Windows - Delayed Write Failed

el tanito · 24.12.2011, 22:34

hallo!

ich habe das gleiche Problem wie "Tim!182" (06.11.2011), welches er so beschreibt:

"Ich habe seit gestern Abend einen Virus auf meinem Computer, der Desktop komplett schwarz gemacht, alle Ordner die auf dem Desktop waren versteckt oder entfernt hat und die auch die Dateien der Schnellstartleiste versteckt hat.
Wenn ich meinen Rechner starte kommt unzählige male diese Fehlermeldung

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\00004509. The file is corrupted or unreadable. This may be caused by a PC hardware problem.

Die Zahl hinter "\\System32\\" variiert bei den Fehlermeldungen immer.

Ordner lassen sich nicht oder nur langsam öffnen und dann werden sie meistens als Leer angezeigt.

bitte um Hilfe."

Hab zunächst Malwarebytes scannen lassen, der dann auch fündig wurde und diverse Trojaner gelöscht hat.

Seitdem sind die Fehlermeldungen weg,
der Desktop ist jedoch immer noch schwarz (leer) und die Daten sind auch nicht wieder aufgetaucht.

Hier der OTL-Log:

OTL logfile created on: 24.12.2011 22:26:57 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = c:\Users\HP\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 48,96% Memory free
6,17 Gb Paging File | 4,11 Gb Available in Paging File | 66,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,38 Gb Total Space | 104,99 Gb Free Space | 47,43% Space Free | Partition Type: NTFS
Drive D: | 11,51 Gb Total Space | 10,87 Gb Free Space | 94,52% Space Free | Partition Type: NTFS
Drive F: | 243,88 Mb Total Space | 210,03 Mb Free Space | 86,12% Space Free | Partition Type: FAT

Computer Name: PHILIPP | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.12.24 15:48:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- c:\Users\HP\Downloads\OTL.exe
PRC - [2011.12.09 01:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.12.01 13:34:46 | 001,469,248 | ---- | M] (Piriform Ltd) -- C:\Program Files\Recuva\Recuva.exe
PRC - [2011.11.26 16:22:32 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.11.22 21:47:50 | 000,610,304 | -H-- | M] (naveta) -- C:\Users\HP\AppData\Local\qcvgbmw.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.05.20 15:56:18 | 000,724,536 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2011.03.31 15:48:36 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011.03.31 13:43:48 | 000,156,672 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2011.03.31 13:32:14 | 000,134,144 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2011.03.21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.03.21 12:21:24 | 000,632,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011.03.21 12:19:36 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2011.02.09 15:55:43 | 000,132,624 | ---- | M] (PolderbitS Software) -- C:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_de.exe
PRC - [2009.07.01 17:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.26 17:02:50 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008.10.26 17:02:48 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008.07.18 08:50:06 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008.03.13 19:09:10 | 002,060,288 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2008.03.13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2007.11.05 16:21:48 | 000,431,104 | -H-- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\EPG Services\System\EPGService.exe
PRC - [2007.10.26 16:56:05 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.09.15 09:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007.08.01 02:26:54 | 000,675,840 | -H-- | M] (Hauppauge Inc.) -- C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
PRC - [2007.05.16 14:17:06 | 000,978,944 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2007.03.29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2006.11.02 10:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2005.01.14 15:32:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe
PRC - [2004.05.27 17:50:30 | 000,286,720 | ---- | M] () -- C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe

========== Modules (No Company Name) ==========

MOD - [2011.12.24 20:47:19 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011.12.24 20:47:18 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011.12.24 16:44:57 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011.12.24 16:44:57 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011.11.26 16:22:31 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.05.20 15:54:16 | 010,837,504 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtWebKit4.dll
MOD - [2011.05.20 15:54:16 | 008,166,912 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtGui4.dll
MOD - [2011.05.20 15:54:16 | 002,551,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll
MOD - [2011.05.20 15:54:16 | 002,282,496 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtCore4.dll
MOD - [2011.05.20 15:54:16 | 002,246,656 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtDeclarative4.dll
MOD - [2011.05.20 15:54:16 | 001,288,192 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtScript4.dll
MOD - [2011.05.20 15:54:16 | 000,913,920 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtNetwork4.dll
MOD - [2011.05.20 15:54:16 | 000,676,864 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtOpenGL4.dll
MOD - [2011.05.20 15:54:16 | 000,340,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtXml4.dll
MOD - [2011.05.20 15:54:16 | 000,266,752 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\phonon4.dll
MOD - [2011.05.20 15:54:16 | 000,196,608 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll
MOD - [2011.05.20 15:54:16 | 000,190,464 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtSql4.dll
MOD - [2011.05.20 15:54:16 | 000,026,624 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll
MOD - [2011.05.20 15:30:06 | 000,508,416 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll
MOD - [2011.05.20 15:30:04 | 000,109,568 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll
MOD - [2011.05.20 15:29:34 | 000,924,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\Maps Service API.dll
MOD - [2011.05.20 15:29:18 | 000,422,800 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\ssoengine.dll
MOD - [2011.05.20 15:29:18 | 000,387,976 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\OviShareLib.dll
MOD - [2011.05.20 15:29:18 | 000,060,816 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\securestorage.dll
MOD - [2011.05.20 15:28:18 | 000,687,616 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll
MOD - [2011.03.21 22:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.02.15 12:25:29 | 006,053,536 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009.10.15 13:25:05 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\22e348e7fee20fcb2013d3dfe016ae8e\System.Management.ni.dll
MOD - [2009.10.15 13:25:04 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ae77b2b91367f11d340cf3bf2428af59\System.ServiceProcess.ni.dll
MOD - [2009.10.15 13:24:58 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ae383808b3f5ee9287358378f9a2cad3\System.EnterpriseServices.ni.dll
MOD - [2009.10.15 13:24:58 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ae383808b3f5ee9287358378f9a2cad3\System.EnterpriseServices.Wrapper.dll
MOD - [2009.10.15 13:24:57 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b98385fbfc00adacf4fd7896ba064032\System.Transactions.ni.dll
MOD - [2009.10.15 13:24:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll
MOD - [2009.10.15 13:24:38 | 000,676,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\a0fa9d672445167efeefa37ebc1fbf23\System.Security.ni.dll
MOD - [2009.10.15 13:24:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll
MOD - [2009.10.15 13:23:15 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll
MOD - [2009.10.15 13:22:55 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll
MOD - [2009.10.15 13:22:45 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll
MOD - [2009.10.15 13:22:30 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\813556b5a2722045b0ea14467fd00227\System.Data.ni.dll
MOD - [2009.10.15 13:22:16 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a122c56b60812fb5cbc2e941d4875a87\PresentationFramework.Aero.ni.dll
MOD - [2009.10.15 13:22:14 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\29eb51a21ce62ed759b162307bd65e32\PresentationFramework.ni.dll
MOD - [2009.10.15 13:21:47 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\dc8dccca85718096c895b74094e09e5a\PresentationCore.ni.dll
MOD - [2009.10.15 13:21:31 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c049bc39cb33f7459936a689484285d6\WindowsBase.ni.dll
MOD - [2009.10.15 13:21:26 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll
MOD - [2009.10.15 13:20:56 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll
MOD - [2009.07.01 17:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2008.07.27 19:19:30 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2008.07.27 19:00:27 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008.07.27 19:00:26 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008.07.27 19:00:17 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2008.07.27 19:00:17 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.07.01 00:03:50 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2007.10.01 15:11:02 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2007.10.01 15:11:00 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2007.10.01 15:10:50 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2007.10.01 15:10:28 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2007.10.01 15:10:20 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2007.10.01 15:10:20 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2007.10.01 15:10:20 | 000,006,144 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2007.09.30 19:34:52 | 000,345,384 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007.09.30 19:34:42 | 000,255,384 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007.09.30 19:34:42 | 000,120,208 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007.09.30 19:34:42 | 000,038,184 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007.09.30 19:33:32 | 000,066,856 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007.08.14 15:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2006.11.02 10:46:09 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2005.07.20 10:48:10 | 000,059,904 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\zlib1.dll
MOD - [2004.05.27 17:51:12 | 000,028,672 | ---- | M] () -- C:\Program Files\TCM\TCM Mouse Only\MouseHook.dll
MOD - [2004.05.27 17:50:30 | 000,286,720 | ---- | M] () -- C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe

========== Win32 Services (SafeList) ==========

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.03.21 12:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.08.24 13:47:07 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008.10.26 17:02:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008.10.26 17:02:48 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008.03.13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2007.11.07 09:28:34 | 000,815,104 | -H-- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)
SRV - [2007.11.05 16:21:48 | 000,431,104 | -H-- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\EPG Services\System\EPGService.exe -- (EPGService)
SRV - [2007.10.26 16:56:05 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2005.01.14 15:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator)

========== Driver Services (SafeList) ==========

DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.02.16 21:36:37 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011.02.09 15:55:43 | 000,103,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pbsaudrv.sys -- (PbsAuDrv)
DRV - [2010.12.02 14:13:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.12.02 14:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.12.02 14:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.12.02 14:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.12.01 20:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009.05.27 18:42:03 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.05.27 18:41:56 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009.05.27 18:41:53 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.17 15:05:32 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.10.25 09:52:00 | 000,015,488 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2007.10.25 09:47:44 | 000,487,424 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2007.10.15 16:27:10 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007.10.15 16:27:10 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007.10.10 00:57:52 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.09.19 21:05:00 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.09.09 23:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007.07.11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007.07.10 15:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.05.30 15:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.03.21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.07 03:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.16 22:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005.10.18 17:48:38 | 000,154,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*hxxp://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*hxxp://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*hxxp://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = hxxp://us.rd.yahoo.com/customize/ie/defaults/cs/ymj/*hxxp://www.yahoo.com/ext/search/search.html
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*hxxp://www.yahoo.com/ext/search/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*hxxp://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\HP\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.11.19 15:00:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.03 21:45:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.03 21:45:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.26 16:22:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.26 16:11:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.06.29 16:35:50 | 000,000,000 | ---D | M]

[2008.11.04 17:15:55 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Extensions
[2011.05.14 13:56:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\12slu5zy.default\extensions
[2010.07.28 20:00:32 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\12slu5zy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.22 15:31:45 | 000,000,000 | -H-D | M] (vShare) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\12slu5zy.default\extensions\vshare@toolbar
[2011.12.22 15:07:09 | 000,000,950 | -H-- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\12slu5zy.default\searchplugins\icqplugin-4.xml
[2011.05.09 21:13:19 | 000,000,950 | -H-- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\12slu5zy.default\searchplugins\icqplugin-5.xml
[2011.05.14 14:10:42 | 000,000,950 | -H-- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\12slu5zy.default\searchplugins\icqplugin-6.xml
[2010.06.21 16:35:24 | 000,001,042 | -H-- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\12slu5zy.default\searchplugins\icqplugin.xml
[2011.11.26 16:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.18 16:25:42 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.31 09:28:45 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.11.26 16:11:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.26 16:22:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.23 10:52:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.23 10:52:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.23 10:52:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.23 10:52:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.23 10:52:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.23 10:52:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EPGServiceTool] C:\Program Files\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WireLessMouse] C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe ()
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKCU..\Run: [qcvgbmw] c:\users\hp\appdata\local\qcvgbmw.exe (naveta)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DFA8138-F1C7-4989-8DE2-F5FF3480A373}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5BE34DE-D2A4-4F67-8E7C-1288CBBD7811}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\HP\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\HP\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{1000d979-d14d-11dd-b6d1-001e68219f6a}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{1000d979-d14d-11dd-b6d1-001e68219f6a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
O33 - MountPoints2\{38f5bd0c-f991-11e0-b78e-001e68219f6a}\Shell - "" = AutoRun
O33 - MountPoints2\{38f5bd0c-f991-11e0-b78e-001e68219f6a}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{3c97661f-105f-11e1-af5f-001e68219f6a}\Shell - "" = AutoRun
O33 - MountPoints2\{3c97661f-105f-11e1-af5f-001e68219f6a}\Shell\AutoRun\command - "" = G:\Install.exe
O33 - MountPoints2\{432f41a5-19d6-11dd-a43d-001e68219f6a}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{432f41a5-19d6-11dd-a43d-001e68219f6a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
O33 - MountPoints2\{52661f45-fd62-11e0-a07a-001e68219f6a}\Shell - "" = AutoRun
O33 - MountPoints2\{52661f45-fd62-11e0-a07a-001e68219f6a}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{52661f56-fd62-11e0-a07a-001e68219f6a}\Shell - "" = AutoRun
O33 - MountPoints2\{52661f56-fd62-11e0-a07a-001e68219f6a}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{7df0be80-fa75-11e0-bea6-001e68219f6a}\Shell - "" = AutoRun
O33 - MountPoints2\{7df0be80-fa75-11e0-bea6-001e68219f6a}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{7df0be82-fa75-11e0-bea6-001e68219f6a}\Shell - "" = AutoRun
O33 - MountPoints2\{7df0be82-fa75-11e0-bea6-001e68219f6a}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{8d833d62-2333-11e1-ac2b-001e68219f6a}\Shell\AutoRun\command - "" = G:\CD_Start.exe
O33 - MountPoints2\{b157e39a-0c0c-11de-984d-001e68219f6a}\Shell - "" = AutoRun
O33 - MountPoints2\{b157e39a-0c0c-11de-984d-001e68219f6a}\Shell\AutoRun\command - "" = G:\starter.exe
O33 - MountPoints2\{b8ddcda9-0d67-11e1-a076-001e68219f6a}\Shell - "" = AutoRun
O33 - MountPoints2\{b8ddcda9-0d67-11e1-a076-001e68219f6a}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{b8ddcdbd-0d67-11e1-a076-001e68219f6a}\Shell - "" = AutoRun
O33 - MountPoints2\{b8ddcdbd-0d67-11e1-a076-001e68219f6a}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{da57a157-f819-11e0-9d2b-001e68219f6a}\Shell - "" = AutoRun
O33 - MountPoints2\{da57a157-f819-11e0-9d2b-001e68219f6a}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.12.24 21:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2011.12.24 21:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011.12.24 21:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2011.12.24 21:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011.12.24 16:44:21 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.24 16:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.24 16:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.24 16:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.24 16:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.24 16:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.24 15:16:54 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Malwarebytes
[2011.12.24 15:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.24 15:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.24 15:16:22 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.24 15:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.22 19:18:18 | 000,000,000 | -H-D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011.12.15 21:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.12.15 21:46:14 | 000,000,000 | -H-D | C] -- C:\Users\HP\AppData\Local\Google
[2011.12.10 14:42:36 | 000,000,000 | -H-D | C] -- C:\Users\HP\Desktop\mathe.lös
[2011.12.10 14:21:25 | 000,000,000 | -H-D | C] -- C:\Users\HP\Desktop\Bücher
[2011.11.26 16:11:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Sun
[2011.11.26 16:11:04 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.11.26 16:11:04 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.11.26 16:11:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.11.26 16:11:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.11.22 21:47:50 | 000,610,304 | -H-- | C] (naveta) -- C:\Users\HP\AppData\Local\qcvgbmw.exe
[1 C:\Users\HP\*.tmp files -> C:\Users\HP\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.12.24 22:30:19 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2D9B18CA-EA43-40DE-ADBB-FB4E44C8C341}.job
[2011.12.24 21:51:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.24 21:51:00 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.24 21:45:58 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.24 21:45:58 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.24 20:52:04 | 000,665,064 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.24 20:52:04 | 000,623,162 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.24 20:52:04 | 000,125,030 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.24 20:52:04 | 000,111,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.24 20:46:58 | 000,000,163 | -H-- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011.12.24 20:46:29 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011.12.24 20:45:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.24 20:45:49 | 3220,160,512 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.24 18:39:08 | 000,414,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.24 16:43:46 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.24 15:16:27 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.24 15:12:38 | 000,000,320 | ---- | M] () -- C:\ProgramData\~Rv3O9okRPlT5Qq
[2011.12.24 15:12:38 | 000,000,224 | ---- | M] () -- C:\ProgramData\~Rv3O9okRPlT5Qqr
[2011.12.22 19:27:27 | 000,005,040 | -H-- | M] () -- C:\Users\HP\AppData\Local\qcvgbmw_navps.dat
[2011.12.22 19:27:09 | 000,003,594 | -H-- | M] () -- C:\Users\HP\AppData\Local\qcvgbmw.dat
[2011.12.22 19:19:25 | 000,000,440 | -H-- | M] () -- C:\ProgramData\Rv3O9okRPlT5Qq
[2011.12.22 19:18:18 | 000,000,636 | -H-- | M] () -- C:\Users\HP\Desktop\System Fix.lnk
[2011.12.22 19:15:24 | 000,000,087 | -H-- | M] () -- C:\Users\HP\AppData\Local\wkoag.bat
[2011.12.22 19:14:50 | 000,186,610 | -H-- | M] () -- C:\Users\HP\AppData\Roaming\nvModes.001
[2011.12.20 21:15:06 | 000,007,592 | -H-- | M] () -- C:\Users\HP\AppData\Local\d3d9caps.dat
[2011.12.16 18:46:04 | 000,000,310 | -H-- | M] () -- C:\Windows\tasks\HPCeeScheduleForHP.job
[2011.12.14 21:16:58 | 000,016,325 | -H-- | M] () -- C:\Users\HP\Desktop\plan_a_mb_2009.pdf
[2011.12.14 19:39:03 | 000,000,085 | ---- | M] () -- C:\Windows\System32\std.out
[2011.12.14 19:37:48 | 000,000,739 | -H-- | M] () -- C:\Users\HP\Desktop\proe_borrow - Verknüpfung.lnk
[2011.12.10 16:45:00 | 000,024,576 | -H-- | M] () -- C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.09 22:15:21 | 000,243,738 | -H-- | M] () -- C:\Users\HP\AppData\Local\qcvgbmw_nav.dat
[2011.11.29 17:58:57 | 001,221,435 | -H-- | M] () -- C:\Users\HP\Desktop\fertigungstechnik.pdf
[2011.11.27 10:57:47 | 000,001,724 | -H-- | M] () -- C:\Users\HP\Documents\Default.rdp
[2011.11.26 18:43:14 | 000,186,610 | -H-- | M] () -- C:\Users\HP\AppData\Roaming\nvModes.dat
[1 C:\Users\HP\*.tmp files -> C:\Users\HP\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.12.24 16:43:46 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.24 15:16:27 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.24 15:12:38 | 000,000,320 | ---- | C] () -- C:\ProgramData\~Rv3O9okRPlT5Qq
[2011.12.24 15:12:38 | 000,000,224 | ---- | C] () -- C:\ProgramData\~Rv3O9okRPlT5Qqr
[2011.12.22 19:18:18 | 000,000,636 | -H-- | C] () -- C:\Users\HP\Desktop\System Fix.lnk
[2011.12.22 19:18:14 | 000,000,440 | -H-- | C] () -- C:\ProgramData\Rv3O9okRPlT5Qq
[2011.12.15 21:46:31 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.15 21:46:30 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.14 21:16:58 | 000,016,325 | -H-- | C] () -- C:\Users\HP\Desktop\plan_a_mb_2009.pdf
[2011.12.14 19:37:48 | 000,000,739 | -H-- | C] () -- C:\Users\HP\Desktop\proe_borrow - Verknüpfung.lnk
[2011.12.01 15:30:47 | 000,000,085 | ---- | C] () -- C:\Windows\System32\std.out
[2011.11.29 17:58:57 | 001,221,435 | -H-- | C] () -- C:\Users\HP\Desktop\fertigungstechnik.pdf
[2011.11.22 21:47:51 | 000,005,040 | -H-- | C] () -- C:\Users\HP\AppData\Local\qcvgbmw_navps.dat
[2011.11.22 21:47:50 | 000,243,738 | -H-- | C] () -- C:\Users\HP\AppData\Local\qcvgbmw_nav.dat
[2011.11.22 21:47:50 | 000,003,594 | -H-- | C] () -- C:\Users\HP\AppData\Local\qcvgbmw.dat
[2011.10.27 19:52:58 | 000,057,344 | ---- | C] () -- C:\Windows\System32\mupkernps11.dll
[2011.02.22 17:13:00 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.02.09 15:57:32 | 000,000,024 | ---- | C] () -- C:\Windows\System32\Drv32_16.ini
[2011.02.09 15:55:43 | 000,103,824 | ---- | C] () -- C:\Windows\System32\drivers\pbsaudrv.sys
[2010.04.13 20:39:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.03.29 17:40:36 | 000,009,310 | -H-- | C] () -- C:\Users\HP\AppData\Roaming\Kommagetrennte Werte (Windows).EML
[2010.03.29 17:39:44 | 000,038,417 | -H-- | C] () -- C:\Users\HP\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010.01.28 22:40:33 | 000,000,552 | -H-- | C] () -- C:\Users\HP\AppData\Local\d3d8caps.dat
[2009.11.19 21:50:01 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.11.11 16:43:46 | 000,041,401 | -H-- | C] () -- C:\Users\HP\AppData\Roaming\NMM-MetaData.db
[2009.10.16 12:38:52 | 000,000,087 | -H-- | C] () -- C:\Users\HP\AppData\Local\wkoag.bat
[2009.03.31 21:12:21 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PAStiSvc.exe
[2009.03.25 14:26:20 | 000,298,997 | -H-- | C] () -- C:\Users\HP\AppData\Local\aamawuu_nav.dat
[2009.03.25 14:26:20 | 000,002,934 | -H-- | C] () -- C:\Users\HP\AppData\Local\aamawuu.dat
[2009.03.25 14:26:20 | 000,000,536 | -H-- | C] () -- C:\Users\HP\AppData\Local\aamawuu_navps.dat
[2009.02.18 16:47:49 | 000,277,318 | -H-- | C] () -- C:\Users\HP\AppData\Local\gsgwm_nav.dat
[2009.02.18 16:47:49 | 000,003,396 | -H-- | C] () -- C:\Users\HP\AppData\Local\gsgwm.dat
[2009.02.18 16:47:49 | 000,000,321 | -H-- | C] () -- C:\Users\HP\AppData\Local\gsgwm_navps.dat
[2009.01.21 20:09:29 | 000,000,087 | -H-- | C] () -- C:\Users\HP\AppData\Local\kwowise.bat
[2008.11.14 22:18:59 | 000,000,085 | -H-- | C] () -- C:\Users\HP\AppData\Local\yqcasyg.bat
[2008.10.16 20:24:34 | 000,007,592 | -H-- | C] () -- C:\Users\HP\AppData\Local\d3d9caps.dat
[2008.09.18 18:01:55 | 000,000,088 | -H-- | C] () -- C:\Users\HP\AppData\Local\cgmans.bat
[2008.07.09 13:29:42 | 001,005,774 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008.06.08 15:03:56 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini
[2008.06.08 15:03:48 | 000,000,030 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2008.06.08 15:03:42 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2008.06.08 15:03:03 | 000,032,133 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.06.08 15:02:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2008.06.08 15:01:30 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.06.08 15:01:30 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.06.08 15:01:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll
[2008.06.08 14:59:03 | 000,006,218 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2008.05.05 16:33:19 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini
[2008.05.04 14:00:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.04.05 14:34:42 | 000,024,576 | -H-- | C] () -- C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.20 20:21:40 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.13 07:42:18 | 000,186,610 | -H-- | C] () -- C:\Users\HP\AppData\Roaming\nvModes.001
[2008.03.11 17:21:27 | 000,186,610 | -H-- | C] () -- C:\Users\HP\AppData\Roaming\nvModes.dat
[2008.03.07 16:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.03.07 12:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2008.02.28 14:47:38 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.02.28 14:43:34 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007.10.27 02:09:32 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.10.27 02:09:31 | 000,665,064 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.10.27 02:09:31 | 000,125,030 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.10.27 02:09:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,414,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,623,162 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,111,816 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.03.09 23:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002.03.04 09:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll

========== LOP Check ==========

[2011.12.24 20:44:55 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.24 22:30:19 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2D9B18CA-EA43-40DE-ADBB-FB4E44C8C341}.job

========== Purity Check ==========

< End of report >

el tanito · 25.12.2011, 10:33

Um meine Problematik noch genauer zu beschreiben:

Mir geht's in erster Linie um die Daten, die noch auf der Festplatte sind.
Ich hatte eh vor, ein neues Betriebssystem aufzusetzen (Win7), sodass ich vorher noch alles plattmachen würde.

ich häng' noch das malwarebytes-Log an:

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 911122403

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

24.12.2011 15:31:23
mbam-log-2011-12-24 (15-30-54).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 173353
Laufzeit: 12 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 2
Infizierte Dateien: 5

Infizierte Speicherprozesse:
c:\programdata\sbqdkhtcpjbcha.exe (Trojan.FakeAlert) -> 2104 -> No action taken.
c:\programdata\rv3o9okrplt5qq.exe (Trojan.FakeAlert) -> 2752 -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sBqDkHtcpJbcHA.exe (Trojan.FakeAlert) -> Value: sBqDkHtcpJbcHA.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MuXTvpYRmxcx.exe (Rogue.Agent) -> Value: MuXTvpYRmxcx.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9Y7Y1ZUJYF7XWVXDKRAHVD (Trojan.SpyEyes) -> Value: 9Y7Y1ZUJYF7XWVXDKRAHVD -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2D9A2XYD5V6VZHWEFTHSLPRAHUZCP (Trojan.SpyEyes) -> Value: 2D9A2XYD5V6VZHWEFTHSLPRAHUZCP -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> No action taken.
c:\sifgayiguha (Trojan.SpyEyes) -> No action taken.

Infizierte Dateien:
c:\programdata\sbqdkhtcpjbcha.exe (Trojan.FakeAlert) -> No action taken.
c:\programdata\rv3o9okrplt5qq.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\HP\AppData\Local\Temp\mzjdb91gphag4f.exe.tmp (Trojan.FakeAlert) -> No action taken.
c:\Recycle.Bin\6bf2f2ee2d8462d (Trojan.Spyeyes) -> No action taken.
c:\sifgayiguha\296403ff2d8462d (Trojan.SpyEyes) -> No action taken.

markusg · 25.12.2011, 16:15

hi, das system muss eh neu gemacht werden und sämmtliche passwörter müssen geendert werden, du hast den spyeye auf dem pc.
da bist du auch selbst schuld, das system ist schlecht gepflegt, keine updates, zb.
du machst es damit kriminellen sehr leicht dein system zu missbrauchen. ich würde dir, wenn du das möchtest, helfen das neue system dann abzusichern.
scanne noch mal mit malwarebytes, vollständiger scan, funde löschen log posten.
dann:
lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar

Windows - Delayed Write Failed

Log-Analyse und Auswertung: Windows - Delayed Write Failed