Langsamer PC, Systemabstürze, Fehlermeldungen (Windows Search Indexerstellung wurde geschlossen,u.a)

zerbinetta · 21.09.2011, 15:04

Hallo - dies ist mein erster Beitrag. ich habe mich schon seit längerem hier (und bei ähnlichen Foren) umgesehen, konnte mein Problem aber nicht eigenständig lösen.

Seit etwa vier Wochen arbeitet mein Rechner quälend langsam. Programme bleiben hängen, stürzen ab, manchmal stürzt sogar das ganze System ab. Die Fehler sind leider schwer reproduzierbar. Was mir immerhin aufgefallen ist: sobald ich ein USB-Gerät (Maus oder Drucker) an einen beliebigen Anschluss hänge, wird der Rechner noch langsamer.
Häufigste Fehlermeldung: Die Windows Search Indexerstellung wurde geschlossen (oder so ähnlich). Nachdem ich bei Google fündig geworden war, habe ich den Dienst deaktiviert, die Unterordner von C:\ProgramData\Microsoft\Search\Data gelöscht, das System neu gestartet und den Dienst wieder aktiviert. Leider hat das nichts gebracht.
Eine neuere Fehlermeldung ist jetzt: Hostprozess für Windows-Dienste wurde beendet und geschlossen.

Hier die Logfiles von Defogger, OTL und Gmer.
Bei GMER hatte ich das Problem, dass der Computer mehrfach abstürzte, jedes Mal kurz nach Beginn des Scans. Ich habe es schließlich im abgesicherten Modus versucht. Ich poste noch ein älteres Logfile von Gmer, das ich vor einer Woche bereits erstellt hatte, damals ohne Absturz.

Defogger:

Nach dem Scan erfolgte (anders als in der Anleitung) keine Aufforderung zum Neustart. Habe dann noch mal ein zweites Mal gescannt - immer noch nichts. Daraufhin habe ich dann aber trotzdem den Rechner neu gestartet.

Code:

ATTFilter

 defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:25 on 21/09/2011 (Doro)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

OTL:

Code:

ATTFilter

 OTL logfile created on: 21.09.2011 14:33:30 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Doro\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 60,09% Memory free
6,13 Gb Paging File | 5,03 Gb Available in Paging File | 82,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,56 Gb Total Space | 202,07 Gb Free Space | 44,45% Space Free | Partition Type: NTFS
Drive D: | 11,20 Gb Total Space | 1,84 Gb Free Space | 16,46% Space Free | Partition Type: NTFS
 
Computer Name: ZERBINETTA | User Name: Doro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.21 14:01:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Doro\Desktop\OTL.exe
PRC - [2011.06.30 10:58:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 17:29:49 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.24 08:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2010.11.05 19:29:26 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.03 16:37:57 | 000,154,112 | ---- | M] () -- C:\Program Files\ImagonShared\DierckeBrowserInterface.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.13 19:14:00 | 000,247,296 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe
PRC - [2010.01.13 19:13:20 | 000,133,120 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\UIExec.exe
PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2009.07.21 22:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009.07.21 22:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
PRC - [2009.04.22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe
PRC - [2008.10.09 07:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008.09.26 03:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008.09.25 19:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008.09.25 19:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.28 23:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011.08.24 13:34:29 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011.08.24 13:34:09 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011.08.24 09:18:59 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011.08.24 09:18:51 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2010.02.03 16:37:57 | 000,154,112 | ---- | M] () -- C:\Program Files\ImagonShared\DierckeBrowserInterface.exe
MOD - [2010.01.13 19:13:20 | 000,133,120 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\UIExec.exe
MOD - [2009.04.22 22:53:22 | 000,267,656 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
MOD - [2009.04.22 22:53:22 | 000,124,288 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll
MOD - [2009.04.22 22:53:22 | 000,038,184 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll
MOD - [2009.04.22 22:53:20 | 000,349,480 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll
MOD - [2009.04.22 22:52:56 | 000,066,856 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll
MOD - [2008.09.25 19:42:26 | 000,881,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2007.08.14 14:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (Norton Internet Security)
SRV - [2011.06.30 10:58:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 17:29:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.13 19:14:00 | 000,247,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009.07.21 22:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV)
SRV - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009.03.02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe -- (AESTFilters)
SRV - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.30 10:58:36 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.30 10:58:36 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.10.03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.21 22:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.09.26 03:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008.08.06 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.07.22 17:42:34 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.07.21 12:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.04.29 03:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2005.09.06 15:33:46 | 001,342,138 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005.09.06 15:30:22 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwusb.sys -- (BTWUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.wetteronline.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.16 22:09:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.17 07:36:33 | 000,000,000 | ---D | M]
 
[2010.07.24 16:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doro\AppData\Roaming\mozilla\Extensions
[2010.02.07 14:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doro\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.09.15 22:42:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doro\AppData\Roaming\mozilla\Firefox\Profiles\lhc9bnhm.default\extensions
[2011.08.16 22:09:50 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Doro\AppData\Roaming\mozilla\Firefox\Profiles\lhc9bnhm.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010.07.26 20:33:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Doro\AppData\Roaming\mozilla\Firefox\Profiles\lhc9bnhm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.15 22:42:39 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Doro\AppData\Roaming\mozilla\Firefox\Profiles\lhc9bnhm.default\extensions\anttoolbar@ant.com
[2011.03.12 21:31:50 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Doro\AppData\Roaming\mozilla\Firefox\Profiles\lhc9bnhm.default\extensions\personas@christopher.beard
[2011.06.28 09:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.26 21:18:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.27 21:45:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.02 14:22:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.26 22:21:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.28 09:53:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.04.02 22:35:05 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2011.08.16 22:09:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.31 11:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2010.04.08 13:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2011.04.16 20:47:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.16 20:47:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.04.16 20:47:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.16 20:47:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.16 20:47:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.16 20:47:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} hxxp://www.dynageo.de/download/dynageoviewer.cab (DynaGeoX Element)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4A55884-B978-4705-BC7C-9047C316C7B4}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFFD7B9D-FDD4-42AB-870F-12F1DD2A9DC3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Doro\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Doro\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{484b7929-31c7-11de-b0b0-00235a31f89c}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{6a42a0bf-2113-11de-9e9c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6a42a0bf-2113-11de-9e9c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Einstiegsseite.exe
O33 - MountPoints2\{762141d1-b50b-11de-8572-00235a31f89c}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O33 - MountPoints2\{b857417f-6239-11df-b359-00235a31f89c}\Shell - "" = AutoRun
O33 - MountPoints2\{b857417f-6239-11df-b359-00235a31f89c}\Shell\AutoRun\command - "" = F:\Install.exe
O33 - MountPoints2\{bba60099-11c5-11df-9d27-00235a31f89c}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.21 14:01:41 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Doro\Desktop\OTL.exe
[2011.09.21 11:14:01 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.09.04 17:03:00 | 000,000,000 | ---D | C] -- C:\Users\Doro\AppData\Roaming\FileZilla
[2011.09.04 17:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011.09.04 17:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011.09.04 00:47:05 | 000,000,000 | ---D | C] -- C:\Users\Doro\Documents\My Albums
[2011.09.04 00:42:02 | 000,000,000 | ---D | C] -- C:\Users\Doro\AppData\Roaming\jAlbum
[2011.09.04 00:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jAlbum
[2011.09.04 00:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\jAlbum
[2011.08.29 18:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2011.02.02 16:03:23 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx
[2009.05.05 11:29:40 | 008,805,091 | ---- | C] (Macrovision Corporation) -- C:\Program Files\ISSetup.dll
[2009.04.03 16:12:56 | 000,316,712 | ---- | C] (Macrovision Corporation                                   ) -- C:\Program Files\setup.exe
[2009.02.09 16:27:02 | 000,094,208 | ---- | C] ( ) -- C:\Program Files\SKUtil.dll
[2008.08.14 20:58:56 | 000,094,208 | ---- | C] (CyberLink Corp.) -- C:\Program Files\VerCheck.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.21 14:35:57 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.21 14:35:57 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.21 14:35:57 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.21 14:35:57 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.21 14:30:01 | 000,200,520 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.09.21 14:29:42 | 000,200,520 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.09.21 14:29:33 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.21 14:29:32 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.21 14:29:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.21 14:29:26 | 3186,577,408 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.21 14:27:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.09.21 14:06:17 | 000,000,000 | ---- | M] () -- C:\Users\Doro\defogger_reenable
[2011.09.21 14:04:45 | 000,024,543 | ---- | M] () -- C:\Users\Doro\Desktop\AnleitungRootkitscan.odt
[2011.09.21 14:01:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Doro\Desktop\OTL.exe
[2011.09.21 13:48:53 | 000,028,187 | ---- | M] () -- C:\Users\Doro\Desktop\Fehler21_9_2011.JPG
[2011.09.21 13:06:29 | 000,050,477 | ---- | M] () -- C:\Users\Doro\Desktop\Defogger.exe
[2011.09.21 10:07:28 | 276,536,387 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.21 09:52:27 | 000,302,592 | ---- | M] () -- C:\Users\Doro\Desktop\fxelug8e.exe
[2011.09.20 22:54:12 | 000,031,030 | ---- | M] () -- C:\Users\Doro\Desktop\Fehler_SearchIndexer.JPG
[2011.09.19 22:41:29 | 000,021,546 | ---- | M] () -- C:\Users\Doro\Desktop\Kalender.ods
[2011.09.18 22:56:28 | 000,038,017 | ---- | M] () -- C:\Users\Doro\Desktop\Kalender_Vorlage(b).ods
[2011.09.16 23:27:40 | 000,036,792 | ---- | M] () -- C:\Users\Doro\Desktop\Kalender_Vorlage.ods
[2011.09.16 22:25:16 | 000,019,378 | ---- | M] () -- C:\Users\Doro\Desktop\Adressen.ods
[2011.09.12 16:33:32 | 000,010,931 | ---- | M] () -- C:\Users\Doro\Desktop\AblesungHeizkörper.ods
[2011.09.11 23:05:59 | 000,028,851 | ---- | M] () -- C:\Users\Doro\Desktop\schulkalender20112012.ods
[2011.09.11 21:36:06 | 000,502,004 | ---- | M] () -- C:\Users\Doro\Desktop\Schubert-Erlkönig_Op1.pdf
[2011.09.11 21:35:30 | 000,054,749 | ---- | M] () -- C:\Users\Doro\Desktop\Fehlermeldung11_9_2011.JPG
[2011.09.06 22:03:22 | 000,010,319 | ---- | M] () -- C:\Users\Doro\.recently-used.xbel
[2011.09.06 22:03:14 | 000,082,285 | ---- | M] () -- C:\Users\Doro\Desktop\Umzugskarte_Playmobil2Rück.jpg
[2011.09.06 21:57:15 | 001,473,974 | ---- | M] () -- C:\Users\Doro\Desktop\Umzugskarte_Playmobil2.jpg
[2011.09.05 23:32:08 | 000,046,420 | ---- | M] () -- C:\Users\Doro\Desktop\Fehlermeldung5_9_2011.JPG
[2011.09.04 17:30:43 | 000,425,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.09.04 00:42:31 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\jAlbum.lnk
[2011.09.03 22:25:09 | 001,141,069 | ---- | M] () -- C:\Users\Doro\Documents\Bedienungsanleitung_Herd.pdf
[2011.08.30 00:57:42 | 000,148,992 | ---- | M] () -- C:\Users\Doro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.29 08:05:54 | 000,042,435 | ---- | M] () -- C:\Users\Doro\Desktop\virenfund.JPG
[2011.08.29 00:55:23 | 000,001,850 | ---- | M] () -- C:\Users\Doro\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2011.08.29 00:55:23 | 000,001,779 | ---- | M] () -- C:\Users\Doro\Desktop\Avira DE-Cleaner.lnk
[2011.08.24 00:00:10 | 001,695,906 | ---- | M] () -- C:\Users\Doro\Documents\opencom30_bedienungsanleitung.pdf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.21 14:06:17 | 000,000,000 | ---- | C] () -- C:\Users\Doro\defogger_reenable
[2011.09.21 14:04:42 | 000,024,543 | ---- | C] () -- C:\Users\Doro\Desktop\AnleitungRootkitscan.odt
[2011.09.21 13:48:51 | 000,028,187 | ---- | C] () -- C:\Users\Doro\Desktop\Fehler21_9_2011.JPG
[2011.09.21 13:06:14 | 000,050,477 | ---- | C] () -- C:\Users\Doro\Desktop\Defogger.exe
[2011.09.21 12:55:02 | 000,001,799 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DGO-Interface-01.lnk
[2011.09.21 09:52:24 | 000,302,592 | ---- | C] () -- C:\Users\Doro\Desktop\fxelug8e.exe
[2011.09.20 22:54:09 | 000,031,030 | ---- | C] () -- C:\Users\Doro\Desktop\Fehler_SearchIndexer.JPG
[2011.09.18 22:56:27 | 000,038,017 | ---- | C] () -- C:\Users\Doro\Desktop\Kalender_Vorlage(b).ods
[2011.09.16 23:23:47 | 000,036,792 | ---- | C] () -- C:\Users\Doro\Desktop\Kalender_Vorlage.ods
[2011.09.16 23:23:25 | 000,021,546 | ---- | C] () -- C:\Users\Doro\Desktop\Kalender.ods
[2011.09.12 16:32:13 | 000,010,931 | ---- | C] () -- C:\Users\Doro\Desktop\AblesungHeizkörper.ods
[2011.09.11 23:05:59 | 000,028,851 | ---- | C] () -- C:\Users\Doro\Desktop\schulkalender20112012.ods
[2011.09.11 21:36:06 | 000,502,004 | ---- | C] () -- C:\Users\Doro\Desktop\Schubert-Erlkönig_Op1.pdf
[2011.09.11 21:35:30 | 000,054,749 | ---- | C] () -- C:\Users\Doro\Desktop\Fehlermeldung11_9_2011.JPG
[2011.09.06 22:03:22 | 000,010,319 | ---- | C] () -- C:\Users\Doro\.recently-used.xbel
[2011.09.06 22:03:14 | 000,082,285 | ---- | C] () -- C:\Users\Doro\Desktop\Umzugskarte_Playmobil2Rück.jpg
[2011.09.06 21:56:07 | 001,473,974 | ---- | C] () -- C:\Users\Doro\Desktop\Umzugskarte_Playmobil2.jpg
[2011.09.05 23:32:06 | 000,046,420 | ---- | C] () -- C:\Users\Doro\Desktop\Fehlermeldung5_9_2011.JPG
[2011.09.04 00:42:31 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\jAlbum.lnk
[2011.09.03 22:25:08 | 001,141,069 | ---- | C] () -- C:\Users\Doro\Documents\Bedienungsanleitung_Herd.pdf
[2011.08.29 08:04:10 | 000,042,435 | ---- | C] () -- C:\Users\Doro\Desktop\virenfund.JPG
[2011.08.29 00:55:23 | 000,001,850 | ---- | C] () -- C:\Users\Doro\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2011.08.29 00:55:23 | 000,001,779 | ---- | C] () -- C:\Users\Doro\Desktop\Avira DE-Cleaner.lnk
[2011.08.24 00:00:10 | 001,695,906 | ---- | C] () -- C:\Users\Doro\Documents\opencom30_bedienungsanleitung.pdf
[2011.06.08 12:59:41 | 000,006,931 | ---- | C] () -- C:\Users\Doro\AppData\Roaming\.freeciv-client-rc-2.2
[2011.06.03 16:17:56 | 000,000,172 | ---- | C] () -- C:\Users\Doro\AppData\Roaming\.ptbt0
[2011.05.17 18:59:27 | 000,946,519 | ---- | C] () -- C:\Windows\Diercke Globus Online Uninstaller.exe
[2011.01.05 00:21:28 | 000,338,227 | ---- | C] () -- C:\Users\Doro\AppData\Roaming\mdbu.bin
[2010.11.09 23:59:34 | 000,000,724 | ---- | C] () -- C:\Windows\wacam.ini
[2010.08.02 20:01:43 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.08.02 20:01:43 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.08.02 20:01:43 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.08.02 20:01:43 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.08.02 20:01:43 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.08.02 20:01:43 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.08.02 20:01:43 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.08.02 20:01:43 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.08.02 20:01:43 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.08.02 20:01:43 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.08.02 20:01:43 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.08.02 20:01:43 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.08.02 20:01:43 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.08.02 20:01:43 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.08.02 20:01:43 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.08.02 20:01:43 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.08.02 20:01:43 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.08.02 20:01:43 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.08.02 20:01:43 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.06.13 22:26:42 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010.06.13 22:26:42 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2010.03.22 22:16:17 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.10.23 14:25:09 | 000,155,648 | ---- | C] () -- C:\Windows\System32\daspi32u.dll
[2009.10.23 14:25:09 | 000,106,496 | ---- | C] () -- C:\Windows\System32\IO_PORT.DLL
[2009.10.23 14:25:09 | 000,102,400 | ---- | C] () -- C:\Windows\System32\FVC.DLL
[2009.10.23 14:25:09 | 000,032,768 | ---- | C] () -- C:\Windows\System32\SQ1394.DLL
[2009.10.23 14:25:09 | 000,010,624 | ---- | C] () -- C:\Windows\System32\drivers\GENEUSB.SYS
[2009.10.22 14:28:57 | 000,196,608 | ---- | C] () -- C:\Windows\System32\PSlide.dll
[2009.10.22 14:28:57 | 000,049,152 | ---- | C] () -- C:\Windows\System32\PWiaExt.dll
[2009.10.22 14:28:56 | 000,010,624 | ---- | C] () -- C:\Windows\System32\GENEUSB.SYS
[2009.09.24 21:13:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 21:13:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.30 08:13:50 | 000,200,520 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.30 08:11:48 | 000,200,520 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.05.05 11:30:44 | 000,004,647 | ---- | C] () -- C:\Program Files\Cyberlink.MD5
[2009.05.05 11:30:26 | 000,000,244 | ---- | C] () -- C:\Program Files\info.ini
[2009.05.05 11:30:26 | 000,000,185 | ---- | C] () -- C:\Program Files\ureg.ini
[2009.05.05 11:30:24 | 000,000,495 | ---- | C] () -- C:\Program Files\Custom.ini
[2009.05.05 11:30:22 | 004,010,496 | ---- | C] () -- C:\Program Files\MediaSmart TV.msi
[2009.05.05 11:30:22 | 000,002,090 | ---- | C] () -- C:\Program Files\Setup.ini
[2009.05.05 11:30:22 | 000,000,182 | ---- | C] () -- C:\Program Files\Product.ini
[2009.05.05 11:30:20 | 000,034,304 | ---- | C] () -- C:\Program Files\1048.mst
[2009.05.05 11:30:20 | 000,034,304 | ---- | C] () -- C:\Program Files\1026.mst
[2009.05.05 11:30:20 | 000,033,280 | ---- | C] () -- C:\Program Files\1055.mst
[2009.05.05 11:30:20 | 000,031,744 | ---- | C] () -- C:\Program Files\1054.mst
[2009.05.05 11:30:20 | 000,003,584 | ---- | C] () -- C:\Program Files\1033.mst
[2009.05.05 11:30:18 | 000,034,816 | ---- | C] () -- C:\Program Files\2070.mst
[2009.05.05 11:30:18 | 000,034,816 | ---- | C] () -- C:\Program Files\1046.mst
[2009.05.05 11:30:18 | 000,034,816 | ---- | C] () -- C:\Program Files\1045.mst
[2009.05.05 11:30:18 | 000,033,280 | ---- | C] () -- C:\Program Files\1049.mst
[2009.05.05 11:30:18 | 000,033,280 | ---- | C] () -- C:\Program Files\1044.mst
[2009.05.05 11:30:18 | 000,032,768 | ---- | C] () -- C:\Program Files\1053.mst
[2009.05.05 11:30:16 | 000,037,888 | ---- | C] () -- C:\Program Files\1032.mst
[2009.05.05 11:30:16 | 000,037,376 | ---- | C] () -- C:\Program Files\1043.mst
[2009.05.05 11:30:16 | 000,035,840 | ---- | C] () -- C:\Program Files\1038.mst
[2009.05.05 11:30:16 | 000,035,840 | ---- | C] () -- C:\Program Files\1034.mst
[2009.05.05 11:30:16 | 000,033,792 | ---- | C] () -- C:\Program Files\1029.mst
[2009.05.05 11:30:16 | 000,033,280 | ---- | C] () -- C:\Program Files\1035.mst
[2009.05.05 11:30:16 | 000,033,280 | ---- | C] () -- C:\Program Files\1030.mst
[2009.05.05 11:30:14 | 000,038,912 | ---- | C] () -- C:\Program Files\1031.mst
[2009.05.05 11:30:14 | 000,037,888 | ---- | C] () -- C:\Program Files\1040.mst
[2009.05.05 11:30:14 | 000,037,376 | ---- | C] () -- C:\Program Files\1036.mst
[2009.05.05 11:30:14 | 000,035,840 | ---- | C] () -- C:\Program Files\1041.mst
[2009.05.05 11:30:14 | 000,031,744 | ---- | C] () -- C:\Program Files\1042.mst
[2009.05.05 11:30:14 | 000,025,088 | ---- | C] () -- C:\Program Files\2052.mst
[2009.05.05 11:30:14 | 000,024,576 | ---- | C] () -- C:\Program Files\1028.mst
[2009.05.05 11:30:08 | 045,440,872 | ---- | C] () -- C:\Program Files\Data1.cab
[2009.05.05 11:28:38 | 000,000,047 | ---- | C] () -- C:\Program Files\Define.ini
[2009.05.05 11:26:46 | 000,000,622 | ---- | C] () -- C:\Program Files\HPTV.sim
[2009.05.05 11:21:04 | 000,004,818 | ---- | C] () -- C:\Program Files\sp43595.cva
[2009.04.23 23:30:01 | 000,000,268 | RH-- | C] () -- C:\Users\Doro\AppData\Roaming\BSD
[2009.04.23 23:30:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Bass
[2009.04.23 23:30:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2009.04.23 23:30:01 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bundle
[2009.04.23 23:23:25 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Basic Track
[2009.04.23 23:23:25 | 000,000,268 | RH-- | C] () -- C:\Users\Doro\AppData\Roaming\Automatic Filter
[2009.04.23 23:23:25 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009.04.23 23:23:25 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Booms
[2009.04.04 23:26:44 | 000,148,992 | ---- | C] () -- C:\Users\Doro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.22 06:37:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.22 06:34:24 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.10.22 06:34:24 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.10.22 06:34:24 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.10.22 06:34:24 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.10.21 22:43:10 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008.10.21 21:47:09 | 000,218,480 | ---- | C] () -- C:\ProgramData\SymUpdate.exe
[2008.10.21 21:06:34 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.10.18 17:54:24 | 001,129,289 | ---- | C] () -- C:\Program Files\setup.isn
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,425,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.05.17 01:02:16 | 000,007,460 | ---- | C] () -- C:\Program Files\0x0408.ini
[2006.05.17 01:02:16 | 000,007,242 | ---- | C] () -- C:\Program Files\0x040c.ini
[2006.05.17 01:02:16 | 000,007,094 | ---- | C] () -- C:\Program Files\0x0407.ini
[2006.05.17 01:02:16 | 000,007,022 | ---- | C] () -- C:\Program Files\0x040a.ini
[2006.05.17 01:02:16 | 000,006,897 | ---- | C] () -- C:\Program Files\0x0410.ini
[2006.05.17 01:02:16 | 000,006,833 | ---- | C] () -- C:\Program Files\0x0816.ini
[2006.05.17 01:02:16 | 000,006,814 | ---- | C] () -- C:\Program Files\0x0413.ini
[2006.05.17 01:02:16 | 000,006,715 | ---- | C] () -- C:\Program Files\0x0415.ini
[2006.05.17 01:02:16 | 000,006,623 | ---- | C] () -- C:\Program Files\0x0411.ini
[2006.05.17 01:02:16 | 000,006,569 | ---- | C] () -- C:\Program Files\0x0416.ini
[2006.05.17 01:02:16 | 000,006,552 | ---- | C] () -- C:\Program Files\0x0402.ini
[2006.05.17 01:02:16 | 000,006,512 | ---- | C] () -- C:\Program Files\0x0419.ini
[2006.05.17 01:02:16 | 000,006,509 | ---- | C] () -- C:\Program Files\0x0405.ini
[2006.05.17 01:02:16 | 000,006,489 | ---- | C] () -- C:\Program Files\0x040e.ini
[2006.05.17 01:02:16 | 000,006,461 | ---- | C] () -- C:\Program Files\0x0406.ini
[2006.05.17 01:02:16 | 000,006,419 | ---- | C] () -- C:\Program Files\0x0418.ini
[2006.05.17 01:02:16 | 000,006,393 | ---- | C] () -- C:\Program Files\0x0414.ini
[2006.05.17 01:02:16 | 000,006,355 | ---- | C] () -- C:\Program Files\0x041f.ini
[2006.05.17 01:02:16 | 000,006,344 | ---- | C] () -- C:\Program Files\0x040b.ini
[2006.05.17 01:02:16 | 000,006,153 | ---- | C] () -- C:\Program Files\0x041e.ini
[2006.05.17 01:02:16 | 000,006,153 | ---- | C] () -- C:\Program Files\0x041d.ini
[2006.05.17 01:02:16 | 000,006,129 | ---- | C] () -- C:\Program Files\0x0409.ini
[2006.05.17 01:02:16 | 000,005,724 | ---- | C] () -- C:\Program Files\0x0412.ini
[2006.05.17 01:02:16 | 000,004,315 | ---- | C] () -- C:\Program Files\0x0804.ini
[2006.05.17 01:02:16 | 000,004,248 | ---- | C] () -- C:\Program Files\0x0404.ini
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2011.07.23 13:54:53 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\.freeciv
[2011.04.03 22:01:05 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\.smarttech-webinterface
[2010.11.09 23:59:38 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\ACAMPREF
[2011.06.05 23:38:42 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\Audacity
[2010.04.22 23:21:14 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\Blender Foundation
[2010.05.22 16:06:25 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\Diercke Globus Online
[2009.04.07 22:32:36 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\DynaGeo
[2011.01.03 21:37:27 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\elsterformular
[2011.09.04 17:13:21 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\FileZilla
[2009.05.29 09:06:15 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\fotobuch.de AG
[2011.09.06 22:03:22 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\gtk-2.0
[2011.09.04 01:09:09 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\jAlbum
[2011.06.13 19:03:42 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\kompozer.net
[2011.04.12 22:17:46 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\LibreOffice
[2010.08.21 12:42:45 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\MakeMusic
[2009.06.29 22:25:18 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\MPEG Streamclip
[2009.09.06 12:25:37 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\MusE
[2009.04.24 21:28:28 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\Nikon
[2009.04.07 16:37:25 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\OpenOffice.org
[2009.10.22 14:42:01 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\PIE
[2010.02.11 23:11:38 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\POV-Ray
[2010.04.07 13:01:38 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\SMART Technologies
[2010.04.07 12:38:09 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\SMART Technologies Inc
[2009.12.04 14:17:05 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\streamripper
[2011.04.04 22:34:19 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\Thunderbird
[2011.09.21 14:27:48 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.01.31 22:51:52 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.06.25 23:18:13 | 000,000,000 | ---D | M] -- C:\783232d64fcf05751d
[2009.09.24 23:15:42 | 000,000,000 | -HSD | M] -- C:\boot
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.04.04 16:29:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.07.27 23:12:58 | 000,000,000 | ---D | M] -- C:\DVDShrink
[2009.04.04 16:31:38 | 000,000,000 | -H-D | M] -- C:\HP
[2009.03.15 22:05:20 | 000,000,000 | ---D | M] -- C:\Intel
[2011.08.08 14:02:00 | 000,000,000 | ---D | M] -- C:\Material
[2008.10.21 22:29:49 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.09.04 17:02:53 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.05.14 12:45:56 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.04.04 16:29:38 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.08.21 12:41:22 | 000,000,000 | ---D | M] -- C:\PSFONTS
[2010.04.22 23:26:21 | 000,000,000 | ---D | M] -- C:\Python26
[2011.08.08 18:15:01 | 000,000,000 | ---D | M] -- C:\Sound
[2010.06.16 21:14:14 | 000,000,000 | ---D | M] -- C:\SwSetup
[2011.09.21 14:36:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.04.04 16:32:07 | 000,000,000 | -H-D | M] -- C:\System.sav
[2009.10.09 08:35:09 | 000,000,000 | ---D | M] -- C:\UninstallerData
[2010.01.31 22:51:36 | 000,000,000 | R--D | M] -- C:\Users
[2011.09.21 11:14:01 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2009.04.03 16:12:56 | 000,316,712 | ---- | M] (Macrovision Corporation                                   ) -- C:\Program Files\setup.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 670 bytes -> C:\Users\Doro\Documents\Training fürs Schülercoaching.eml:OECustomProperty
@Alternate Data Stream - 64 bytes -> C:\Users\Public\Documents\Israel-Sound.mp3:TOC.WMV

< End of report >

Noch OTL:

Code:

ATTFilter

 OTL Extras logfile created on: 21.09.2011 14:33:30 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Doro\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 60,09% Memory free
6,13 Gb Paging File | 5,03 Gb Available in Paging File | 82,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,56 Gb Total Space | 202,07 Gb Free Space | 44,45% Space Free | Partition Type: NTFS
Drive D: | 11,20 Gb Total Space | 1,84 Gb Free Space | 16,46% Space Free | Partition Type: NTFS
 
Computer Name: ZERBINETTA | User Name: Doro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\PortableApps\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "F:\PortableApps\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "F:\PortableApps\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BB7510F-9C4E-474F-88B1-5D7A273DB5E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1E2A4177-D660-4F8C-94C5-3F3358A7E51C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{35BF7279-24BA-45BD-8E18-16D173B074A4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3D2AC8ED-F680-420F-BFAF-D0132575C528}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3F0B7955-F478-459C-B2B3-F0FE4223A268}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4569A150-8DB0-4854-91D2-459AAF5352AB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4D305746-8EE5-410C-B4D1-3317F9411335}" = rport=139 | protocol=6 | dir=out | app=system | 
"{59819F46-2309-482F-9ADB-44EC61BCBC30}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{60D1E845-4936-43F9-A3FB-0542A7F665A4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7EF3B57F-4D47-4EE5-98D6-800727C00B87}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7F389B02-1D9E-45DB-88AB-C5F101329C67}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8075A37A-8C0D-4AE4-AEB4-0E1CE0BEFF00}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8577CF2D-94E5-4E36-860B-140A28A33728}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{98A6421F-7A67-4AB1-B4F5-530D4A2D0EAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C5ECA23F-8F87-4CF8-A7DF-5AA3F22F2D2F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CF0625B4-2BCE-4ED5-99B7-EF8D7CD62075}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC462967-2470-444C-8FDE-C25CAB9783DF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DFE57984-48E0-43CC-BD1A-9A8F70F36DAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F68B8706-678B-4292-8514-9B8F6F0605AB}" = lport=12001 | protocol=17 | dir=in | name=smart webserver handshake multicast port | 
"{F90DD6C2-9758-43BD-B47F-2394D6003A82}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FB04AA9A-FADF-4686-B4AF-C850B840696F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B01E87A-35B8-4223-AF40-FFA6FD5A4B0C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1221E528-364F-4479-9380-E3B91F6C99C8}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{15F0FFC1-1FFF-45AB-B046-7C0C87BCBD1E}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{168FF081-5458-460C-A038-040F3DFA3735}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{20036EEC-8F9D-480E-8182-3F3B184DC2D9}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{2CCEC4A5-E8AC-47A9-85AC-E1926F8B9416}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{31982CA4-5179-48F4-A6D9-6BEF5434ACBF}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{384F0801-8E6B-4937-9B75-7B5A43B32A96}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5E62F8D8-6AD9-4342-9E22-CF91231EE261}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe | 
"{70A87530-96F0-4591-90A9-83CC4624603D}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe | 
"{7C8DBEB2-2368-4B32-AEBE-4D2A542C6E01}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{838345EA-D7D3-4A42-9E75-D429DBDF847E}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{8A2783EF-150B-431D-8E61-03EF46E16DE6}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{96567975-2BEF-4662-AA15-3E7A3A616EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A740CC0C-AEF3-474E-B40E-5E25CE855A2F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{A9B75FEC-D807-45F1-81A4-00DDA099E711}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B879F2FD-69A7-49DF-936A-DD0AEC78564E}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{CDD6F9CF-3D8A-437D-B3DD-ABBC92EAE126}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{D57558FD-4C39-4EE3-9EF3-3F3C518A1AFF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E08823A6-5459-48B1-9428-53FC903F136E}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{E318339D-622E-4CB5-A458-97B15E7FA24D}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe | 
"{ED91E18D-11AB-4D90-926D-D8C0F548A2AA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FC6A6FA8-2AE2-41D7-B387-564F51E2A080}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FCFB09B9-E05E-4923-8CDC-0DA066FB951B}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe | 
"TCP Query User{12EDF2EA-9220-4626-B304-886138778D0B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{2ADFBAF3-2C9D-45D6-9700-E58D04311A0B}C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe | 
"TCP Query User{5674DA3C-8765-46FF-B9C5-788D0AA48D21}F:\portableapps\freecivportable\app\freeciv\freeciv-server.exe" = protocol=6 | dir=in | app=f:\portableapps\freecivportable\app\freeciv\freeciv-server.exe | 
"TCP Query User{7E2AD460-3A4C-4B1D-AFE7-DED5BD813C0B}C:\program files\smart technologies\smart product drivers\ucservice.exe" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe | 
"TCP Query User{B57A35F4-6339-47A1-BC26-5933B65E78DA}C:\users\doro\appdata\local\freeciv-2.2.5-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=c:\users\doro\appdata\local\freeciv-2.2.5-gtk2\freeciv-server.exe | 
"TCP Query User{C2AE6DF5-3CC3-45A3-8FEA-3931FCA81179}F:\portableapps\freecivportable\app\freeciv\freeciv-server.exe" = protocol=6 | dir=in | app=f:\portableapps\freecivportable\app\freeciv\freeciv-server.exe | 
"TCP Query User{CAAC011D-406B-4BF2-96ED-4519D1D79574}C:\users\doro\appdata\local\freeciv-2.2.5-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=c:\users\doro\appdata\local\freeciv-2.2.5-gtk2\freeciv-server.exe | 
"UDP Query User{53642092-CF89-4584-A125-950372F68995}C:\users\doro\appdata\local\freeciv-2.2.5-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=c:\users\doro\appdata\local\freeciv-2.2.5-gtk2\freeciv-server.exe | 
"UDP Query User{6F4A618B-595B-4E94-932F-42A7A130152B}C:\program files\smart technologies\smart product drivers\ucservice.exe" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe | 
"UDP Query User{885B8BC3-FF09-4ABC-A5C6-2342203C1BD6}F:\portableapps\freecivportable\app\freeciv\freeciv-server.exe" = protocol=17 | dir=in | app=f:\portableapps\freecivportable\app\freeciv\freeciv-server.exe | 
"UDP Query User{A30CA5A4-6EE5-40A4-BEFB-49BC56D1482A}C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe | 
"UDP Query User{B55970FF-DFDE-46E1-B1CC-9446C5F8D312}C:\users\doro\appdata\local\freeciv-2.2.5-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=c:\users\doro\appdata\local\freeciv-2.2.5-gtk2\freeciv-server.exe | 
"UDP Query User{B7DC0B55-F96E-4FBC-A99C-8EC461C136BC}F:\portableapps\freecivportable\app\freeciv\freeciv-server.exe" = protocol=17 | dir=in | app=f:\portableapps\freecivportable\app\freeciv\freeciv-server.exe | 
"UDP Query User{D0F3EF3C-FFA2-4E32-9518-94E08AE116D5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415CD877-0970-4CB6-B178-1E72F7DC60E7}" = MyScript HWR (German)
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{47E6A509-37B7-4440-A252-7031E9A898D7}" = SMART Notebook
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D067FE4-F477-437A-BB66-F013721E9EB4}" = jAlbum
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{58AEE3E0-8746-11DD-81B6-000AE67E2618}_is1" = grafstat4
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B455DA2A-531A-4456-BA1C-3534DD327EFE}" = CyberView X Multiple-Slides Scanner v1.18a
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CEE2613D-3B53-4447-BA2D-E88C08272581}" = LibreOffice 3.3
"{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}" = POV-Ray for Windows v3.62
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Toolbar" = AOL Toolbar 5.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Blender" = Blender (remove only)
"ClipGrab" = ClipGrab 2.0 Beta 2
"conduitEngine" = Conduit Engine 
"Derive 6" = Derive 6
"Designer 2.0_is1" = Designer 2.0
"Diercke Globus Online" = Diercke Globus Online
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DynaGeo_is1" = DynaGeo 3.1f
"ElsterFormular 11.5.1.4843" = ElsterFormular
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"FileZilla Client" = FileZilla Client 3.5.1
"Finale Reader" = Finale Reader 2011
"FKC22150706_is1" = fotokasten comfort
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.12" = Freecorder 4
"FreePDF_XP" = FreePDF (Remove only)
"GeoGebra" = GeoGebra
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hotpot_is1" = HotPotatoes v 6.3.0.4
"Hugin" = Hugin 2010.4.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Jahshaka" = Jahshaka
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Logic Fun 4.8" = Logic Fun 4.8
"Matrox VFW Software Codecs" = Matrox VFW Software Codecs, build 28 
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"MuseScore" = MuseScore 1.1 MuseScore score typesetter
"NVIDIA Drivers" = NVIDIA Drivers
"OpenLibraries" = OpenLibraries
"PDFtoMusic" = PDFtoMusic
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VIACAD_is1" = VIACAD
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Freeciv-2.2.5-gtk2" = Freeciv 2.2.5 (GTK+ client)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.07.2010 05:16:45 | Computer Name = Zerbinetta | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 17.07.2010 05:16:45 | Computer Name = Zerbinetta | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 17.07.2010 05:17:16 | Computer Name = Zerbinetta | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.07.2010 04:32:53 | Computer Name = Zerbinetta | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.07.2010 04:32:53 | Computer Name = Zerbinetta | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.07.2010 04:33:08 | Computer Name = Zerbinetta | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.07.2010 05:39:59 | Computer Name = Zerbinetta | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.07.2010 05:39:59 | Computer Name = Zerbinetta | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.07.2010 05:40:19 | Computer Name = Zerbinetta | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.07.2010 06:32:15 | Computer Name = Zerbinetta | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18928, Zeitstempel
 0x4bdfa327, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x8c00302e,  Prozess-ID 0x7d8, Anwendungsstartzeit
 01cb2663f1755db1.
 
[ OSession Events ]
Error - 08.02.2010 18:36:19 | Computer Name = Zerbinetta | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 21.09.2011 07:52:07 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 21.09.2011 08:32:47 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 21.09.2011 08:32:47 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 21.09.2011 08:32:47 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 21.09.2011 08:32:47 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 21.09.2011 08:32:47 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 21.09.2011 08:34:20 | Computer Name = Zerbinetta | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_30F4103C&REV_00\4&120488ab&0&01E4)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 21.09.2011 08:34:21 | Computer Name = Zerbinetta | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_30F4103C&REV_00\4&120488ab&0&02E4)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 21.09.2011 08:34:21 | Computer Name = Zerbinetta | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_30F4103C&REV_00\4&120488ab&0&03E4)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 21.09.2011 08:34:21 | Computer Name = Zerbinetta | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_30F4103C&REV_00\4&120488ab&0&04E4)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
 
< End of report >

Erster Scan von Gmer:

Code:

ATTFilter

 GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-13 19:01:39
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-60ZAT0 rev.01.01A01
Running: pnfcozef.exe; Driver: C:\Users\Doro\AppData\Local\Temp\pxdoikog.sys


---- System - GMER 1.0.15 ----

SSDT            8D2E1776                                                                                         ZwCreateSection
SSDT            8D2E177B                                                                                         ZwSetContextThread
SSDT            8D2E1717                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                    828B4998 4 Bytes  [76, 17, 2E, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                    828B4CF0 4 Bytes  [7B, 17, 2E, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                    828B4DA4 4 Bytes  [17, 17, 2E, 8D]
                C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl                                               entry point in "" section [0xA191341C]
.clc            C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl                                               unknown last code section [0xA1914000, 0x1000, 0xE0000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186b8b69c                      
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186b8b69c (not active ControlSet)  

---- EOF - GMER 1.0.15 ----

Zweiter Scan mit Gmer:

Code:

ATTFilter

 GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-21 12:53:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-60ZAT0 rev.01.01A01
Running: fxelug8e.exe; Driver: C:\Users\Doro\AppData\Local\Temp\pxdoikog.sys


---- System - GMER 1.0.15 ----

SSDT            8E2AF97E                                                                                         ZwCreateSection
SSDT            8E2AF983                                                                                         ZwSetContextThread
SSDT            8E2AF91F                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                    828EA998 4 Bytes  [7E, F9, 2A, 8E]
.text           ntkrnlpa.exe!KeSetEvent + 56E                                                                    828EACF1 3 Bytes  [F9, 2A, 8E]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                    828EADA4 4 Bytes  [1F, F9, 2A, 8E]
                C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl                                               entry point in "" section [0x80F1341C]
.clc            C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl                                               unknown last code section [0x80F14000, 0x1000, 0xE0000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186b8b69c                      
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186b8b69c (not active ControlSet)  

---- EOF - GMER 1.0.15 ----

Es wäre toll, wenn mit jemand helfen könnte!
Vielen Dank schon im Voraus,
Doro

cosinus · 21.09.2011, 15:07

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Führe danach auch bitte ESET aus, danach sehen wir weiter.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

n.

zerbinetta · 22.09.2011, 04:47

Vielen Dank für die schnelle Antwort.
Hier sind die Files:

Malwarebytes:

Code:

ATTFilter

 Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7763

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

21.09.2011 21:38:05
mbam-log-2011-09-21 (21-37-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 479584
Laufzeit: 1 Stunde(n), 58 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Doro\downloads\eac-0.99pb4.exe (Adware.Yabector) -> No action taken.

Und Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b89625f4c5ecb9438e0f806ba53770df
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-21 11:34:13
# local_time=2011-09-22 01:34:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 100 371054 64566060 75371 0
# compatibility_mode=5892 16776573 100 100 10711 154167446 0 0
# compatibility_mode=8192 67108863 100 0 333 333 0 0
# scanned=315891
# found=1
# cleaned=0
# scan_time=13334
C:\Users\Doro\Downloads\eac-0.99pb4.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I

Viele Grüße,
Doro

cosinus · 22.09.2011, 10:15

Zitat:

C:\Users\Doro\Downloads\eac-0.99pb4.exe

Was ist das und aus welcher Quelle stammt das?

zerbinetta · 22.09.2011, 14:51

Hallo Arne,

es ist die Installationsdatei von ExactAudioCopy (daher liegt sie im download-Ordner).
Ich bin mir ziemlich sicher, dass ich sie von heise.de habe. Das dürfte aber schon ziemlich lange her sein - und bis vor einem Monat hat mein Rechner eigentlich keine Zicken gemacht.
(Ich hatte eigentlich gedacht, dass ich bei heise nur Hinweise auf "saubere" Software bekomme - tja, war wohl ein bisschen naiv.)

Aber was ist mit diesem Auszug aus dem OTL-log?

Zitat:

[ System Events ]
Error - 21.09.2011 07:52:07 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error - 21.09.2011 08:32:47 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error - 21.09.2011 08:32:47 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error - 21.09.2011 08:32:47 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error - 21.09.2011 08:32:47 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error - 21.09.2011 08:32:47 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error - 21.09.2011 08:34:20 | Computer Name = Zerbinetta | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_30F4103C&REV_00\4&120488ab&0&01E4)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error - 21.09.2011 08:34:21 | Computer Name = Zerbinetta | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_30F4103C&REV_00\4&120488ab&0&02E4)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error - 21.09.2011 08:34:21 | Computer Name = Zerbinetta | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_30F4103C&REV_00\4&120488ab&0&03E4)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error - 21.09.2011 08:34:21 | Computer Name = Zerbinetta | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_30F4103C&REV_00\4&120488ab&0&04E4)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

< End of report >

Könnte da auch ein Hardwareproblem vorliegen?
Ich habe es auch schon mit Systemtests probiert (Ausführen>Speicherdiagnose) und einen Memorytest vom BIOS aus versucht, aber die waren alle unauffällig. Ich wüsste aber nicht, womit ich die USB-Anschlüsse teste.
Weißt Du einen Rat?
Vielen Dank,
Doro

zerbinetta · 22.09.2011, 14:57

Noch ein kleiner nachtrag zu EAC.
Ich habe das mal eben gegoogelt:

hxxp://www.hydrogenaudio.org/forums/index.php?showtopic=75166

Ich denke nicht, dass hier der Kern des Problems liegt...
Viele Grüße,
Doro

cosinus · 22.09.2011, 14:59

Wenn die Datei von heise ist ist das ok. ESET meckert auch nur, weil diese angeblich Adware enthält, kann sehr wahrscheinlich sein, dass dieser Installer auch eine Toolbat mitinstalliert. Also IMMER grundsätzlich jedes Programm BENUTZERDEFINIERT installieren um Müll/Toolbars abwählen zu können.

zerbinetta · 22.09.2011, 15:04

Mache ich eigentlich auch immer so. Ich kann diese Werbe-Toolbars nicht leiden und wähle sie bei der Installation immer ab.
Aus dem Link, den ich eben gepostet habe, geht ja auch hervor, dass die Scanner bereits die Installationsdatei beanstanden. Und die kann doch eigentlich keinen weiteren Ärger verursachen, solange ich nicht die Ebay- oder was auch immer-Toolbar mitinstallieren lasse, oder?
Sieht das System denn ansonsten sauber aus?
Warum läuft es so "unrund"?

cosinus · 22.09.2011, 15:09

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.wetteronline.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{484b7929-31c7-11de-b0b0-00235a31f89c}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{6a42a0bf-2113-11de-9e9c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6a42a0bf-2113-11de-9e9c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Einstiegsseite.exe
O33 - MountPoints2\{762141d1-b50b-11de-8572-00235a31f89c}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O33 - MountPoints2\{b857417f-6239-11df-b359-00235a31f89c}\Shell - "" = AutoRun
O33 - MountPoints2\{b857417f-6239-11df-b359-00235a31f89c}\Shell\AutoRun\command - "" = F:\Install.exe
O33 - MountPoints2\{bba60099-11c5-11df-9d27-00235a31f89c}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
@Alternate Data Stream - 670 bytes -> C:\Users\Doro\Documents\Training fürs Schülercoaching.eml:OECustomProperty
@Alternate Data Stream - 64 bytes -> C:\Users\Public\Documents\Israel-Sound.mp3:TOC.WMV
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

zerbinetta · 22.09.2011, 16:07

Hallo!
Leider ist OTL beim Fixen abgestürzt.
Und Windows zeigte mir nur noch den Desktophintergrund an, so dass ich schließlich den Rechner ausgemacht habe.
Nach dem Neustart erschien folgendes Logfile:

Code:

ATTFilter

 
Files\Folders moved on Reboot...
C:\Users\Doro\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 22.09.2011, 20:00

Probier den FIx bitte nochmal

zerbinetta · 22.09.2011, 21:14

Jetzt ging es:

Code:

ATTFilter

 All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre0.dll not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ not found.
File C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
File C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
File C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{484b7929-31c7-11de-b0b0-00235a31f89c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{484b7929-31c7-11de-b0b0-00235a31f89c}\ not found.
File F:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a42a0bf-2113-11de-9e9c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a42a0bf-2113-11de-9e9c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a42a0bf-2113-11de-9e9c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a42a0bf-2113-11de-9e9c-806e6f6e6963}\ not found.
File E:\Einstiegsseite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{762141d1-b50b-11de-8572-00235a31f89c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{762141d1-b50b-11de-8572-00235a31f89c}\ not found.
File F:\StartPortableApps.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b857417f-6239-11df-b359-00235a31f89c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b857417f-6239-11df-b359-00235a31f89c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b857417f-6239-11df-b359-00235a31f89c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b857417f-6239-11df-b359-00235a31f89c}\ not found.
File F:\Install.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bba60099-11c5-11df-9d27-00235a31f89c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bba60099-11c5-11df-9d27-00235a31f89c}\ not found.
File F:\StartPortableApps.exe not found.
ADS C:\Users\Doro\Documents\Training fürs Schülercoaching.eml:OECustomProperty deleted successfully.
Unable to delete ADS C:\Users\Public\Documents\Israel-Sound.mp3:TOC.WMV .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Doro
->Temp folder emptied: 50847 bytes
->Temporary Internet Files folder emptied: 37294 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45610679 bytes
->Flash cache emptied: 456 bytes
 
User: Public
 
User: Thomas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 144839908 bytes
->Java cache emptied: 12644500 bytes
->FireFox cache emptied: 274477217 bytes
->Flash cache emptied: 6812 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 296414573 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 738,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.29.1 log created on 09222011_220304

Files\Folders moved on Reboot...
C:\Users\Doro\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

Viele Grüße,
Doro

cosinus · 22.09.2011, 21:23

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

zerbinetta · 22.09.2011, 21:47

Hier ist es:

Code:

ATTFilter

 2011/09/22 22:39:10.0590 0280	TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/22 22:39:10.0608 0280	================================================================================
2011/09/22 22:39:10.0608 0280	SystemInfo:
2011/09/22 22:39:10.0608 0280	
2011/09/22 22:39:10.0608 0280	OS Version: 6.0.6002 ServicePack: 2.0
2011/09/22 22:39:10.0608 0280	Product type: Workstation
2011/09/22 22:39:10.0608 0280	ComputerName: ZERBINETTA
2011/09/22 22:39:10.0608 0280	UserName: Doro
2011/09/22 22:39:10.0608 0280	Windows directory: C:\Windows
2011/09/22 22:39:10.0608 0280	System windows directory: C:\Windows
2011/09/22 22:39:10.0608 0280	Processor architecture: Intel x86
2011/09/22 22:39:10.0608 0280	Number of processors: 2
2011/09/22 22:39:10.0608 0280	Page size: 0x1000
2011/09/22 22:39:10.0608 0280	Boot type: Normal boot
2011/09/22 22:39:10.0608 0280	================================================================================
2011/09/22 22:39:11.0724 0280	Initialize success
2011/09/22 22:39:17.0315 6080	================================================================================
2011/09/22 22:39:17.0315 6080	Scan started
2011/09/22 22:39:17.0315 6080	Mode: Manual; 
2011/09/22 22:39:17.0315 6080	================================================================================
2011/09/22 22:39:18.0202 6080	61883           (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
2011/09/22 22:39:18.0266 6080	Accelerometer   (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/09/22 22:39:18.0325 6080	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/22 22:39:18.0372 6080	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/09/22 22:39:18.0413 6080	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/09/22 22:39:18.0436 6080	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/09/22 22:39:18.0458 6080	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/09/22 22:39:18.0601 6080	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/22 22:39:18.0672 6080	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/09/22 22:39:18.0707 6080	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/22 22:39:18.0739 6080	aliide          (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
2011/09/22 22:39:18.0777 6080	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/09/22 22:39:18.0794 6080	amdide          (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
2011/09/22 22:39:18.0844 6080	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/09/22 22:39:18.0869 6080	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/09/22 22:39:18.0976 6080	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/09/22 22:39:19.0018 6080	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/09/22 22:39:19.0064 6080	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/22 22:39:19.0106 6080	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/09/22 22:39:19.0155 6080	Avc             (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
2011/09/22 22:39:19.0227 6080	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/09/22 22:39:19.0346 6080	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/09/22 22:39:19.0407 6080	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/09/22 22:39:19.0499 6080	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/22 22:39:19.0571 6080	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/09/22 22:39:19.0646 6080	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/22 22:39:19.0690 6080	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/22 22:39:19.0735 6080	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/22 22:39:19.0799 6080	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/22 22:39:19.0831 6080	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/22 22:39:19.0866 6080	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/22 22:39:19.0898 6080	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/22 22:39:20.0013 6080	BthEnum         (cce53afc28347cc18ea139972e5b5e5a) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/09/22 22:39:20.0076 6080	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/22 22:39:20.0115 6080	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/22 22:39:20.0166 6080	BTHPORT         (ac8a1689d5efc4d214201155a78d8f4b) C:\Windows\system32\Drivers\BTHport.sys
2011/09/22 22:39:20.0206 6080	BTHUSB          (288c1f74e3e2eed6c7b54eb3aac70856) C:\Windows\system32\Drivers\BTHUSB.sys
2011/09/22 22:39:20.0279 6080	BTKRNL          (f1829392f47e0b766f062ae2d1490b0e) C:\Windows\system32\DRIVERS\btkrnl.sys
2011/09/22 22:39:20.0389 6080	BTWUSB          (2241c5bf7bfdb8a501274f6837c6b10a) C:\Windows\system32\Drivers\btwusb.sys
2011/09/22 22:39:20.0448 6080	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/22 22:39:20.0500 6080	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/22 22:39:20.0551 6080	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/22 22:39:20.0607 6080	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/22 22:39:20.0689 6080	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/22 22:39:20.0712 6080	cmdide          (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
2011/09/22 22:39:20.0740 6080	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/22 22:39:20.0770 6080	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/09/22 22:39:20.0797 6080	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/09/22 22:39:20.0862 6080	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/22 22:39:20.0928 6080	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/22 22:39:21.0003 6080	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/22 22:39:21.0056 6080	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/22 22:39:21.0125 6080	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/22 22:39:21.0207 6080	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/22 22:39:21.0274 6080	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/09/22 22:39:21.0336 6080	enecir          (6c74035909b31f873d85b25e00beb984) C:\Windows\system32\DRIVERS\enecir.sys
2011/09/22 22:39:21.0381 6080	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/09/22 22:39:21.0461 6080	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/22 22:39:21.0515 6080	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/22 22:39:21.0571 6080	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/22 22:39:21.0644 6080	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/22 22:39:21.0670 6080	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/22 22:39:21.0697 6080	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/22 22:39:21.0875 6080	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/22 22:39:22.0017 6080	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/22 22:39:22.0055 6080	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/22 22:39:22.0114 6080	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/09/22 22:39:22.0167 6080	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/22 22:39:22.0209 6080	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/22 22:39:22.0260 6080	HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/22 22:39:22.0314 6080	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/22 22:39:22.0370 6080	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/09/22 22:39:22.0405 6080	hpdskflt        (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/09/22 22:39:22.0451 6080	HpqKbFiltr      (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/09/22 22:39:22.0542 6080	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/22 22:39:22.0577 6080	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/09/22 22:39:22.0624 6080	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/22 22:39:22.0652 6080	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/09/22 22:39:22.0697 6080	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/22 22:39:22.0741 6080	intelide        (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
2011/09/22 22:39:22.0794 6080	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/22 22:39:22.0832 6080	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/22 22:39:22.0905 6080	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/22 22:39:22.0950 6080	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/22 22:39:22.0979 6080	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/22 22:39:22.0998 6080	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/09/22 22:39:23.0044 6080	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/22 22:39:23.0067 6080	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/22 22:39:23.0098 6080	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/22 22:39:23.0158 6080	JMCR            (ed9103e5b70761ebc9809f4bd9673bb2) C:\Windows\system32\DRIVERS\jmcr.sys
2011/09/22 22:39:23.0178 6080	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/22 22:39:23.0252 6080	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/22 22:39:23.0302 6080	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/22 22:39:23.0372 6080	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/22 22:39:23.0421 6080	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/22 22:39:23.0443 6080	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/22 22:39:23.0505 6080	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/22 22:39:23.0524 6080	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/22 22:39:23.0640 6080	massfilter      (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
2011/09/22 22:39:23.0680 6080	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/09/22 22:39:23.0714 6080	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/09/22 22:39:23.0753 6080	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/22 22:39:23.0783 6080	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/22 22:39:23.0801 6080	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/22 22:39:23.0828 6080	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/22 22:39:23.0857 6080	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/22 22:39:23.0953 6080	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/09/22 22:39:24.0000 6080	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/22 22:39:24.0025 6080	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/22 22:39:24.0064 6080	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/22 22:39:24.0106 6080	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/22 22:39:24.0150 6080	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/22 22:39:24.0181 6080	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/22 22:39:24.0226 6080	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/09/22 22:39:24.0264 6080	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/09/22 22:39:24.0320 6080	MSDV            (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
2011/09/22 22:39:24.0338 6080	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/22 22:39:24.0378 6080	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/22 22:39:24.0424 6080	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/22 22:39:24.0453 6080	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/22 22:39:24.0504 6080	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/22 22:39:24.0549 6080	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/22 22:39:24.0579 6080	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/22 22:39:24.0609 6080	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/22 22:39:24.0638 6080	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/22 22:39:24.0693 6080	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/22 22:39:24.0801 6080	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/22 22:39:24.0835 6080	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/22 22:39:24.0861 6080	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/22 22:39:24.0918 6080	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/22 22:39:24.0945 6080	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/22 22:39:24.0966 6080	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/22 22:39:25.0011 6080	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/22 22:39:32.0762 6080	NETw3v32        (a7ecf273d471dfe2de833656e0f0d14a) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/09/22 22:39:37.0173 6080	Suspicious file (Forged): C:\Windows\system32\DRIVERS\NETw3v32.sys. Real md5: a7ecf273d471dfe2de833656e0f0d14a, Fake md5: 35d5458d9a1b26b2005abffbf4c1c5e7
2011/09/22 22:39:37.0188 6080	NETw3v32 - detected ForgedFile.Multi.Generic (1)
2011/09/22 22:39:44.0889 6080	NETw5v32        (28109c14c382983508388f792bd4b0e5) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/09/22 22:40:05.0980 6080	Suspicious file (Forged): C:\Windows\system32\DRIVERS\NETw5v32.sys. Real md5: 28109c14c382983508388f792bd4b0e5, Fake md5: 8de67bd902095a13329fd82c85a1fa09
2011/09/22 22:40:06.0005 6080	NETw5v32 - detected ForgedFile.Multi.Generic (1)
2011/09/22 22:40:06.0114 6080	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/22 22:40:06.0179 6080	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/22 22:40:06.0203 6080	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/22 22:40:06.0273 6080	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/22 22:40:06.0327 6080	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/22 22:40:06.0359 6080	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/22 22:40:06.0412 6080	NVHDA           (a103162c62c336c2cb3c5e1e2773d17b) C:\Windows\system32\drivers\nvhda32v.sys
2011/09/22 22:40:06.0671 6080	nvlddmkm        (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/22 22:40:06.0908 6080	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/09/22 22:40:06.0931 6080	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/09/22 22:40:06.0971 6080	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/09/22 22:40:07.0062 6080	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/22 22:40:07.0098 6080	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/22 22:40:07.0140 6080	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/22 22:40:07.0169 6080	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/22 22:40:07.0210 6080	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/22 22:40:07.0229 6080	pciide          (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
2011/09/22 22:40:07.0265 6080	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/09/22 22:40:07.0311 6080	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/22 22:40:07.0401 6080	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/22 22:40:07.0431 6080	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/09/22 22:40:07.0532 6080	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/22 22:40:07.0589 6080	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/09/22 22:40:07.0637 6080	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/22 22:40:07.0658 6080	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/22 22:40:07.0687 6080	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/22 22:40:07.0717 6080	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/22 22:40:07.0761 6080	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/22 22:40:07.0794 6080	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/22 22:40:07.0844 6080	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/22 22:40:07.0885 6080	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/22 22:40:07.0927 6080	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/09/22 22:40:07.0947 6080	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/22 22:40:08.0016 6080	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/22 22:40:08.0099 6080	RFCOMM          (23f486726da7a9b2f3ec7326421a9c36) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/22 22:40:08.0161 6080	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/22 22:40:08.0214 6080	RTL8169         (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/09/22 22:40:08.0251 6080	sbp2port        (37ca203f8ccf732cd272a27e55b268c4) C:\Windows\system32\drivers\sbp2port.sys
2011/09/22 22:40:08.0307 6080	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/09/22 22:40:08.0349 6080	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/22 22:40:08.0388 6080	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/22 22:40:08.0417 6080	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/22 22:40:08.0441 6080	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/22 22:40:08.0497 6080	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/09/22 22:40:08.0527 6080	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/22 22:40:08.0548 6080	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/22 22:40:08.0576 6080	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/22 22:40:08.0617 6080	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/09/22 22:40:08.0659 6080	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/09/22 22:40:08.0683 6080	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/09/22 22:40:08.0807 6080	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/22 22:40:08.0847 6080	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/22 22:40:08.0926 6080	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/22 22:40:08.0981 6080	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/22 22:40:09.0027 6080	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/22 22:40:09.0078 6080	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/09/22 22:40:09.0152 6080	STHDA           (e69a606872650b46de54ec15dcc93529) C:\Windows\system32\DRIVERS\stwrt.sys
2011/09/22 22:40:09.0221 6080	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/22 22:40:09.0253 6080	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/22 22:40:09.0278 6080	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/22 22:40:09.0295 6080	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/22 22:40:09.0403 6080	SynTP           (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/22 22:40:09.0511 6080	Tcpip           (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/09/22 22:40:09.0584 6080	Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/22 22:40:09.0624 6080	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/22 22:40:09.0692 6080	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/22 22:40:09.0806 6080	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/22 22:40:09.0842 6080	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/22 22:40:09.0892 6080	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/22 22:40:10.0045 6080	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/22 22:40:10.0096 6080	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/22 22:40:10.0130 6080	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/22 22:40:10.0205 6080	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/09/22 22:40:10.0248 6080	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/22 22:40:10.0311 6080	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/22 22:40:10.0343 6080	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/09/22 22:40:10.0364 6080	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/22 22:40:10.0387 6080	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/22 22:40:10.0407 6080	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/22 22:40:10.0456 6080	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/22 22:40:10.0499 6080	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/22 22:40:10.0555 6080	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/22 22:40:10.0604 6080	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/22 22:40:10.0651 6080	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/22 22:40:10.0699 6080	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/22 22:40:10.0763 6080	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/22 22:40:10.0818 6080	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/22 22:40:10.0854 6080	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/22 22:40:10.0959 6080	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/22 22:40:11.0085 6080	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/22 22:40:11.0110 6080	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/22 22:40:11.0143 6080	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/09/22 22:40:11.0171 6080	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/09/22 22:40:11.0203 6080	viaide          (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
2011/09/22 22:40:11.0223 6080	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/22 22:40:11.0269 6080	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/22 22:40:11.0314 6080	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/22 22:40:11.0348 6080	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/09/22 22:40:15.0103 6080	WacomPen        (8e992bd4f1607c6ea34edafc86ea50e3) C:\Windows\system32\drivers\wacompen.sys
2011/09/22 22:40:19.0042 6080	Suspicious file (Forged): C:\Windows\system32\drivers\wacompen.sys. Real md5: 8e992bd4f1607c6ea34edafc86ea50e3, Fake md5: 48dfee8f1af7c8235d4e626f0c4fe031
2011/09/22 22:40:19.0055 6080	WacomPen - detected ForgedFile.Multi.Generic (1)
2011/09/22 22:40:23.0131 6080	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/22 22:40:26.0981 6080	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/22 22:40:34.0705 6080	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/22 22:40:38.0326 6080	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/22 22:40:42.0363 6080	ZTEusbmdm6k     (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/09/22 22:40:47.0308 6080	ZTEusbser6k     (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/09/22 22:40:47.0407 6080	{55662437-DA8C-40c0-AADA-2C816A897A49} (bdfde977f5e88a539187aef24ded7c40) C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
2011/09/22 22:40:47.0488 6080	MBR (0x1B8)     (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
2011/09/22 22:40:47.0501 6080	Boot (0x1200)   (73c966c07d3a8ef2501722112b96742b) \Device\Harddisk0\DR0\Partition0
2011/09/22 22:40:47.0549 6080	Boot (0x1200)   (cb5d5da68c426154cc5411cee21d336a) \Device\Harddisk0\DR0\Partition1
2011/09/22 22:40:47.0555 6080	================================================================================
2011/09/22 22:40:47.0555 6080	Scan finished
2011/09/22 22:40:47.0555 6080	================================================================================
2011/09/22 22:40:47.0567 4092	Detected object count: 3
2011/09/22 22:40:47.0567 4092	Actual detected object count: 3
2011/09/22 22:41:17.0790 4092	ForgedFile.Multi.Generic(NETw3v32) - User select action: Skip 
2011/09/22 22:41:17.0798 4092	ForgedFile.Multi.Generic(NETw5v32) - User select action: Skip 
2011/09/22 22:41:17.0798 4092	ForgedFile.Multi.Generic(WacomPen) - User select action: Skip

Viele Grüße,
Doro

cosinus · 23.09.2011, 08:41

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

22.09.2011, 20:00	#11
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Langsamer PC, Systemabstürze, Fehlermeldungen (Windows Search Indexerstellung wurde geschlossen,u.a) Probier den FIx bitte nochmal __________________ Logfiles bitte immer in CODE-Tags posten

Langsamer PC, Systemabstürze, Fehlermeldungen (Windows Search Indexerstellung wurde geschlossen,u.a)

Log-Analyse und Auswertung: Langsamer PC, Systemabstürze, Fehlermeldungen (Windows Search Indexerstellung wurde geschlossen,u.a)