A sorry, hab ich übersehen. Ja mach mit OTL weiter

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 27.01.2012 21:48:26 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\saliha\Desktop
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,18 Mb Total Physical Memory | 382,31 Mb Available Physical Memory | 37,70% Memory free
1,99 Gb Paging File | 1,10 Gb Available in Paging File | 55,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 191,78 Gb Total Space | 160,25 Gb Free Space | 83,56% Space Free | Partition Type: NTFS
Drive D: | 37,99 Gb Total Space | 26,11 Gb Free Space | 68,71% Space Free | Partition Type: NTFS
 
Computer Name: SALIHA-PC | User Name: saliha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{13709A29-963F-4C88-866F-132B12ABA40A}" = AM Usb Card Reader Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN and Bluetooth Client Installation Program
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{5A627DFB-EA4C-4FFA-B711-69E849FB40D8}" = Hotkey
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ACC4CD3-4BE8-4508-9C26-1DCE3EA867C8}" = AmbionWizard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{81E1EABC-5496-4BC1-8F3F-5914939B28C6}" = Fresco Logic USB3.0 Host Controller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AmUStor" = AM Usb Card Reader Driver
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"Avira AntiVir Desktop" = Avira Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ST6UNST #1" = Instant-On Utilities v1.2
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.01.2012 12:06:12 | Computer Name = saliha-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "MSDTC Bridge 4.0.0.0" (MSDTC Bridge 4.0.0.0). Der Fehlercode ist das
 erste DWORD im Datenbereich.
 
Error - 27.01.2012 12:07:17 | Computer Name = saliha-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 27.01.2012 12:07:40 | Computer Name = saliha-PC | Source = MsiInstaller | ID = 1023
Description = 
 
Error - 27.01.2012 15:23:09 | Computer Name = saliha-PC | Source = Avira AntiVir | ID = 4109
Description = 
 
Error - 27.01.2012 15:23:09 | Computer Name = saliha-PC | Source = Avira AntiVir | ID = 4117
Description = 
 
Error - 27.01.2012 15:28:52 | Computer Name = saliha-PC | Source = Avira AntiVir | ID = 4109
Description = 
 
Error - 27.01.2012 15:28:52 | Computer Name = saliha-PC | Source = Avira AntiVir | ID = 4117
Description = 
 
Error - 27.01.2012 15:29:26 | Computer Name = saliha-PC | Source = Avira AntiVir | ID = 4109
Description = 
 
Error - 27.01.2012 15:29:26 | Computer Name = saliha-PC | Source = Avira AntiVir | ID = 4117
Description = 
 
Error - 27.01.2012 16:48:07 | Computer Name = saliha-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.31.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1538    Startzeit:
 01ccdd34af92b8e2    Endzeit: 62    Anwendungspfad: C:\Users\saliha\Desktop\OTL.exe    Berichts-ID:
 2dd2f893-4928-11e1-beae-485d6022d021  
 
[ System Events ]
Error - 26.01.2012 14:32:10 | Computer Name = saliha-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
Error - 26.01.2012 14:48:07 | Computer Name = saliha-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 26.01.2012 14:50:37 | Computer Name = saliha-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
Error - 27.01.2012 11:59:53 | Computer Name = saliha-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 27.01.2012 12:02:23 | Computer Name = saliha-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
Error - 27.01.2012 12:08:09 | Computer Name = saliha-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
 2008 x86 (KB2656351)
 
Error - 27.01.2012 15:38:15 | Computer Name = saliha-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 27.01.2012 15:40:46 | Computer Name = saliha-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
Error - 27.01.2012 16:14:32 | Computer Name = saliha-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 27.01.2012 16:17:02 | Computer Name = saliha-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
 
< End of report >
         

--- --- ---
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 27.01.2012 21:48:26 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\saliha\Desktop
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,18 Mb Total Physical Memory | 382,31 Mb Available Physical Memory | 37,70% Memory free
1,99 Gb Paging File | 1,10 Gb Available in Paging File | 55,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 191,78 Gb Total Space | 160,25 Gb Free Space | 83,56% Space Free | Partition Type: NTFS
Drive D: | 37,99 Gb Total Space | 26,11 Gb Free Space | 68,71% Space Free | Partition Type: NTFS
 
Computer Name: SALIHA-PC | User Name: saliha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.24 23:37:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\saliha\Desktop\OTL.exe
PRC - [2011.12.15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.11.05 05:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.08.23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.07.16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.13 15:03:34 | 004,283,256 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2011.05.13 13:49:42 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe
PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.25 20:28:50 | 000,486,560 | ---- | M] (Atheros Communications) -- C:\Programme\Atheros\Bluetooth Suite\BtvStack.exe
PRC - [2010.11.25 20:28:44 | 000,302,240 | ---- | M] (Atheros Commnucations) -- C:\Programme\Atheros\Bluetooth Suite\AthBtTray.exe
PRC - [2010.11.25 20:28:42 | 000,056,480 | ---- | M] (Atheros Commnucations) -- C:\Programme\Atheros\Bluetooth Suite\AdminService.exe
PRC - [2010.11.19 16:25:40 | 000,033,792 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Programme\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
PRC - [2010.10.20 14:23:26 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2010.09.14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.09.09 17:45:12 | 003,704,320 | ---- | M] (Sentelic Corporation) -- C:\Programme\FSP\FspUip.exe
PRC - [2010.05.24 15:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Programme\Atheros\Ath_CoexAgent.exe
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.09.09 17:44:02 | 000,066,048 | ---- | M] () -- C:\Programme\FSP\FspLib.dll
MOD - [2010.09.09 17:43:54 | 000,044,544 | ---- | M] () -- C:\Programme\FSP\KbdHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.11.25 20:28:42 | 000,056,480 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Programme\Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010.09.14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.05.24 15:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Programme\Atheros\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.25 20:29:00 | 000,239,776 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2010.11.25 20:29:00 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\btath_rcp.sys -- (BTATH_RCP)
DRV - [2010.11.25 20:28:58 | 000,258,720 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2010.11.25 20:28:58 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2010.11.25 20:28:58 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2010.11.25 20:28:58 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2010.11.25 20:28:58 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\btath_bus.sys -- (BTATH_BUS)
DRV - [2010.11.25 20:28:56 | 000,043,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\AthDfu.sys -- (ATHDFU)
DRV - [2010.11.19 16:25:40 | 000,174,080 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV - [2010.11.19 16:25:40 | 000,038,400 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
DRV - [2010.10.28 20:07:44 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd)
DRV - [2010.09.14 04:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010.09.14 04:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010.09.14 04:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010.09.14 04:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.09.09 17:48:36 | 000,055,808 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2010.07.08 01:02:14 | 001,801,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.01 15:56:18 | 000,031,232 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009.06.09 20:30:42 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\ATKACPI.SYS -- (ACPIService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
 
 
O1 HOSTS File: ([2012.01.25 18:57:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programme\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Atheros\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [fspuip] C:\Programme\FSP\FspUip.exe (Sentelic Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\saliha\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programme\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77DE3EC2-C39E-4E8B-8E11-8AFABC812ACD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8CF0311-F9B5-4A3A-BEE9-D8C906E1C2F2}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.27 21:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.27 21:28:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.27 21:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.27 21:14:10 | 000,000,000 | R--D | C] -- C:\Users\saliha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012.01.27 21:00:25 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Roaming\Avira
[2012.01.27 20:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.01.27 20:49:35 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.01.27 20:49:31 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.01.27 20:49:31 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.01.27 20:49:31 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.01.27 20:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.01.27 20:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.01.27 17:02:09 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{605E2FEC-B357-4156-90E1-54F61D6AC329}
[2012.01.27 17:00:02 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{61752167-445E-41E1-9FBA-6F74C3B62F01}
[2012.01.26 20:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.26 19:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.01.26 19:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.01.26 19:43:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.01.26 19:43:56 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.01.26 19:43:56 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.01.26 19:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.01.26 19:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.01.26 18:37:28 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\saliha\Desktop\jxpiinstall.exe
[2012.01.26 18:06:35 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\saliha\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.26 17:56:08 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{ADE22BCE-4A88-4208-92D4-D037782584DC}
[2012.01.26 17:55:53 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{63A52A20-9D18-4B3D-B65B-7DCD5DD03B65}
[2012.01.25 19:06:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.01.25 19:05:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.01.25 19:05:56 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\temp
[2012.01.25 18:33:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.01.25 18:33:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.01.25 18:33:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.01.25 18:33:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.01.25 18:33:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.25 18:30:22 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012.01.25 18:30:21 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012.01.25 18:29:39 | 004,388,468 | R--- | C] (Swearware) -- C:\Users\saliha\Desktop\ComboFix.exe
[2012.01.25 18:25:30 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{6A6396BD-0AE3-4F86-A71C-89A53A037576}
[2012.01.25 18:25:14 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{BE5FB36E-5E60-4636-9A4D-16C1698CC7D1}
[2012.01.25 00:47:44 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{289D93A2-AD33-4816-9943-938B4870DA1F}
[2012.01.25 00:47:30 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{35343A62-C925-452D-BFAA-BCB15E080F31}
[2012.01.24 23:37:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\saliha\Desktop\OTL.exe
[2012.01.24 21:21:51 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{42F8AC1F-AE2A-48A5-A912-4B75357736B8}
[2012.01.24 21:07:20 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{18007C3A-5E3C-4619-9983-2473BB053C3B}
[2012.01.24 19:13:55 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{F3A3CC18-9B76-4340-9DFE-0AAF063363B2}
[2012.01.24 18:55:59 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{C024A112-19DF-499E-A1D8-664DF3CFAFB7}
[2012.01.24 18:47:09 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{3CFDBB1F-B6DE-415A-A9DC-7BC69385941D}
[2012.01.24 18:36:37 | 000,000,000 | ---D | C] -- C:\FRST
[2012.01.24 18:33:53 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{EB4B2084-1B22-4190-B560-97F857520599}
[2012.01.23 00:23:23 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{CB4F5197-4E8A-492A-AF32-817E4E11F8FD}
[2012.01.14 22:11:45 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Roaming\Malwarebytes
[2012.01.14 22:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.14 22:04:51 | 000,000,000 | ---D | C] -- C:\Users\saliha\Documents\antibotcd0112_chip[1]
[2012.01.14 21:54:43 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{A755919E-1172-4683-8572-6CFDAC9588EB}
[2012.01.14 21:54:30 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{F27399F7-2B82-4377-89A9-A9CF6A39C5D3}
[2012.01.13 21:57:16 | 000,000,000 | ---D | C] -- C:\1f46ce212972cb18796329d23666adad
[2012.01.13 18:42:35 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{D507EAA4-93E1-4B99-9B79-6E1821D7C26C}
[2012.01.13 18:42:24 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{04E23234-F08B-4205-8705-8C9FA4812F2C}
[2012.01.12 20:24:38 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\ElevatedDiagnostics
[2012.01.12 18:07:41 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{73D0459D-B613-4205-9565-F0FD453405F2}
[2012.01.12 18:07:28 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{0E35760C-C11F-4C9B-9E5E-4062494B85CA}
[2012.01.11 18:15:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.11 18:15:29 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.11 18:15:28 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.11 18:08:49 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{989BC29A-656C-4761-8420-532B82E3D3CF}
[2012.01.09 18:08:05 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{1D531BC1-DC24-4750-92A2-9E0745D4F484}
[2012.01.09 17:15:02 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{B8C0C2F3-7F81-4B9C-A4A1-0417128EF064}
[2012.01.08 13:25:12 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{9C682E12-26BD-44B5-97ED-37A5D42C8997}
[2012.01.08 13:24:48 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{3C4E2D2B-DDB2-4CDF-8891-9B2AFAD762C5}
[2012.01.08 12:22:05 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{6B21F5F9-5526-434A-869F-1A446F275A96}
[2012.01.07 18:53:19 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{0BF5B351-D057-435A-843B-8D7ED79DDE0D}
[2012.01.07 18:52:44 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{750667E9-9FC5-4112-9FC2-166FB146923F}
[2011.12.31 21:32:11 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{A60C007F-B9D8-4834-81A7-5F4991AB101B}
[2011.12.30 21:33:40 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{323FF4D1-2CB0-435A-A06E-3EF15C72936F}
[2011.12.30 21:33:27 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{A5DF7854-B697-4892-8683-1A75E695E855}
[2011.12.30 15:05:24 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{A1AA8B62-847B-49BD-9C1D-368AC7D0125E}
[2011.12.30 14:58:56 | 000,000,000 | ---D | C] -- C:\Users\saliha\AppData\Local\{64A7E85E-3C74-4A69-932C-50B2A299E04D}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.27 21:28:52 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.27 21:24:17 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\saliha\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.27 21:22:11 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.27 21:22:11 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.27 21:14:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.27 21:13:58 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.01.27 21:13:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.27 21:13:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.27 21:13:34 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.27 20:50:01 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.27 20:47:57 | 087,262,320 | ---- | M] () -- C:\Users\saliha\Desktop\avira_free_antivirus1200872_de.exe
[2012.01.26 19:43:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.01.26 19:43:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.01.26 19:43:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.01.26 19:43:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.01.26 19:26:17 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\saliha\Desktop\jxpiinstall.exe
[2012.01.25 18:57:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.01.25 18:29:52 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\saliha\Desktop\ComboFix.exe
[2012.01.25 18:24:46 | 000,000,004 | ---- | M] () -- C:\ProgramData\RELED.INI
[2012.01.24 23:37:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\saliha\Desktop\OTL.exe
[2012.01.24 18:36:44 | 001,169,458 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.24 18:36:44 | 000,769,750 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.24 18:36:44 | 000,293,080 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.24 18:36:44 | 000,253,152 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.30 15:07:43 | 000,002,310 | ---- | M] () -- C:\Users\saliha\Documents\Mein Film.wlmp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.27 21:28:52 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.27 20:50:01 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.27 20:47:44 | 087,262,320 | ---- | C] () -- C:\Users\saliha\Desktop\avira_free_antivirus1200872_de.exe
[2012.01.25 18:33:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.01.25 18:33:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.01.25 18:33:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.01.25 18:33:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.01.25 18:33:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.12.30 15:07:43 | 000,002,310 | ---- | C] () -- C:\Users\saliha\Documents\Mein Film.wlmp
[2011.01.07 13:24:31 | 000,000,004 | ---- | C] () -- C:\ProgramData\RELED.INI
[2011.01.07 13:16:26 | 000,246,804 | ---- | C] () -- C:\Windows\System32\AtherosBT.bin
[2011.01.07 13:13:01 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.12.17 08:45:41 | 000,016,456 | ---- | C] () -- C:\Windows\System32\drivers\ATKACPI.SYS
[2010.12.09 08:02:08 | 000,030,720 | --S- | C] () -- C:\Windows\System32\Install-Ambion.exe
[2010.11.25 20:20:54 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
[2009.07.14 09:47:43 | 001,169,458 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,293,080 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,269,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,769,750 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,253,152 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
         

--- --- ---

Der Computer reagiert manchmal nicht;wie zb beim scanen.Aber sonst ist er wie immer.

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

/md5start
ATKACPI.sys
/md5stop
         

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Nichts und danach den Scan Button.
• Wenn der Scan beendet wurde, wird sich ein Textdokument öffnen.
• Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo Daniel,ich hab die Otl.exe,als Adminstrator gestartet.Als ich,den Inhalt kopiren wollt kam die Meldung:Fehler auf dieser Seite.Ich hab es ein paar mal neu gestartet,aber immer die gleiche Meldung.Kann den Scan somit nicht durchführen.

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

• Doppelklick auf die SystemLook.exe, um das Tool zu starten.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
  
  
  Code: Alles auswählenAufklappen

  ATTFilter

  :filefind
  ATKACPI.sys
           

• Klicke nun auf den Button Look, um den Scan zu starten.
• Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
• Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Ok,auch hier das gleiche Spiel.Wenn ich den Text,kopieren will heisst es Fehler auf der Seite.Das Netbook, ist sehr sehr langsam geworden und reagiert manchmal gar nicht,zb.wenn ich ein fenster schließen will.

Wie kopierst du den Text ?

Wie ich kopiere???So wie ich es immer gemacht habe,steht doch oben:alles kopieren.Und es hat immer funktioniert.Ansonsten,makiere ich das und dann kopieren.Es hat immer funktioniert aber leider jetzt nicht mehr.Warum????Und die meldung lautet Fehler auf der Seite.

Also,ich hab es nochmal versucht,und komisch komisch es hat funktioniert.So langsam,wird der pc mir unheimlich und sehr nervig!
SystemLook 30.07.11 by jpshortstuff
Log created at 21:01 on 31/01/2012 by saliha
Administrator - Elevation successful

========== filefind ==========

Searching for "ATKACPI.sys"
C:\Windows\System32\drivers\ATKACPI.SYS --a---- 16456 bytes [07:45 17/12/2010] [19:30 09/06/2009] C1C7EEF1A53A6B47323187A22559E553
C:\Windows\System32\DriverStore\FileRepository\osdacpi.inf_x86_neutral_e34d5f17c470a245\ATKACPI.SYS --a---- 16456 bytes [07:45 17/12/2010] [19:30 09/06/2009] C1C7EEF1A53A6B47323187A22559E553

Searching for " "
No files found.

-= EOF =-

Wenn du nicht immer so seltsam schreiben würdest, wo das Problem liegt, könnte ich dir wahrscheinlich helfen. Aber meine Glaskugel ist leider kaputt.

Liste mir alle Probleme auf, so das man sie auch versteht. Mit "er ist langsam" kann ich nichts anfangen. Was ist langsam, Startvorgang,.....

Je detailierter, desto besser.

Autsch,dass war nicht nett.Würdes du,mir schreiben das ich es detalierter beschreiben soll,hätte ich es sehr gerne getan!Wenn ich ein Program,starten will tut DER PC dies sehr langsam.Wenn ich ein Fenster,schließen möcht funktiniert das erst beim mehrmaligen versuch.Und wenn ich zb.ein Scan durchführen will,muss ich bis zu 5-6 auf Start klicken bis der Scan beginnt.Nochmalerweise steht dann da,dass der scan läuft diese Meldung fehlt auch.Ich hoffe,dass war detaliert genug.Sag mal bin ich den Trojaner jetzt endgültig los?Das würde mich intressieren???

War nicht böse gemeint, bin einfach nur etwas gestresst gerade.

Problem ist, ich sehe in den Logfiles nichts und ich weiß, dass srep eigentlich nichts löscht. Hab ich ja selber geschrieben

Sehen wir mal mit anderen Tools nach.



Downloade dir bitte dds ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.

dds.com
dds.scr

• Schließe alle laufenden Programme.
• Starte DDS mit Doppelklick.
• Es wird 2 Logfiles erstellen.
  • dds.txt
  • attach.txt
• Speichere beide Logfiles auf deinem Desktop
• Poste beide Logfiles hier.

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe
• Drücke Start Scan
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
  Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe
  Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
  Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.



Bitte poste in deiner nächsten Antwort
dds.txt
attach.txt
TDSSKiller Log
aswMBR.txt

Ok,gestresst sein davon kann ich momentan ein Lied singen!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by saliha at 0:29:00 on 2012-02-01
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1014.341 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Atheros\Ath_CoexAgent.exe
C:\Program Files\Atheros\Bluetooth Suite\adminservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Atheros\Bluetooth Suite\BtvStack.exe
C:\Program Files\Atheros\Bluetooth Suite\AthBtTray.exe
C:\Program Files\FSP\FspUip.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - c:\program files\atheros\bluetooth suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [FLxHCIm] "c:\program files\fresco logic inc\fresco logic usb3.0 host controller\host\FLxHCIm.exe"
mRun: [AtherosBtStack] "c:\program files\atheros\bluetooth suite\BtvStack.exe"
mRun: [AthBtTray] "c:\program files\atheros\bluetooth suite\AthBtTray.exe"
mRun: [fspuip] %ProgramFiles%\FSP\fspuip.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to MP3 Converter - c:\users\saliha\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\atheros\bluetooth suite\IEPlugIn.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{77DE3EC2-C39E-4E8B-8E11-8AFABC812ACD} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E8CF0311-F9B5-4A3A-BEE9-D8C906E1C2F2} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-27 36000]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-1-27 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-1-27 110032]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\atheros\Ath_CoexAgent.exe [2011-1-7 151552]
R2 AtherosSvc;AtherosSvc;c:\program files\atheros\bluetooth suite\AdminService.exe [2010-11-25 56480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-27 74640]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
R3 ACPIService;ATK0100 ACPI SERVICE;c:\windows\system32\drivers\ATKACPI.SYS [2010-12-17 16456]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2010-11-25 34976]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-11-25 258720]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2010-11-25 24736]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2010-11-25 175776]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2010-11-25 49312]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2010-11-25 141088]
R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2010-11-25 239776]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-10-28 27632]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [2010-11-19 174080]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\drivers\FLxHCIh.sys [2010-11-19 38400]
R3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\drivers\fspad_wlh32.sys [2010-12-17 55808]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-1-7 275048]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-19 136176]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2011-1-7 31232]
S3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\drivers\AthDfu.sys [2010-11-25 43680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-19 136176]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-26 52224]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-01-31 19:47:49 -------- d-----w- c:\users\saliha\appdata\local\{C1A7471D-4FE0-404A-8421-D59F7A166666}
2012-01-31 19:47:11 -------- d-----w- c:\users\saliha\appdata\local\{ED722A3F-8E6D-49A2-A03E-A431F088780E}
2012-01-30 17:28:47 -------- d-----w- c:\users\saliha\appdata\local\{336B0369-3EBE-41F6-9C0B-F3F2D63FCA50}
2012-01-30 17:28:31 -------- d-----w- c:\users\saliha\appdata\local\{70789DAF-490E-4A24-B5EF-F0D3B025DA29}
2012-01-28 21:53:37 -------- d-----w- c:\windows\system32\SPReview
2012-01-28 21:51:45 -------- d-----w- c:\windows\system32\EventProviders
2012-01-28 15:52:52 -------- d-----w- c:\users\saliha\appdata\local\{5BBE0F3E-FA08-486F-928E-07141326205B}
2012-01-28 15:52:28 -------- d-----w- c:\users\saliha\appdata\local\{8B123531-3AB8-420E-87E3-8D11C19AEB54}
2012-01-27 20:00:25 -------- d-----w- c:\users\saliha\appdata\roaming\Avira
2012-01-27 19:49:31 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-27 19:49:31 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-27 19:49:26 -------- d-----w- c:\programdata\Avira
2012-01-27 19:49:25 -------- d-----w- c:\program files\Avira
2012-01-27 16:02:09 -------- d-----w- c:\users\saliha\appdata\local\{605E2FEC-B357-4156-90E1-54F61D6AC329}
2012-01-27 16:00:02 -------- d-----w- c:\users\saliha\appdata\local\{61752167-445E-41E1-9FBA-6F74C3B62F01}
2012-01-26 18:48:26 -------- d-----w- c:\program files\Ask.com
2012-01-26 18:37:38 -------- d-----w- c:\programdata\Ask
2012-01-26 16:56:08 -------- d-----w- c:\users\saliha\appdata\local\{ADE22BCE-4A88-4208-92D4-D037782584DC}
2012-01-26 16:55:53 -------- d-----w- c:\users\saliha\appdata\local\{63A52A20-9D18-4B3D-B65B-7DCD5DD03B65}
2012-01-25 18:06:03 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-25 18:05:56 -------- d-----w- c:\users\saliha\appdata\local\temp
2012-01-25 17:33:36 98816 ----a-w- c:\windows\sed.exe
2012-01-25 17:33:36 518144 ----a-w- c:\windows\SWREG.exe
2012-01-25 17:33:36 256000 ----a-w- c:\windows\PEV.exe
2012-01-25 17:33:36 208896 ----a-w- c:\windows\MBR.exe
2012-01-25 17:30:24 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-25 17:30:24 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-25 17:30:23 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-25 17:30:23 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-25 17:30:22 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-25 17:30:22 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-25 17:30:22 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-25 17:30:22 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-25 17:30:22 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-25 17:30:22 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-25 17:25:30 -------- d-----w- c:\users\saliha\appdata\local\{6A6396BD-0AE3-4F86-A71C-89A53A037576}
2012-01-25 17:25:14 -------- d-----w- c:\users\saliha\appdata\local\{BE5FB36E-5E60-4636-9A4D-16C1698CC7D1}
2012-01-24 23:47:44 -------- d-----w- c:\users\saliha\appdata\local\{289D93A2-AD33-4816-9943-938B4870DA1F}
2012-01-24 23:47:30 -------- d-----w- c:\users\saliha\appdata\local\{35343A62-C925-452D-BFAA-BCB15E080F31}
2012-01-24 20:21:51 -------- d-----w- c:\users\saliha\appdata\local\{42F8AC1F-AE2A-48A5-A912-4B75357736B8}
2012-01-24 20:07:20 -------- d-----w- c:\users\saliha\appdata\local\{18007C3A-5E3C-4619-9983-2473BB053C3B}
2012-01-24 18:13:55 -------- d-----w- c:\users\saliha\appdata\local\{F3A3CC18-9B76-4340-9DFE-0AAF063363B2}
2012-01-24 17:55:59 -------- d-----w- c:\users\saliha\appdata\local\{C024A112-19DF-499E-A1D8-664DF3CFAFB7}
2012-01-24 17:47:09 -------- d-----w- c:\users\saliha\appdata\local\{3CFDBB1F-B6DE-415A-A9DC-7BC69385941D}
2012-01-24 17:36:37 -------- d-----w- C:\FRST
2012-01-24 17:33:53 -------- d-----w- c:\users\saliha\appdata\local\{EB4B2084-1B22-4190-B560-97F857520599}
2012-01-22 23:23:23 -------- d-----w- c:\users\saliha\appdata\local\{CB4F5197-4E8A-492A-AF32-817E4E11F8FD}
2012-01-14 21:11:45 -------- d-----w- c:\users\saliha\appdata\roaming\Malwarebytes
2012-01-14 21:11:38 -------- d-----w- c:\programdata\Malwarebytes
2012-01-14 20:54:43 -------- d-----w- c:\users\saliha\appdata\local\{A755919E-1172-4683-8572-6CFDAC9588EB}
2012-01-14 20:54:30 -------- d-----w- c:\users\saliha\appdata\local\{F27399F7-2B82-4377-89A9-A9CF6A39C5D3}
2012-01-13 20:57:16 -------- d-----w- C:\1f46ce212972cb18796329d23666adad
2012-01-13 17:42:35 -------- d-----w- c:\users\saliha\appdata\local\{D507EAA4-93E1-4B99-9B79-6E1821D7C26C}
2012-01-13 17:42:24 -------- d-----w- c:\users\saliha\appdata\local\{04E23234-F08B-4205-8705-8C9FA4812F2C}
2012-01-12 19:24:38 -------- d-----w- c:\users\saliha\appdata\local\ElevatedDiagnostics
2012-01-12 17:07:41 -------- d-----w- c:\users\saliha\appdata\local\{73D0459D-B613-4205-9565-F0FD453405F2}
2012-01-12 17:07:28 -------- d-----w- c:\users\saliha\appdata\local\{0E35760C-C11F-4C9B-9E5E-4062494B85CA}
2012-01-11 17:15:34 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 17:15:31 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 17:15:29 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 17:15:28 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 17:08:49 -------- d-----w- c:\users\saliha\appdata\local\{989BC29A-656C-4761-8420-532B82E3D3CF}
2012-01-09 17:08:05 -------- d-----w- c:\users\saliha\appdata\local\{1D531BC1-DC24-4750-92A2-9E0745D4F484}
2012-01-09 16:15:02 -------- d-----w- c:\users\saliha\appdata\local\{B8C0C2F3-7F81-4B9C-A4A1-0417128EF064}
2012-01-08 12:25:12 -------- d-----w- c:\users\saliha\appdata\local\{9C682E12-26BD-44B5-97ED-37A5D42C8997}
2012-01-08 12:24:48 -------- d-----w- c:\users\saliha\appdata\local\{3C4E2D2B-DDB2-4CDF-8891-9B2AFAD762C5}
2012-01-08 11:22:05 -------- d-----w- c:\users\saliha\appdata\local\{6B21F5F9-5526-434A-869F-1A446F275A96}
2012-01-07 17:53:19 -------- d-----w- c:\users\saliha\appdata\local\{0BF5B351-D057-435A-843B-8D7ED79DDE0D}
2012-01-07 17:52:44 -------- d-----w- c:\users\saliha\appdata\local\{750667E9-9FC5-4112-9FC2-166FB146923F}
.
==================== Find3M ====================
.
2012-01-28 22:45:56 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-26 18:43:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 0:29:46,62 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 19.09.2011 02:55:42
System Uptime: 01.02.2012 00:07:08 (0 hours ago)
.
Motherboard: Medion | | E122X
Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz | CPU 1 | 1667/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 192 GiB total, 168,731 GiB free.
D: is FIXED (NTFS) - 38 GiB total, 3,48 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP42: 28.01.2012 22:53:15 - Windows 7 Service Pack 1
RP43: 30.01.2012 18:28:58 - Windows-Sicherung
RP44: 31.01.2012 20:51:46 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X - Deutsch
AM Usb Card Reader Driver
AmbionWizard
Ashampoo Burning Studio
Ashampoo Photo Commander
Ashampoo Photo Optimizer
Ashampoo Snap
Ask Toolbar
Ask Toolbar Updater
Atheros WLAN and Bluetooth Client Installation Program
Avira Free Antivirus
Bing Bar
Bluetooth Win7 Suite
CorelDRAW Essentials 4
CorelDRAW Essentials 4 - Content
CorelDRAW Essentials 4 - Draw
CorelDRAW Essentials 4 - Filters
CorelDRAW Essentials 4 - ICA
CorelDRAW Essentials 4 - IPM - No VBA
CorelDRAW Essentials 4 - Lang BR
CorelDRAW Essentials 4 - Lang DE
CorelDRAW Essentials 4 - Lang EN
CorelDRAW Essentials 4 - Lang ES
CorelDRAW Essentials 4 - Lang FR
CorelDRAW Essentials 4 - Lang IT
CorelDRAW Essentials 4 - Lang NL
CorelDRAW Essentials 4 - PHOTO-PAINT
CorelDRAW Essentials 4 - Windows Shell Extension
CyberLink PowerDVD 10
CyberLink YouCam
CyberLink YouPaint
D3DX10
Finger Sensing Pad Driver
Fresco Logic USB3.0 Host Controller
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotkey
Instant-On Utilities v1.2
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Medion Home Cinema
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Klick-und-Los 2010
Microsoft Office Starter 2010 - Deutsch
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
PlayReady PC Runtime x86
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
.
==== End Of File ===========================
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-01 00:43:00
-----------------------------
00:43:00.389 OS Version: Windows 6.1.7601 Service Pack 1
00:43:00.389 Number of processors: 2 586 0x1C0A
00:43:00.389 ComputerName: SALIHA-PC UserName: saliha
00:43:01.278 Initialize success
00:44:55.580 AVAST engine defs: 12013100
00:46:34.484 The log file has been saved successfully to "C:\Users\saliha\Desktop\aswMBR.txt"

Zu TDSSkiller.exe kam die Meldung:no threats found.

Sag mal,kann ich die ganzen Programe und Logfiles wieder löschen,oder brauche ich die noch?Bitte beantworte mir die Fragen denn das tust du nie FRAGEN BEANTWORTEN

Wenn mans genau nimmt. müsste ich hier garnichts tun.
Die Logfiles kommen jetzt weg. Ich seh da keine laufende Malware mehr, eventuell können dir die Leute im Windowsbereich helfen.



Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.

Code: Alles auswählenAufklappen

ATTFilter

Combofix /Uninstall
         

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.



Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

• Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
• Windows Updates
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
• Gehe sicher das die automatischen Updates aktiviert sind.
• Software Updates
  Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
  Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

• Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

• MalwareBytes Anti Malware
  Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
  Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
  Ein Tutorial zur Verwendung findest Du hier.
• WinPatrol
  Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

• SpywareBlaster
  Eine kurze Einführung findest du Hier
• MVPs hosts file
  Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
• WOT (Web of trust)
  Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

• Opera
• Mozilla Firefox.
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts

• Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
• verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
• Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
• Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.


Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Hallo Daniel,ich habe,alles löschen können.Ich habe auch deine Tipps befolgt,und die Programe instaliert.Vielen lieben Dank für deine Hilfe!!!Ohne deine Hilfe,hätte ich es niemals geschaft. IHR SEIT ECHT EIN SUPER TEAM. Ich wünsche dir alles gute und wenig STRESS! mfg