO OFF
  reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
  reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
  reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable  /t REG_DWORD /d 0 /f
  reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f
  netsh int ip reset resetlog.txt
  netsh winsock reset catalog

  
  

• On Windows XP you can double-click the file to run it.
  
• On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click Yes
  
• This will flash a black DOS box very quickly and go away, this is normal.
  
• Restart your computer now.
  
• Launch Internet Explorer and see if you can connect to the Internet.
  
• Launch MBAM and check for Updates
  

[LDTate]

And what's this ?

@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2

You can delete it but are usually created by a program you're running and will be recreated if needed.

[rumi_ws]

Hi LDTate,

the resetlog.txt

reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation

old REG_MULTI_SZ =

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain

SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{1DC70277-4326-4845-88F7-3287807959DC}\NetbiosOptions

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{392A53BB-4CF3-4D54-A897-338A419D728F}\NetbiosOptions

reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{E85F56E6-4B0A-4DFB-84DF-B707928C074F}\NameServerList

old REG_MULTI_SZ =

<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{E85F56E6-4B0A-4DFB-84DF-B707928C074F}\NetbiosOptions

reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{F2FEBECF-1A55-4023-B82B-6EFBB2392979}\NameServerList

old REG_MULTI_SZ =

<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{F2FEBECF-1A55-4023-B82B-6EFBB2392979}\NetbiosOptions

deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1DC70277-4326-4845-88F7-3287807959DC}\Mtu

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1DC70277-4326-4845-88F7-3287807959DC}\TcpWindowSize

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21AD7BB4-701F-40E0-8918-11531023A87B}\AddressType

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21AD7BB4-701F-40E0-8918-11531023A87B}\DisableDynamicUpdate

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21AD7BB4-701F-40E0-8918-11531023A87B}\Mtu

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21AD7BB4-701F-40E0-8918-11531023A87B}\RawIpAllowedProtocols

old REG_MULTI_SZ =

0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21AD7BB4-701F-40E0-8918-11531023A87B}\TcpAllowedPorts

old REG_MULTI_SZ =

0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21AD7BB4-701F-40E0-8918-11531023A87B}\TcpWindowSize

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21AD7BB4-701F-40E0-8918-11531023A87B}\UdpAllowedPorts

old REG_MULTI_SZ =

0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{392A53BB-4CF3-4D54-A897-338A419D728F}\Mtu

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{392A53BB-4CF3-4D54-A897-338A419D728F}\TcpWindowSize

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{60E473E7-76A2-437B-AB94-2B7CDBB3E015}\DisableDynamicUpdate

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{60E473E7-76A2-437B-AB94-2B7CDBB3E015}\IpAutoconfigurationAddress

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{60E473E7-76A2-437B-AB94-2B7CDBB3E015}\IpAutoconfigurationMask

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{60E473E7-76A2-437B-AB94-2B7CDBB3E015}\IpAutoconfigurationSeed

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{60E473E7-76A2-437B-AB94-2B7CDBB3E015}\Mtu

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{60E473E7-76A2-437B-AB94-2B7CDBB3E015}\RawIpAllowedProtocols

old REG_MULTI_SZ =

0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{60E473E7-76A2-437B-AB94-2B7CDBB3E015}\TcpAllowedPorts

old REG_MULTI_SZ =

0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{60E473E7-76A2-437B-AB94-2B7CDBB3E015}\TcpWindowSize

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{60E473E7-76A2-437B-AB94-2B7CDBB3E015}\UdpAllowedPorts

old REG_MULTI_SZ =

0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E85F56E6-4B0A-4DFB-84DF-B707928C074F}\Mtu

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E85F56E6-4B0A-4DFB-84DF-B707928C074F}\NameServer

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E85F56E6-4B0A-4DFB-84DF-B707928C074F}\TcpWindowSize

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F2FEBECF-1A55-4023-B82B-6EFBB2392979}\Mtu

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F2FEBECF-1A55-4023-B82B-6EFBB2392979}\NameServer

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F2FEBECF-1A55-4023-B82B-6EFBB2392979}\TcpWindowSize

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution

reset Linkage\UpperBind for PCI\VEN_14E4&DEV_1600&SUBSYS_01C81028&REV_02\4&378EDFA4&0&00E2. bad value was:

REG_MULTI_SZ =

PSched

reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was:

REG_MULTI_SZ =

PSched

<completed>

*****************

and the new OTL.Txt

*****************

OTL logfile created on: 09.01.2011 15:10:17 - Run 5

OTL by OldTimer - Version 3.2.20.1 Folder = C:\Dokumente und Einstellungen\werner\Desktop

Windows XP Professional Edition Service Pack 3, v.5913 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 663,00 Mb Available Physical Memory | 65,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 90,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 55,80 Gb Total Space | 20,72 Gb Free Space | 37,14% Space Free | Partition Type: NTFS

Drive D: | 313,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: LP-LFB067 | User Name: werner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\werner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)

PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)

PRC - c:\Programme\TeamViewer\Version6\TeamViewer_Desktop.exe (TeamViewer GmbH)

PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Programme\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)

PRC - C:\Programme\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)

PRC - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe (Acronis)

PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)

========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\werner\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Programme\TeamViewer\Version6\tv_w32.dll (TeamViewer GmbH)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wxvault.dll ()

MOD - C:\WINDOWS\system32\detoured.dll ()

MOD - C:\WINDOWS\system32\crtdll.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (DataSvr2) -- C:\Programme\Wave Systems Corp\Common\DataServer.exe File not found

SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)

SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (afcdpsrv) -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe (Acronis)

SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (tcsd_win32.exe) -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()

SRV - (NICCONFIGSVC) -- C:\Programme\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found

DRV - (PavSRK.sys) -- C:\WINDOWS\System32\PavSRK.sys File not found

DRV - (NgVpn) -- C:\WINDOWS\System32\DRIVERS\ngvpn.sys File not found

DRV - (NgLog) -- C:\WINDOWS\System32\DRIVERS\nglog.sys File not found

DRV - (NgFilter) -- C:\WINDOWS\System32\DRIVERS\ngfilter.sys File not found

DRV - (ComFiltr) -- C:\WINDOWS\System32\DRIVERS\COMFiltr.sys File not found

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)

DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)

DRV - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys (Acronis)

DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)

DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (CBUSB) -- C:\WINDOWS\system32\drivers\CBUSB.SYS (MARX CryptoTech LP)

DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.)

DRV - (PBADRV) -- C:\WINDOWS\system32\drivers\pbadrv.sys (Dell Inc)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)

DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)

DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (fpcmbase) -- C:\WINDOWS\system32\drivers\fpcmbase.sys (AVM GmbH)

DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 58 5B E2 03 B0 CB 01 [binary data]

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..network.proxy.ftp: "192.168.99.20"

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.gopher: "192.168.99.20"

FF - prefs.js..network.proxy.gopher_port: 8080

FF - prefs.js..network.proxy.no_proxies_on: ""

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "192.168.99.20"

FF - prefs.js..network.proxy.socks_port: 8080

FF - prefs.js..network.proxy.ssl: "192.168.99.20"

FF - prefs.js..network.proxy.ssl_port: 8080

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.24 09:51:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.01.08 11:12:35 | 000,000,000 | ---D | M]

[2010.07.29 13:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\werner\Anwendungsdaten\Mozilla\Extensions

[2011.01.08 11:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\werner\Anwendungsdaten\Mozilla\Firefox\Profiles\klskt669.default\extensions

[2010.08.02 14:47:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\werner\Anwendungsdaten\Mozilla\Firefox\Profiles\klskt669.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.12.24 11:14:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\werner\Anwendungsdaten\Mozilla\Firefox\Profiles\klskt669.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011.01.09 01:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.12.24 11:19:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.10.26 16:25:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.10.26 16:25:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.10.26 16:25:59 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.10.26 16:25:59 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.10.26 16:25:59 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.01.09 01:07:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: &Ins Deutsche

[LDTate]

How's it running now?

[rumi_ws]

Yes.

I'll donate your really good job and buy malwarebytes pro immediately.

Last question:

Do you think, it a good idea to combine G-Data-TotalCare2011 with Malwarebytes ?

Many thanks and best regards

Michael

[LDTate]

Yes.

I haven't seen any issues with those working together.

Keep in mind that you only want 1 anti-virus and 1 firewall active.

[LDTate]

Sorry I forgot that you need to uninstall OTL and combofix.

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

• Click START run
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

For Vista / Windows 7

• Click START Search
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

• The application window will appear
  
• Click the Re-enable button to re-enable your CD Emulation drivers
  
• Click Yes to continue
  
• A 'Finished!' message will appear
  
• Click OK
  
• DeFogger will now ask to reboot the machine - click OK
  

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.