Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL

Polarbär · 16.07.2012, 11:50

Hallo,
ich wäre Dankbar für eure Hilfe.
Habe folgendes Problem:
Der Adobe Flashplayer verursacht nach einer gewissen Zeit ab neuinstalation beim abspielen von Youtube Videos das der PC komplet einfriert oder ein Bluescrenn erscheint (Bluescrenn erscheint ab und zu auch bei Systemstart).
Könnte auch der Grafigtreiber von ATI verursachen habe mefach neu instaliert? oder folgendes
Spybot2.0 Rootkit scanner hat eine Programm endeckt das sich nicht löschen lässt in der Regedit, (SOFTWARE\Xanthic)?
Avast und Malwarebytest haben nichts endeckt!
Habe Win xp und Grafigkarte ATI Radon HD 5450 Treibervers.8.980.0.0
Danke im voraus!

Zitat:

// vom 16.7.2012 info: Rootkit removal help file
// copyright: (c) 2008-2012 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"No admin in ACL","C:\WINDOWS\system32\A3DA537E26.sys"
File:"No admin in ACL","C:\WINDOWS\system32\F993342A13.sys"
Directory:"Hidden directory","Files in System folder"
Directory:"Hidden directory","Global run entries"
Directory:"Hidden directory","Winlogon entries"
Directory:"Hidden directory","Invisible processes (from handles)"
Directory:"Hidden directory","Invisible processes (from threads)"
RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Xanthic\","{1246792F-C12E-81AE-FE96-35D2FC917677}\0_"
// Attention: entries with a zero character will not be displayed correctly and may not work!
RegyValue:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SOFTWARE\Xanthic\","{1246792F-C12E-81AE-FE96-35D2FC917677}\0_"
// Attention: entries with a zero character will not be displayed correctly and may not work!
RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\","System\0"
// Attention: entries with a zero character will not be displayed correctly and may not work!

Zitat:

:: VOM 13.7.2012 RootAlyzer Results
File:"Invisible to Win32","C:\avenger.txtbox"
File:"No admin in ACL","C:\WINDOWS\system32\A3DA537E26.sys"
File:"No admin in ACL","C:\WINDOWS\system32\F993342A13.sys"
File:"No admin in ACL","C:\WINDOWS\system32\KGyGaAvL.sys"
File:"No admin in ACL","C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\SRTSP\SrtETmp"
Directory:"Hidden directory","Files in System folder"
Directory:"Hidden directory","Global run entries"
Directory:"Hidden directory","Winlogon entries"
Directory:"Hidden directory","Invisible processes (from handles)"
Directory:"Hidden directory","Invisible processes (from threads)"
RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Xanthic\","{1246792F-C12E-81AE-FE96-35D2FC917677}\0_"
// Attention: entries with a zero character will not be displayed correctly and may not work!
RegyValue:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SOFTWARE\Xanthic\","{1246792F-C12E-81AE-FE96-35D2FC917677}\0_"
// Attention: entries with a zero character will not be displayed correctly and may not work!
RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\","System\0"

Zitat:

Bluescreen
Mini071612-01.dmp 16.07.2012 09:31:20 IRQL_NOT_LESS_OR_EQUAL 0x0000000a 0x623fd8cc 0x00000002 0x00000001 0x805224f7 ntkrnlpa.exe ntkrnlpa.exe+6d4e8 5.1.2600.3670 (xpsp_sp2_qfe.100216-2016) 32-bit ntkrnlpa.exe+6d4e8 ntkrnlpa.exe+4b4f7 ntkrnlpa.exe+4b850 ntkrnlpa.exe+3d939 C:\WINDOWS\Minidump\Mini071612-01.dmp 2 15 2600 65.536
ntkrnlpa.exe ntkrnlpa.exe+4b4f7 0x804d7000 0x806e4000 0x0020d000 0x4b7ace87 16.02.2010 16:57:43 Betriebssystem Microsoft® Windows® NT-Kernel und -System 5.1.2600.3670 (xpsp_sp2_qfe.100216-2016) Microsoft Corporation C:\WINDOWS\system32\ntkrnlpa.exe

Polarbär · 16.07.2012, 14:47

Entschuldigung für die verspätung der Log Files
aber OLT und Defroger werden nicht richtig ausgeführt!
GMER logfile wurde hier angehängt.

OLT
beim ausführen wird folgende Fehlermeldung angezeigt:
Exeeption EOle Sys Error in module OTL.exe at 000584A5.
Klasse nicht registriert

Zitat:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:01 on 16/07/2012 (Roman)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)

-=E.O.F=-

cosinus · 17.07.2012, 10:26

Zitat:

Avast und Malwarebytest haben nichts endeckt!

Trotzdem bitte alle Logs davon posten
Die Logs enthalten ein paar mehr Infos als nur Fund oder kein Fund.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Polarbär · 17.07.2012, 18:16

Hallo
also mit Avast habe ich eine "Strartzeitprüfung" und heute noch eine "Vollständige Prüfung" durchgeführt das seltsame ist nur das ich keine Logfiles dafür finden kann (Prog./AVAST5/DATA/log+report) es wird nur im Avast-programmfenster unter Protokolle angezeigt das die Scans durchgeführt wurden. Ergebnis Vollständige Prüfung; Einige Datein konten nicht überprüft werden- Datei ist offline sie ist aktuell nicht verfügbar: C:\Programme\SCi Games\Richard Burns Rally /www.bhmotorsports.com.txt
C:\Programme\SCi Games/www.bhmotorsports.com.txt

Unter C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software\Avast5\log
sind einige Logs aber keine von virusscan; aswAr1.log+setup.log+...

Zitat:

setup.log ....10:29:42 min/gen Started: 17.07.2012, 10:29:42
10:29:42 vrb/gen Operation set to INST_OP_UNKNOWN
10:29:49 min/gen Old version: 5b0 (1456)
10:29:51 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
10:29:51 min/gen Running SETUP_AIS-5b0 (1456)
10:29:51 nrm/sys Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
10:29:51 nrm/sys Memory: 40% load. Phys:1256420/2095532K free, Page:3407736/4032888K free, Virt:2050648/2097024K free
10:29:51 vrb/sys Computer WinName: PALME
10:29:51 min/sys Windows Net User: NT-AUTORITÄT\SYSTEM
10:29:51 min/gen Cmdline: /checkupdate /verysilent
10:29:51 vrb/gen DldSrc set to inet
10:29:51 vrb/gen Operation set to INST_OP_CHECK_UPDATE
10:29:51 min/gen Old version: 5b0 (1456)
10:29:52 vrb/reg Deleted registry: Software\AVAST Software\Avast\UpdateReady
10:29:52 nrm/sys Using temp: C:\WINDOWS\TEMP\_asw_aisI.tm~a02264 (43689M free)
10:29:52 nrm/gen SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
10:29:52 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
10:29:53 vrb/sys Computer DnsName: Palme
10:29:53 vrb/sys Computer Ip Addr: 192.168.178.20
10:29:53 nrm/sys Installed in: C:\Programme\Alwil Software\Avast5 (43689M free)
10:29:53 vrb/gen LoadState: Edition=1
10:29:53 nrm/int SYNCER: Type: use IE settings
10:29:53 nrm/int SYNCER: Auth: another authentication, use WinInet
10:29:53 vrb/pkg Part prg_ais-5b0 is installed
10:29:53 vrb/pkg Part vps_win32-12071600 is installed
10:29:53 vrb/pkg Part setup_ais-5b0 is installed
10:29:53 vrb/pkg Part jrog-a7 is installed
10:29:53 vrb/pkg Part jrog2-557 is installed
10:29:53 min/gen Old version: 5b0 (1456)
10:30:39 vrb/fil SetExistingFilesBitmap: 1095->373->368
10:30:39 min/gen GUID: a0469928-e95f-4475-8cca-40358391a522
10:30:40 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
10:30:40 nrm/gen SelectCurrent: selected server 'Download344 AVAST5 Server' from 'main'
10:30:40 nrm/int SYNCER: Type: use IE settings
10:30:40 nrm/int SYNCER: Auth: another authentication, use WinInet
10:30:42 nrm/int Used server: hxxp://95.211.168.39/iavs5x
10:30:42 min/fil GetFileWithRetry: servers.def.vpx downloaded .
10:30:42 min/fil servers.def.vpx not changed, 1342165328
10:30:43 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
10:30:43 nrm/gen SelectCurrent: selected server 'Download352 AVAST5 Server' from 'main'
10:30:43 nrm/int SYNCER: Type: use IE settings
10:30:43 nrm/int SYNCER: Auth: another authentication, use WinInet
10:30:43 nrm/int Used server: hxxp://download352.avast.com/iavs5x
10:30:43 min/fil GetFileWithRetry: prod-ais.vpx downloaded .
10:30:44 vrb/pkg LoadPartInfo: jrog = jrog-a7 returned 00000000
10:30:44 vrb/pkg LoadPartInfo: jrog2 = jrog2-559 returned 00000000
10:30:44 vrb/pkg LoadPartInfo: program = prg_ais-5b0 returned 00000000
10:30:44 vrb/pkg LoadPartInfo: setup = setup_ais-5b0 returned 00000000
10:30:44 vrb/pkg LoadPartInfo: vps = vps_win32-12071700 returned 00000000
10:30:44 vrb/reg Set registry: Software\AVAST Software\Avast\DataFolder=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software\Avast5
10:30:44 vrb/reg Set registry: Software\AVAST Software\Avast\Version=7.0
10:30:44 vrb/reg Set registry: Software\AVAST Software\Avast\VersionShort=7.0
10:30:44 vrb/reg Set registry: Software\AVAST Software\Avast\SetupVersion=1456
10:30:44 vrb/reg Set registry: Software\AVAST Software\Avast\ProgramFolder=C:\Programme\Alwil Software\Avast5
10:30:44 vrb/reg Set registry: Software\AVAST Software\Avast\Product=ais
10:30:46 nrm/pkg Transferred: files 2, bytes 592, time 2359 ms
10:30:46 nrm/pkg Retries: total 0, files 0, servers 2
10:30:46 vrb/fil NeedReboot=false
10:30:46 min/gen Return code: 0x20000000 [Something done]
10:30:46 min/gen Stopped: 17.07.2012, 10:30:46

10:30:49 min/gen Started: 17.07.2012, 10:30:49
10:30:49 vrb/gen Operation set to INST_OP_UNKNOWN
10:30:49 min/gen Old version: 5b0 (1456)
10:30:49 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
10:30:49 min/gen Running SETUP_AIS-5b0 (1456)
10:30:49 nrm/sys Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
10:30:49 nrm/sys Memory: 43% load. Phys:1186004/2095532K free, Page:3344684/4032888K free, Virt:2050648/2097024K free
10:30:49 vrb/sys Computer WinName: PALME
10:30:49 min/sys Windows Net User: NT-AUTORITÄT\SYSTEM
10:30:49 min/gen Cmdline: /downloadpkgs /noreboot /updatevps /verysilent /session "0" /limitcpu
10:30:49 vrb/gen DldSrc set to inet
10:30:49 vrb/gen Operation set to INST_OP_UPDATE_GET_PACKAGES
10:30:49 min/gen Old version: 5b0 (1456)
10:30:49 vrb/reg Deleted registry: Software\AVAST Software\Avast\UpdateReady
10:30:49 nrm/sys Using temp: C:\WINDOWS\TEMP\_asw_aisI.tm~a02700 (43689M free)
10:30:49 nrm/gen SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
10:30:49 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
10:30:50 vrb/sys Computer DnsName: Palme
10:30:50 vrb/sys Computer Ip Addr: 192.168.178.20
10:30:50 nrm/sys Installed in: C:\Programme\Alwil Software\Avast5 (43689M free)
10:30:50 vrb/gen LoadState: Edition=1
10:30:50 nrm/int SYNCER: Type: use IE settings
10:30:50 nrm/int SYNCER: Auth: another authentication, use WinInet
10:30:50 vrb/pkg Part prg_ais-5b0 is installed
10:30:50 vrb/pkg Part vps_win32-12071600 is installed
10:30:50 vrb/pkg Part setup_ais-5b0 is installed
10:30:50 vrb/pkg Part jrog-a7 is installed
10:30:50 vrb/pkg Part jrog2-557 is installed
10:30:50 min/gen Old version: 5b0 (1456)
10:30:50 vrb/fil skipped CPackageEngine_File::SetExistingFilesBitmap
10:30:50 min/gen GUID: a0469928-e95f-4475-8cca-40358391a522
10:30:51 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
10:30:51 nrm/gen SelectCurrent: selected server 'Download328 AVAST5 Server' from 'main'
10:30:51 nrm/int SYNCER: Type: use IE settings
10:30:51 nrm/int SYNCER: Auth: another authentication, use WinInet
10:30:51 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
10:30:52 nrm/int Used server: hxxp://download328.avast.com/iavs5x
10:30:52 min/fil GetFileWithRetry: servers.def.vpx downloaded .
10:30:52 min/fil servers.def.vpx not changed, 1342165328
10:30:52 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
10:30:53 nrm/gen SelectCurrent: selected server 'Download119 AVAST5 Server' from 'main'
10:30:53 nrm/int SYNCER: Type: use IE settings
10:30:53 nrm/int SYNCER: Auth: another authentication, use WinInet
10:30:56 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:30:56 min/fil GetFileWithRetry: prod-ais.vpx downloaded .
10:30:56 min/fil prod-ais.vpx not changed, 1342513013
10:30:56 vrb/pkg LoadPartInfo: jrog = jrog-a7 returned 00000000
10:30:56 vrb/pkg LoadPartInfo: jrog2 = jrog2-559 returned 00000000
10:30:56 vrb/pkg LoadPartInfo: program = prg_ais-5b0 returned 00000000
10:30:56 vrb/pkg LoadPartInfo: setup = setup_ais-5b0 returned 00000000
10:30:56 vrb/pkg LoadPartInfo: vps = vps_win32-12071700 returned 00000000
10:30:56 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:30:56 min/fil GetFileWithRetry: part-vps_win32-12071700.vpx downloaded and verified
10:30:56 vrb/pkg Part vps_win32-12071700 was set to be installed
10:30:56 vrb/pkg DeleteObsoletePackages: Removed part-vps_win32-12071600.vpx
10:30:56 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:30:57 min/fil GetFileWithRetry: part-jrog2-559.vpx downloaded and verified
10:30:57 vrb/pkg Part jrog2-559 was set to be installed
10:30:57 vrb/pkg DeleteObsoletePackages: Removed part-jrog2-557.vpx
10:30:57 vrb/pkg Part vps_win32-12071700 was set to be installed
10:30:57 vrb/pkg Part jrog2-559 was set to be installed
10:30:57 vrb/pkg IsFullOkay: jrog2-559.vpx - not okay (doesn't exist)
10:30:57 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:30:57 min/fil GetFileWithRetry: jrog2-558-557.vpx downloaded and verified
10:30:57 nrm/pkg DldPackage: C:\Programme\Alwil Software\Avast5\Setup\jrog2-558-557.vpx, returned 0x00000000
10:30:57 min/pkg PerformPkgDiff: pPkgDiffStorage->m_pbtBufNew allocated 1296346
10:30:57 vrb/pkg PerformDiff: Ok
10:30:57 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:30:57 min/fil GetFileWithRetry: jrog2-559-558.vpx downloaded and verified
10:30:57 nrm/pkg DldPackage: C:\Programme\Alwil Software\Avast5\Setup\jrog2-559-558.vpx, returned 0x00000000
10:30:57 min/pkg PerformPkgDiff: pPkgDiffStorage->m_pbtBufNew allocated 1296896
10:30:57 vrb/pkg PerformDiff: Ok
10:30:57 vrb/pkg DeleteObsoletePackages: Removed jrog2-557.vpx
10:31:01 vrb/pkg IsFullOkay: vps_32-859.vpx - not okay (doesn't exist)
10:31:20 vrb/pkg IsFullOkay: vps_win32-86d.vpx - not okay (doesn't exist)
10:31:24 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:31:24 min/fil GetFileWithRetry: vps_32-858-857.vpx downloaded and verified
10:31:24 nrm/pkg DldPackage: C:\Programme\Alwil Software\Avast5\Setup\vps_32-858-857.vpx, returned 0x00000000
10:31:25 min/pkg PerformPkgDiff: pPkgDiffStorage->m_pbtBufNew allocated 70034129
10:31:26 vrb/pkg PerformDiff: Ok
10:31:29 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:31:29 min/fil GetFileWithRetry: vps_32-859-858.vpx downloaded and verified
10:31:29 nrm/pkg DldPackage: C:\Programme\Alwil Software\Avast5\Setup\vps_32-859-858.vpx, returned 0x00000000
10:31:29 min/pkg PerformPkgDiff: pPkgDiffStorage->m_pbtBufNew allocated 70080624
10:31:30 vrb/pkg PerformDiff: Ok
10:31:38 vrb/pkg DeleteObsoletePackages: Removed vps_32-857.vpx
10:31:38 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:31:38 min/fil GetFileWithRetry: vps_win32-86c-86b.vpx downloaded and verified
10:31:38 nrm/pkg DldPackage: C:\Programme\Alwil Software\Avast5\Setup\vps_win32-86c-86b.vpx, returned 0x00000000
10:31:38 min/pkg PerformPkgDiff: pPkgDiffStorage->m_pbtBufNew allocated 6546959
10:31:39 vrb/pkg PerformDiff: Ok
10:31:39 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:31:39 min/fil GetFileWithRetry: vps_win32-86d-86c.vpx downloaded and verified
10:31:39 nrm/pkg DldPackage: C:\Programme\Alwil Software\Avast5\Setup\vps_win32-86d-86c.vpx, returned 0x00000000
10:31:39 min/pkg PerformPkgDiff: pPkgDiffStorage->m_pbtBufNew allocated 6546959
10:31:39 vrb/pkg PerformDiff: Ok
10:31:41 vrb/pkg DeleteObsoletePackages: Removed vps_win32-86b.vpx
10:31:43 min/int submit has nothing to send
10:31:43 nrm/pkg Submit: files 0, bytes 0, time 0 ms
10:31:43 nrm/pkg Submit success: files 0, bytes 0, time 0 ms
10:31:43 nrm/pkg Transferred: files 10, bytes 436253, time 10357 ms
10:31:43 nrm/pkg Retries: total 0, files 0, servers 2
10:31:43 vrb/int Sending stats 'hxxp://stats7.avast.com/cgi-bin/iavs4stats.cgi': 00000000 204
10:31:44 vrb/fil NeedReboot=false
10:31:44 min/gen Return code: 0x20000000 [Something done]
10:31:44 min/gen Stopped: 17.07.2012, 10:31:44

10:31:53 min/gen Started: 17.07.2012, 10:31:53
10:31:53 vrb/gen Operation set to INST_OP_UNKNOWN
10:31:53 min/gen Old version: 5b0 (1456)
10:31:53 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
10:31:53 min/gen Running SETUP_AIS-5b0 (1456)
10:31:53 nrm/sys Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
10:31:53 nrm/sys Memory: 43% load. Phys:1175828/2095532K free, Page:3326220/4032888K free, Virt:2050648/2097024K free
10:31:53 vrb/sys Computer WinName: PALME
10:31:53 min/sys Windows Net User: NT-AUTORITÄT\SYSTEM
10:31:55 min/gen Cmdline: /refresh /noreboot /updatevps /verysilent /session "0" /limitcpu
10:31:55 vrb/gen Operation set to INST_OP_UPDATE_INSTALL_PACKAGES
10:31:55 min/gen Old version: 5b0 (1456)
10:31:55 vrb/reg Deleted registry: Software\AVAST Software\Avast\UpdateReady
10:31:55 nrm/sys Using temp: C:\WINDOWS\TEMP\_asw_aisI.tm~a03288 (43614M free)
10:31:55 nrm/gen SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
10:31:55 nrm/sys Installed in: C:\Programme\Alwil Software\Avast5 (43614M free)
10:31:55 vrb/gen LoadState: Edition=1
10:31:57 nrm/int SYNCER: Type: use IE settings
10:31:57 nrm/int SYNCER: Auth: another authentication, use WinInet
10:31:57 vrb/pkg Part prg_ais-5b0 is installed
10:31:57 vrb/pkg Part vps_win32-12071700 is installed
10:31:58 vrb/pkg Part setup_ais-5b0 is installed
10:31:58 vrb/pkg Part jrog-a7 is installed
10:31:58 vrb/pkg Part jrog2-559 is installed
10:31:58 min/gen Old version: 5b0 (1456)
10:32:00 vrb/fil skipped CPackageEngine_File::SetExistingFilesBitmap
10:32:00 min/gen GUID: a0469928-e95f-4475-8cca-40358391a522
10:32:00 vrb/gen Entering:UpdateInstallPackages
10:32:00 vrb/pkg LoadPartInfo: jrog = jrog-a7 returned 00000000
10:32:00 vrb/pkg LoadPartInfo: jrog2 = jrog2-559 returned 00000000
10:32:00 vrb/pkg LoadPartInfo: program = prg_ais-5b0 returned 00000000
10:32:00 vrb/pkg LoadPartInfo: setup = setup_ais-5b0 returned 00000000
10:32:00 vrb/pkg LoadPartInfo: vps = vps_win32-12071700 returned 00000000
10:32:02 vrb/pkg ArePartsInstallable: 1
10:32:02 min/pkg vps version 12071700
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\Sf.bin (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\Sf.bin
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\Sf1.bin (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\Sf1.bin
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\dllcc.dat (2)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\dllcc.dat
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\ArPot.dll (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\ArPot.dll
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswAR.dll (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswAR.dll
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswBoot.dll (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswBoot.dll
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswCleanerDLL.dll (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswCleanerDLL.dll
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswCmnBS.dll (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswCmnBS.dll
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswCmnIS.dll (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswCmnIS.dll
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswCmnOS.dll (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswCmnOS.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswEngin.dll (4)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswEngin.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswFiDb.dll (4)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswFiDb.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswRawFS.dll (4)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswRawFS.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswRep.dll (4)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswRep.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswScan.dll (4)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswScan.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\exts.dll (4)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\exts.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\fwAux.dll (4)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\fwAux.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\uiext.dll (4)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\uiext.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\list_d.txt (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\list_d.txt
10:32:03 min/pkg vps: ExtractFilesFromPackage(vps_win32-86d.vpx) returned 0x00000000
10:32:03 min/pkg vps: OpenPackage(C:\Programme\Alwil Software\Avast5\Setup\vps_32-859.vpx) returned 0x00000000, files: 44
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\whitelist.db (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\whitelist.db
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_dex.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_dex.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_dyna.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_dyna.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_el.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_el.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_elf.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_elf.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_elfa.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_elfa.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_evope.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_evope.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_java.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_java.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_js.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_js.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_mx4.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_mx4.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_mx95.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_mx95.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_o7.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_o7.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_ob2.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_ob2.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_pe2.dat (2)
10:32:06 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_pe2.dat
10:32:06 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_pe3.dat (2)
10:32:06 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_pe3.dat
10:32:06 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_swf.dat (2)
10:32:06 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_swf.dat
10:32:06 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_tx.dat (2)
10:32:06 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_tx.dat
10:32:06 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_u.dat (2)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_u.dat
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_w6.dat (2)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_w6.dat
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_wh2.dat (2)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_wh2.dat
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\sc_dst.dat (2)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\sc_dst.dat
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\sc_src.dat (2)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\sc_src.dat
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\algo.dll (4)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\algo.dll
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\def.ini (2)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\def.ini
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\certs.map (2)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\certs.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_dex.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_dex.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_dyna.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_dyna.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_elf.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_elf.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_elfa.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_elfa.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_java.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_java.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_js.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_js.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_mx4.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_mx4.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_mx95.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_mx95.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_o7.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_o7.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_swf.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_swf.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_w6.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_w6.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_xtn.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_xtn.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\list_i.txt (2)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\list_i.txt
10:32:07 min/pkg vps: preparePool C:\Programme\Alwil Software\Avast5\defs\12071700\l_idx.map, ok
10:32:07 min/pkg vps: preparePool C:\Programme\Alwil Software\Avast5\defs\12071700\s_idx.map, ok
10:32:07 min/pkg vps: preparePool C:\Programme\Alwil Software\Avast5\defs\12071700\sl_idx.map, ok
10:32:09 min/pkg vps: Create file C:\Programme\Alwil Software\Avast5\defs\12071700\lshe3.map, ok
10:32:09 min/pkg vps: Create file C:\Programme\Alwil Software\Avast5\defs\12071700\acshort.map, ok
10:32:09 min/pkg vps: event 0x0004002A set
10:32:09 min/sys GUI DLL not loaded but "installOffer" function executed.
10:32:09 vrb/gen Offer installed, 0x00000002
10:32:11 nrm/pkg Transferred: files 0, bytes 0, time 0 ms
10:32:11 nrm/pkg Retries: total 0, files 0, servers 0
10:32:11 vrb/fil NeedReboot=false
10:32:11 min/gen Return code: 0x20000000 [Something done]
10:32:11 min/gen Stopped: 17.07.2012, 10:32:11

11:44:39 min/gen Started: 17.07.2012, 11:44:39
11:44:39 vrb/gen Operation set to INST_OP_UNKNOWN
11:44:39 min/gen Old version: 5b0 (1456)
11:44:40 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
11:44:40 min/gen Running SETUP_AIS-5b0 (1456)
11:44:40 nrm/sys Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
11:44:40 nrm/sys Memory: 41% load. Phys:1230628/2095532K free, Page:3387904/4032888K free, Virt:2050648/2097024K free
11:44:40 vrb/sys Computer WinName: PALME
11:44:40 min/sys Windows Net User: NT-AUTORITÄT\SYSTEM
11:44:40 min/gen Cmdline: /checkupdate /verysilent
11:44:40 vrb/gen DldSrc set to inet
11:44:40 vrb/gen Operation set to INST_OP_CHECK_UPDATE
11:44:40 min/gen Old version: 5b0 (1456)
11:44:40 vrb/reg Deleted registry: Software\AVAST Software\Avast\UpdateReady
11:44:40 nrm/sys Using temp: C:\WINDOWS\TEMP\_asw_aisI.tm~a03508 (43613M free)
11:44:40 nrm/gen SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
11:44:40 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
11:44:40 vrb/sys Computer DnsName: Palme
11:44:40 vrb/sys Computer Ip Addr: 192.168.178.20
11:44:40 nrm/sys Installed in: C:\Programme\Alwil Software\Avast5 (43613M free)
11:44:40 vrb/gen LoadState: Edition=1
11:44:41 nrm/int SYNCER: Type: use IE settings
11:44:41 nrm/int SYNCER: Auth: another authentication, use WinInet
11:44:41 vrb/pkg Part prg_ais-5b0 is installed
11:44:41 vrb/pkg Part vps_win32-12071700 is installed
11:44:41 vrb/pkg Part setup_ais-5b0 is installed
11:44:41 vrb/pkg Part jrog-a7 is installed
11:44:41 vrb/pkg Part jrog2-559 is installed
11:44:41 min/gen Old version: 5b0 (1456)
11:45:13 vrb/fil SetExistingFilesBitmap: 1095->373->368
11:45:13 min/gen GUID: a0469928-e95f-4475-8cca-40358391a522
11:45:13 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
11:45:13 nrm/gen SelectCurrent: selected server 'Download324 AVAST5 Server' from 'main'
11:45:13 nrm/int SYNCER: Type: use IE settings
11:45:13 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:13 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:13 nrm/gen InvalidateCurrent: invalidated server 'Download324 AVAST5 Server' from 'main'
11:45:13 nrm/gen SelectCurrent: selected server 'Download328 AVAST5 Server' from 'main'
11:45:13 nrm/int SYNCER: Type: use IE settings
11:45:13 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:13 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:13 nrm/gen InvalidateCurrent: invalidated server 'Download328 AVAST5 Server' from 'main'
11:45:13 nrm/gen SelectCurrent: selected server 'Download339 AVAST5 Server' from 'main'
11:45:13 nrm/int SYNCER: Type: use IE settings
11:45:13 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:16 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:16 nrm/gen InvalidateCurrent: invalidated server 'Download339 AVAST5 Server' from 'main'
11:45:16 nrm/gen SelectCurrent: selected server 'Download718 AVAST5 Server' from 'main'
11:45:16 nrm/int SYNCER: Type: use IE settings
11:45:16 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:18 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:18 nrm/gen InvalidateCurrent: invalidated server 'Download718 AVAST5 Server' from 'main'
11:45:18 nrm/gen SelectCurrent: selected server 'Download981 AVAST5 Server' from 'main'
11:45:18 nrm/int SYNCER: Type: use IE settings
11:45:18 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:20 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:20 nrm/gen InvalidateCurrent: invalidated server 'Download981 AVAST5 Server' from 'main'
11:45:20 nrm/gen SelectCurrent: selected server 'Download320 AVAST5 Server' from 'main'
11:45:20 nrm/int SYNCER: Type: use IE settings
11:45:20 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:22 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:22 nrm/gen InvalidateCurrent: invalidated server 'Download320 AVAST5 Server' from 'main'
11:45:22 nrm/gen SelectCurrent: selected server 'Download376 AVAST5 Server' from 'main'
11:45:22 nrm/int SYNCER: Type: use IE settings
11:45:22 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:24 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:24 nrm/gen InvalidateCurrent: invalidated server 'Download376 AVAST5 Server' from 'main'
11:45:24 nrm/gen SelectCurrent: selected server 'Download336 AVAST5 Server' from 'main'
11:45:24 nrm/int SYNCER: Type: use IE settings
11:45:24 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:26 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:26 nrm/gen InvalidateCurrent: invalidated server 'Download336 AVAST5 Server' from 'main'
11:45:26 nrm/gen SelectCurrent: selected server 'Download379 AVAST5 Server' from 'main'
11:45:26 nrm/int SYNCER: Type: use IE settings
11:45:26 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:28 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:28 nrm/gen InvalidateCurrent: invalidated server 'Download379 AVAST5 Server' from 'main'
11:45:28 nrm/gen SelectCurrent: selected server 'Download119 AVAST5 Server' from 'main'
11:45:28 nrm/int SYNCER: Type: use IE settings
11:45:28 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:30 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:30 nrm/gen InvalidateCurrent: invalidated server 'Download119 AVAST5 Server' from 'main'
11:45:30 nrm/gen SelectCurrent: selected server 'Download368 AVAST5 Server' from 'main'
11:45:30 nrm/int SYNCER: Type: use IE settings
11:45:30 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:32 min/int tried 10 servers to get file 'servers.def.vpx', but failed (0x20000004)
11:45:32 min/fil servers.def.vpx not changed, 1342165328
11:45:32 min/pkg Download servers.def, servers.def.vpx failed with error 0x20000004.
11:45:32 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EFD (12029)
11:45:32 nrm/gen InvalidateCurrent: invalidated server 'Download368 AVAST5 Server' from 'main'
11:45:32 nrm/gen SelectCurrent: selected server 'Download970 AVAST5 Server' from 'main'
11:45:32 nrm/int SYNCER: Type: use IE settings
11:45:32 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:32 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:32 nrm/gen InvalidateCurrent: invalidated server 'Download970 AVAST5 Server' from 'main'
11:45:32 nrm/gen SelectCurrent: selected server 'Download955 AVAST5 Server' from 'main'
11:45:32 nrm/int SYNCER: Type: use IE settings
11:45:32 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:34 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:34 nrm/gen InvalidateCurrent: invalidated server 'Download955 AVAST5 Server' from 'main'
11:45:34 nrm/gen SelectCurrent: selected server 'Download341 AVAST5 Server' from 'main'
11:45:34 nrm/int SYNCER: Type: use IE settings
11:45:34 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:36 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EFD (12029)
11:45:36 nrm/gen InvalidateCurrent: invalidated server 'Download341 AVAST5 Server' from 'main'
11:45:36 nrm/gen SelectCurrent: selected server 'Download366 AVAST5 Server' from 'main'
11:45:36 nrm/int SYNCER: Type: use IE settings
11:45:36 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:39 nrm/int Used server: hxxp://download366.avast.com/iavs5x
11:45:39 min/fil GetFileWithRetry: servers.def downloaded .
11:45:39 min/fil servers.def not changed, 1342165328
11:45:39 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
11:45:39 nrm/gen SelectCurrent: selected server 'Download772 AVAST5 Server' from 'main'
11:45:39 nrm/int SYNCER: Type: use IE settings
11:45:39 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:39 nrm/int Used server: hxxp://download772.avast.com/iavs5x
11:45:39 min/fil GetFileWithRetry: prod-ais.vpx downloaded .
11:45:39 min/fil prod-ais.vpx not changed, 1342513013
11:45:39 vrb/pkg LoadPartInfo: jrog = jrog-a7 returned 00000000
11:45:39 vrb/pkg LoadPartInfo: jrog2 = jrog2-559 returned 00000000
11:45:39 vrb/pkg LoadPartInfo: program = prg_ais-5b0 returned 00000000
11:45:39 vrb/pkg LoadPartInfo: setup = setup_ais-5b0 returned 00000000
11:45:39 vrb/pkg LoadPartInfo: vps = vps_win32-12071700 returned 00000000
11:45:39 vrb/reg Set registry: Software\AVAST Software\Avast\DataFolder=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software\Avast5
11:45:39 vrb/reg Set registry: Software\AVAST Software\Avast\Version=7.0
11:45:39 vrb/reg Set registry: Software\AVAST Software\Avast\VersionShort=7.0
11:45:39 vrb/reg Set registry: Software\AVAST Software\Avast\SetupVersion=1456
11:45:39 vrb/reg Set registry: Software\AVAST Software\Avast\ProgramFolder=C:\Programme\Alwil Software\Avast5
11:45:39 vrb/reg Set registry: Software\AVAST Software\Avast\Product=ais
11:45:40 nrm/pkg Transferred: files 16, bytes 0, time 1862 ms
11:45:40 nrm/pkg Retries: total 14, files 2, servers 16
11:45:40 vrb/fil NeedReboot=false
11:45:40 min/gen Return code: 0x20000001 [Nothing done]
11:45:40 min/gen Stopped: 17.07.2012, 11:45:40

13:45:14 min/gen Started: 17.07.2012, 13:45:14
13:45:14 vrb/gen Operation set to INST_OP_UNKNOWN
13:45:14 min/gen Old version: 5b0 (1456)
13:45:14 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
13:45:14 min/gen Running SETUP_AIS-5b0 (1456)
13:45:14 nrm/sys Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
13:45:14 nrm/sys Memory: 34% load. Phys:1364232/2095532K free, Page:3524256/4032888K free, Virt:2050648/2097024K free
13:45:14 vrb/sys Computer WinName: PALME
13:45:14 min/sys Windows Net User: NT-AUTORITÄT\SYSTEM
13:45:19 min/gen Cmdline: /checkupdate /verysilent
13:45:19 vrb/gen DldSrc set to inet
13:45:19 vrb/gen Operation set to INST_OP_CHECK_UPDATE
13:45:19 min/gen Old version: 5b0 (1456)
13:45:19 vrb/reg Deleted registry: Software\AVAST Software\Avast\UpdateReady
13:45:19 nrm/sys Using temp: C:\WINDOWS\TEMP\_asw_aisI.tm~a02468 (43613M free)
13:45:19 nrm/gen SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
13:45:19 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
13:45:22 vrb/sys Computer DnsName: Palme
13:45:22 vrb/sys Computer Ip Addr: 192.168.178.20
13:45:22 nrm/sys Installed in: C:\Programme\Alwil Software\Avast5 (43613M free)
13:45:22 vrb/gen LoadState: Edition=1
13:45:22 nrm/int SYNCER: Type: use IE settings
13:45:22 nrm/int SYNCER: Auth: another authentication, use WinInet
13:45:23 vrb/pkg Part prg_ais-5b0 is installed
13:45:23 vrb/pkg Part vps_win32-12071700 is installed
13:45:23 vrb/pkg Part setup_ais-5b0 is installed
13:45:23 vrb/pkg Part jrog-a7 is installed
13:45:23 vrb/pkg Part jrog2-559 is installed
13:45:23 min/gen Old version: 5b0 (1456)
13:46:18 vrb/fil SetExistingFilesBitmap: 1095->373->368
13:46:18 min/gen GUID: a0469928-e95f-4475-8cca-40358391a522
13:46:18 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
13:46:18 nrm/gen SelectCurrent: selected server 'Download341 AVAST5 Server' from 'main'
13:46:18 nrm/int SYNCER: Type: use IE settings
13:46:18 nrm/int SYNCER: Auth: another authentication, use WinInet
13:46:19 nrm/int Used server: hxxp://82.192.95.91/iavs5x
13:46:19 min/fil GetFileWithRetry: servers.def.vpx downloaded .
13:46:19 min/fil servers.def.vpx not changed, 1342165328
13:46:19 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
13:46:19 nrm/gen SelectCurrent: selected server 'Download119 AVAST5 Server' from 'main'
13:46:19 nrm/int SYNCER: Type: use IE settings
13:46:19 nrm/int SYNCER: Auth: another authentication, use WinInet
13:46:20 nrm/int Used server: hxxp://download119.avast.com/iavs5x
13:46:20 min/fil GetFileWithRetry: prod-ais.vpx downloaded .
13:46:20 min/fil prod-ais.vpx not changed, 1342513013
13:46:20 vrb/pkg LoadPartInfo: jrog = jrog-a7 returned 00000000
13:46:20 vrb/pkg LoadPartInfo: jrog2 = jrog2-559 returned 00000000
13:46:20 vrb/pkg LoadPartInfo: program = prg_ais-5b0 returned 00000000
13:46:20 vrb/pkg LoadPartInfo: setup = setup_ais-5b0 returned 00000000
13:46:20 vrb/pkg LoadPartInfo: vps = vps_win32-12071700 returned 00000000
13:46:20 vrb/reg Set registry: Software\AVAST Software\Avast\DataFolder=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software\Avast5
13:46:20 vrb/reg Set registry: Software\AVAST Software\Avast\Version=7.0
13:46:20 vrb/reg Set registry: Software\AVAST Software\Avast\VersionShort=7.0
13:46:20 vrb/reg Set registry: Software\AVAST Software\Avast\SetupVersion=1456
13:46:20 vrb/reg Set registry: Software\AVAST Software\Avast\ProgramFolder=C:\Programme\Alwil Software\Avast5
13:46:20 vrb/reg Set registry: Software\AVAST Software\Avast\Product=ais
13:46:22 nrm/pkg Transferred: files 2, bytes 0, time 1312 ms
13:46:22 nrm/pkg Retries: total 0, files 0, servers 2
13:46:22 vrb/fil NeedReboot=false
13:46:22 min/gen Return code: 0x20000001 [Nothing done]
13:46:22 min/gen Stopped: 17.07.2012, 13:46:22

17:47:50 min/gen Started: 17.07.2012, 17:47:50
17:47:50 vrb/gen Operation set to INST_OP_UNKNOWN
17:47:50 min/gen Old version: 5b0 (1456)
17:47:50 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
17:47:50 min/gen Running SETUP_AIS-5b0 (1456)
17:47:50 nrm/sys Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
17:47:50 nrm/sys Memory: 69% load. Phys:630708/2095532K free, Page:2741040/4032888K free, Virt:2050648/2097024K free
17:47:50 vrb/sys Computer WinName: PALME
17:47:50 min/sys Windows Net User: NT-AUTORITÄT\SYSTEM
17:47:50 min/gen Cmdline: /checkupdate /verysilent
17:47:50 vrb/gen DldSrc set to inet
17:47:50 vrb/gen Operation set to INST_OP_CHECK_UPDATE
17:47:50 min/gen Old version: 5b0 (1456)
17:47:50 vrb/reg Deleted registry: Software\AVAST Software\Avast\UpdateReady
17:47:50 nrm/sys Using temp: C:\WINDOWS\TEMP\_asw_aisI.tm~a04012 (43514M free)
17:47:50 nrm/gen SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
17:47:50 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
17:47:50 vrb/sys Computer DnsName: Palme
17:47:50 vrb/sys Computer Ip Addr: 192.168.178.20
17:47:50 nrm/sys Installed in: C:\Programme\Alwil Software\Avast5 (43514M free)
17:47:50 vrb/gen LoadState: Edition=1
17:47:50 nrm/int SYNCER: Type: use IE settings
17:47:50 nrm/int SYNCER: Auth: another authentication, use WinInet
17:47:50 vrb/pkg Part prg_ais-5b0 is installed
17:47:50 vrb/pkg Part vps_win32-12071700 is installed
17:47:50 vrb/pkg Part setup_ais-5b0 is installed
17:47:50 vrb/pkg Part jrog-a7 is installed
17:47:50 vrb/pkg Part jrog2-559 is installed
17:47:50 min/gen Old version: 5b0 (1456)
17:47:54 vrb/fil SetExistingFilesBitmap: 1095->373->368
17:47:54 min/gen GUID: a0469928-e95f-4475-8cca-40358391a522
17:47:55 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
17:47:55 nrm/gen SelectCurrent: selected server 'Download120 AVAST5 Server' from 'main'
17:47:55 nrm/int SYNCER: Type: use IE settings
17:47:55 nrm/int SYNCER: Auth: another authentication, use WinInet
17:47:55 nrm/int Used server: hxxp://77.234.43.39/iavs5x
17:47:55 min/fil GetFileWithRetry: servers.def.vpx downloaded .
17:47:55 min/fil servers.def.vpx not changed, 1342165328
17:47:55 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
17:47:56 nrm/gen SelectCurrent: selected server 'Download317 AVAST5 Server' from 'main'
17:47:56 nrm/int SYNCER: Type: use IE settings
17:47:56 nrm/int SYNCER: Auth: another authentication, use WinInet
17:47:56 nrm/int Used server: hxxp://download317.avast.com/iavs5x
17:47:56 min/fil GetFileWithRetry: prod-ais.vpx downloaded .
17:47:56 min/fil prod-ais.vpx not changed, 1342513013
17:47:56 vrb/pkg LoadPartInfo: jrog = jrog-a7 returned 00000000
17:47:56 vrb/pkg LoadPartInfo: jrog2 = jrog2-559 returned 00000000
17:47:56 vrb/pkg LoadPartInfo: program = prg_ais-5b0 returned 00000000
17:47:56 vrb/pkg LoadPartInfo: setup = setup_ais-5b0 returned 00000000
17:47:56 vrb/pkg LoadPartInfo: vps = vps_win32-12071700 returned 00000000
17:47:56 vrb/reg Set registry: Software\AVAST Software\Avast\DataFolder=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software\Avast5
17:47:56 vrb/reg Set registry: Software\AVAST Software\Avast\Version=7.0
17:47:56 vrb/reg Set registry: Software\AVAST Software\Avast\VersionShort=7.0
17:47:56 vrb/reg Set registry: Software\AVAST Software\Avast\SetupVersion=1456
17:47:56 vrb/reg Set registry: Software\AVAST Software\Avast\ProgramFolder=C:\Programme\Alwil Software\Avast5
17:47:56 vrb/reg Set registry: Software\AVAST Software\Avast\Product=ais
17:47:56 nrm/pkg Transferred: files 2, bytes 0, time 1265 ms
17:47:56 nrm/pkg Retries: total 0, files 0, servers 2
17:47:56 vrb/fil NeedReboot=false
17:47:56 min/gen Return code: 0x20000001 [Nothing done]
17:47:56 min/gen Stopped: 17.07.2012, 17:47:56

Zitat:

aswAr1.log avast! Antirootkit, version 1.0 [Quick]
Scan started: Dienstag, 17. Juli 2012 14:30:29

Process [0]
Process [4]
Process C:\WINDOWS\system32\smss.exe [600]
Process C:\WINDOWS\system32\csrss.exe [1016]
Process C:\WINDOWS\system32\winlogon.exe [1120]
Process C:\WINDOWS\system32\services.exe [1180]
Process C:\WINDOWS\system32\lsass.exe [1200]
Process C:\WINDOWS\system32\ati2evxx.exe [1380]
Process C:\WINDOWS\system32\svchost.exe [1400]
Process C:\WINDOWS\system32\svchost.exe [1472]
Process C:\WINDOWS\system32\svchost.exe [1520]
Process C:\Programme\Alwil Software\Avast5\AvastSvc.exe [1860]
Process C:\WINDOWS\system32\ati2evxx.exe [1900]
Process C:\WINDOWS\system32\spoolsv.exe [1992]
Process C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe [308]
Process C:\Programme\SUPERAntiSpyware\SASCORE.EXE [360]
Process C:\WINDOWS\Explorer.exe [592]
Process C:\Programme\FolderSize\FolderSizeSvc.exe [940]
Process C:\WINDOWS\system32\svchost.exe [672]
Process C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [732]
Process C:\WINDOWS\system32\poweroff.exe [828]
Process C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [972]
Process C:\Programme\ThreatFire\TFTray.exe [1196]
Process C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVComS.exe [1572]
Process C:\Programme\Logitech\Gaming Software\LWEMon.exe [1880]
Process C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe [1924]
Process C:\Programme\Medion Info Display\MdionLCM.exe [1248]
Process C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [1952]
Process C:\WINDOWS\RTHDCPL.EXE [1964]
Process C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [1972]
Process C:\Programme\Microsoft IntelliPoint\ipoint.exe [2024]
Process C:\Programme\Spybot - Search & Destroy 2\SDTray.exe [2044]
Process C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [1956]
Process C:\Programme\RocketDock\RocketDock.exe [236]
Process C:\Programme\Secunia\PSI\psi_tray.exe [1408]
Process C:\Programme\Secunia\PSI\psia.exe [1800]
Process C:\WINDOWS\system32\tcpsvcs.exe [2168]
Process C:\WINDOWS\system32\snmp.exe [2196]
Process C:\Programme\ThreatFire\TFService.exe [2212]
Process C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2436]
Process C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [2816]
Process C:\WINDOWS\system32\wbem\wmiapsrv.exe [4068]
Process C:\WINDOWS\system32\alg.exe [2656]
Process C:\WINDOWS\ALCFDRTM.EXE [4048]
Process C:\Programme\Secunia\PSI\sua.exe [2412]
Process C:\Programme\Mozilla Firefox\firefox.exe [3228]
Process C:\Programme\Alwil Software\Avast5\AvastUI.exe [2908]
Process C:\WINDOWS\system32\svchost.exe [3368]
Process C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [1632]
Process C:\WINDOWS\notepad.exe [3216]
Disk 0 MBR
File C:\WINDOWS\$hf_mig$
File C:\WINDOWS\$hf_mig$\KB2229593...File C:\WINDOWS\WinSxS
....

\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_de_78e7f208
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_de_78e7f208\rtcres.dll
File C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
File C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
File C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
File C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492
File C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
File C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
File C:\WINDOWS\wiso.ini
File C:\WINDOWS\WMPrfDeu.prx
File C:\WINDOWS\WMSysPr9.prx
File C:\WINDOWS\x2.64.exe
File C:\WINDOWS\zip.exe
File C:\WINDOWS\_default.pif
File C:\WINDOWS\_delis32.ini
Service !SASCORE [C:\Programme\SUPERAntiSpyware\SASCORE.EXE]
Service .NET CLR Data [???]
Service .NET CLR Networking [???]
Service .NET CLR Networking 4.0.0.0 [???]
Service .NET Data Provider for Oracle [???]
Service .NET Data Provider for SqlServer [???]
Service .NET Memory Cache 4.0 [???]
Service .NETFramework [???]
Service 3xHybrid [C:\WINDOWS\system32\DRIVERS\3xHybrid.sys]
Service 6to4 [C:\WINDOWS\System32\6to4svc.dll]
Service Aavmker4 [C:\WINDOWS\System32\Drivers\Aavmker4.sys]
Service Abiosdsk [C:\WINDOWS\System32\Drivers\Abiosdsk.sys]
Service abp480n5 [C:\WINDOWS\System32\Drivers\abp480n5.sys]
Service ACPI [C:\WINDOWS\system32\DRIVERS\ACPI.sys]
Service ACPIEC [C:\WINDOWS\System32\Drivers\ACPIEC.sys]
Service adpu160m [C:\WINDOWS\System32\Drivers\adpu160m.sys]
Service aec [C:\WINDOWS\system32\drivers\aec.sys]
Service AegisP [C:\WINDOWS\system32\DRIVERS\AegisP.sys]
Service AFD [C:\WINDOWS\System32\drivers\afd.sys]
Service AgereSoftModem [C:\WINDOWS\system32\DRIVERS\AGRSM.sys]
Service Aha154x [C:\WINDOWS\System32\Drivers\Aha154x.sys]
Service aic78u2 [C:\WINDOWS\System32\Drivers\aic78u2.sys]
Service aic78xx [C:\WINDOWS\System32\Drivers\aic78xx.sys]
Service Alerter [C:\WINDOWS\system32\alrsvc.dll]
Service ALG [C:\WINDOWS\System32\alg.exe]
Service AliIde [C:\WINDOWS\System32\Drivers\AliIde.sys]
Service Ambfilt [C:\WINDOWS\system32\drivers\Ambfilt.sys]
Service Amps2prt [C:\WINDOWS\system32\DRIVERS\Amps2prt.sys]
Service amsint [C:\WINDOWS\System32\Drivers\amsint.sys]
Service AppMgmt [C:\WINDOWS\System32\appmgmts.dll]
Service Arp1394 [C:\WINDOWS\system32\DRIVERS\arp1394.sys]
Service asc [C:\WINDOWS\System32\Drivers\asc.sys]
Service asc3350p [C:\WINDOWS\System32\Drivers\asc3350p.sys]
Service asc3550 [C:\WINDOWS\System32\Drivers\asc3550.sys]
Service ASP.NET [???]
Service ASP.NET_1.1.4322 [???]
Service ASP.NET_2.0.50727 [???]
Service ASP.NET_4.0.30319 [???]
Service aspnet_state [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe]
Service aswFsBlk [C:\WINDOWS\System32\Drivers\aswFsBlk.sys]
Service aswMon2 [C:\WINDOWS\System32\Drivers\aswMon2.sys]
Service aswRdr [C:\WINDOWS\System32\Drivers\aswRdr.sys]
Service aswSnx [C:\WINDOWS\System32\Drivers\aswSnx.sys]
Service aswSP [C:\WINDOWS\System32\Drivers\aswSP.sys]
Service aswTdi [C:\WINDOWS\System32\Drivers\aswTdi.sys]
Service AsyncMac [C:\WINDOWS\system32\DRIVERS\asyncmac.sys]
Service atapi [C:\WINDOWS\system32\DRIVERS\atapi.sys]
Service Atdisk [C:\WINDOWS\System32\Drivers\Atdisk.sys]
Service Ati HotKey Poller [C:\WINDOWS\system32\Ati2evxx.exe]
Service ati2mtag [C:\WINDOWS\system32\DRIVERS\ati2mtag.sys]
Service Atierecord [???]
Service AtiHDAudioService [C:\WINDOWS\system32\drivers\AtihdXP3.sys]
Service ATITool [C:\WINDOWS\system32\DRIVERS\ATITool.sys]
Service Atmarpc [C:\WINDOWS\system32\DRIVERS\atmarpc.sys]
Service ATSWPDRV [C:\WINDOWS\System32\Drivers\ATSwpDrv.sys]
Service AudioSrv [C:\WINDOWS\System32\audiosrv.dll]
Service audstub [C:\WINDOWS\system32\DRIVERS\audstub.sys]
Service avast! Antivirus [C:\Programme\Alwil Software\Avast5\AvastSvc.exe]
Service BattC [???]
Service Beep [C:\WINDOWS\System32\Drivers\Beep.sys]
Service BITS [C:\WINDOWS\system32\qmgr.dll]
Service Browser [C:\WINDOWS\System32\browser.dll]
Service Busmouse [???]
Service catchme [C:\DOKUME~1\Roman\LOKALE~1\Temp\catchme.sys]
Service cbidf2k [C:\WINDOWS\System32\Drivers\cbidf2k.sys]
Service CCDECODE [C:\WINDOWS\system32\DRIVERS\CCDECODE.sys]
Service cd20xrnt [C:\WINDOWS\System32\Drivers\cd20xrnt.sys]
Service Cdaudio [C:\WINDOWS\System32\Drivers\Cdaudio.sys]
Service Cdfs [C:\WINDOWS\System32\Drivers\Cdfs.sys]
Service Cdrom [C:\WINDOWS\system32\DRIVERS\cdrom.sys]
Service Changer [C:\WINDOWS\System32\Drivers\Changer.sys]
Service CiSvc [C:\WINDOWS\system32\cisvc.exe]
Service Class [???]
Service CLCapSvc [C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe]
Service ClipSrv [C:\WINDOWS\system32\clipsrv.exe]
Service clr_optimization_v2.0.50727_32 [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe]
Service clr_optimization_v4.0.30319_32 [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe]
Service CLSched [C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe]
Service CmdIde [C:\WINDOWS\System32\Drivers\CmdIde.sys]
Service CMISTOR [C:\WINDOWS\system32\DRIVERS\cmiucr.SYS]
Service COMSysApp [C:\WINDOWS\system32\dllhost.exe]
Service ContentFilter [???]
Service ContentIndex [???]
Service Cpqarray [C:\WINDOWS\System32\Drivers\Cpqarray.sys]
Service CryptSvc [C:\WINDOWS\System32\cryptsvc.dll]
Service CrystalSysInfo [C:\Programme\MediaCoder\SysInfo.sys]
Service CyberLink Media Library Service [C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe]
Service dac2w2k [C:\WINDOWS\System32\Drivers\dac2w2k.sys]
Service dac960nt [C:\WINDOWS\System32\Drivers\dac960nt.sys]
Service DcomLaunch [C:\WINDOWS\system32\svchost]
Service DgiVecp [C:\WINDOWS\system32\Drivers\DgiVecp.sys]
Service Dhcp [C:\WINDOWS\System32\dhcpcsvc.dll]
Service dhdxyi [C:\WINDOWS\System32\Drivers\dhdxyi.sys]
Service Disk [C:\WINDOWS\system32\DRIVERS\disk.sys]
Service dmadmin [C:\WINDOWS\System32\dmadmin.exe]
Service dmboot [C:\WINDOWS\System32\drivers\dmboot.sys]
Service dmio [C:\WINDOWS\System32\drivers\dmio.sys]
Service dmload [C:\WINDOWS\System32\drivers\dmload.sys]
Service dmserver [C:\WINDOWS\System32\dmserver.dll]
Service DMusic [C:\WINDOWS\system32\drivers\DMusic.sys]
Service Dnscache [C:\WINDOWS\System32\dnsrslvr.dll]
Service Dokan [C:\WINDOWS\system32\drivers\dokan.sys]
Service DokanMounter [C:\Programme\Dokan\DokanLibrary\mounter.exe]
Service dpti2o [C:\WINDOWS\System32\Drivers\dpti2o.sys]
Service DragonUpdater [C:\Programme\Comodo\Dragon\dragon_updater.exe]
Service drmkaud [C:\WINDOWS\system32\drivers\drmkaud.sys]
Service dsltestSp5 [C:\WINDOWS\System32\Drivers\dsltestSp5.sys]
Service ERSvc [C:\WINDOWS\System32\ersvc.dll]
Service Eventlog [C:\WINDOWS\system32\services.exe]
Service EventSystem [C:\WINDOWS\system32\es.dll]
Service Fastfat [C:\WINDOWS\System32\Drivers\Fastfat.sys]
Service FastUserSwitchingCompatibility [C:\WINDOWS\System32\shsvcs.dll]
Service Fdc [C:\WINDOWS\system32\DRIVERS\fdc.sys]
Service Fips [C:\WINDOWS\System32\Drivers\Fips.sys]
Service Flpydisk [C:\WINDOWS\System32\Drivers\Flpydisk.sys]
Service FltMgr [C:\WINDOWS\system32\DRIVERS\fltMgr.sys]
Service FolderSize [C:\Programme\FolderSize\FolderSizeSvc.exe]
Service FontCache3.0.0.0 [C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe]
Service FsUsbExDisk [C:\WINDOWS\system32\FsUsbExDisk.SYS]
Service FsUsbExService [C:\WINDOWS\system32\FsUsbExService.Exe]
Service Fs_Rec [C:\WINDOWS\System32\Drivers\Fs_Rec.sys]
Service Ftdisk [C:\WINDOWS\system32\DRIVERS\ftdisk.sys]
Service GEARAspiWDM [C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys]
Service giveio [C:\WINDOWS\system32\giveio.sys]
Service Gpc [C:\WINDOWS\system32\DRIVERS\msgpc.sys]
Service HDAudBus [C:\WINDOWS\system32\DRIVERS\HDAudBus.sys]
Service HDPrfDrv [C:\WINDOWS\system32\HDPrfDrv-1.sys]
Service helpsvc [C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll]
Service HidServ [C:\WINDOWS\System32\hidserv.dll]
Service HidUsb [C:\WINDOWS\system32\DRIVERS\hidusb.sys]
Service hpn [C:\WINDOWS\System32\Drivers\hpn.sys]
Service HTTP [C:\WINDOWS\System32\Drivers\HTTP.sys]
Service HTTPFilter [C:\WINDOWS\System32\w3ssl.dll]
Service i2omgmt [C:\WINDOWS\System32\Drivers\i2omgmt.sys]
Service i2omp [C:\WINDOWS\System32\Drivers\i2omp.sys]
Service i8042prt [C:\WINDOWS\system32\DRIVERS\i8042prt.sys]
Service ICSharing [???]
Service idsvc [C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe]
Service Imapi [C:\WINDOWS\system32\DRIVERS\imapi.sys]
Service ImapiService [C:\WINDOWS\system32\imapi.exe]
Service inetaccs [???]
Service ini910u [C:\WINDOWS\System32\Drivers\ini910u.sys]
Service Inport [???]
Service IntcAzAudAddService [C:\WINDOWS\system32\drivers\RtkHDAud.sys]
Service IntelIde [C:\WINDOWS\System32\Drivers\IntelIde.sys]
Service intelppm [C:\WINDOWS\system32\DRIVERS\intelppm.sys]
Service Ip6Fw [C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys]
Service IpFilterDriver [C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys]
Service IpInIp [C:\WINDOWS\system32\DRIVERS\ipinip.sys]
Service IpNat [C:\WINDOWS\system32\DRIVERS\ipnat.sys]
Service Iprip [C:\WINDOWS\System32\iprip.dll]
Service IPSec [C:\WINDOWS\system32\DRIVERS\ipsec.sys]
Service IRENUM [C:\WINDOWS\system32\DRIVERS\irenum.sys]
Service ISAPISearch [???]
Service isapnp [C:\WINDOWS\system32\DRIVERS\isapnp.sys]
Service JavaQuickStarterService [C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe]
Service Kbdclass [C:\WINDOWS\system32\DRIVERS\kbdclass.sys]
Service kbdhid [C:\WINDOWS\system32\DRIVERS\kbdhid.sys]
Service kmixer [C:\WINDOWS\system32\drivers\kmixer.sys]
Service KSecDD [C:\WINDOWS\System32\Drivers\KSecDD.sys]
Service lanmanserver [C:\WINDOWS\System32\srvsvc.dll]
Service lanmanworkstation [C:\WINDOWS\System32\wkssvc.dll]
Service lbrtfdc [C:\WINDOWS\System32\Drivers\lbrtfdc.sys]
Service ldap [???]
Service LicenseService [???]
Service LightScribeService [C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe]
Service LmHosts [C:\WINDOWS\System32\lmhsvc.dll]
Service MBAMSwissArmy [C:\WINDOWS\system32\drivers\mbamswissarmy.sys]
Service mbmiodrvr [C:\WINDOWS\system32\mbmiodrvr.sys]
Service Messenger [C:\WINDOWS\System32\msgsvc.dll]
Service mnmdd [C:\WINDOWS\System32\Drivers\mnmdd.sys]
Service mnmsrvc [C:\WINDOWS\system32\mnmsrvc.exe]
Service Modem [C:\WINDOWS\System32\Drivers\Modem.sys]
Service Monfilt [C:\WINDOWS\system32\drivers\Monfilt.sys]
Service Mouclass [C:\WINDOWS\system32\DRIVERS\mouclass.sys]
Service mouhid [C:\WINDOWS\system32\DRIVERS\mouhid.sys]
Service MountMgr [C:\WINDOWS\System32\Drivers\MountMgr.sys]
Service MozillaMaintenance [C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe]
Service MPE [C:\WINDOWS\system32\DRIVERS\MPE.sys]
Service mraid35x [C:\WINDOWS\System32\Drivers\mraid35x.sys]
Service MRxDAV [C:\WINDOWS\system32\DRIVERS\mrxdav.sys]
Service MRxSmb [C:\WINDOWS\system32\DRIVERS\mrxsmb.sys]
Service MSDTC [C:\WINDOWS\system32\msdtc.exe]
Service MSDTC Bridge 3.0.0.0 [???]
Service MSDTC Bridge 4.0.0.0 [???]
Service Msfs [C:\WINDOWS\System32\Drivers\Msfs.sys]
Service MSIServer [C:\WINDOWS\system32\msiexec.exe]
Service MSKSSRV [C:\WINDOWS\system32\drivers\MSKSSRV.sys]
Service MSPCLOCK [C:\WINDOWS\system32\drivers\MSPCLOCK.sys]
Service MSPQM [C:\WINDOWS\system32\drivers\MSPQM.sys]
Service mssmbios [C:\WINDOWS\system32\DRIVERS\mssmbios.sys]
Service MSTEE [C:\WINDOWS\system32\drivers\MSTEE.sys]
Service Mup [C:\WINDOWS\System32\Drivers\Mup.sys]
Service MxlW2k [C:\WINDOWS\System32\Drivers\MxlW2k.sys]
Service NABTSFEC [C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys]
Service NDIS [C:\WINDOWS\System32\Drivers\NDIS.sys]
Service NdisIP [C:\WINDOWS\system32\DRIVERS\NdisIP.sys]
Service NdisTapi [C:\WINDOWS\system32\DRIVERS\ndistapi.sys]
Service Ndisuio [C:\WINDOWS\system32\DRIVERS\ndisuio.sys]
Service NdisWan [C:\WINDOWS\system32\DRIVERS\ndiswan.sys]
Service NDProxy [C:\WINDOWS\System32\Drivers\NDProxy.sys]
Service NetBIOS [C:\WINDOWS\system32\DRIVERS\netbios.sys]
Service NetBT [C:\WINDOWS\system32\DRIVERS\netbt.sys]
Service NetDDE [C:\WINDOWS\system32\netdde.exe]
Service NetDDEdsdm [C:\WINDOWS\system32\netdde.exe]
Service Netlogon [C:\WINDOWS\system32\lsass.exe]
Service Netman [C:\WINDOWS\System32\netman.dll]
Service NetTcpPortSharing [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe]
Service NIC1394 [C:\WINDOWS\system32\DRIVERS\nic1394.sys]
Service Nla [C:\WINDOWS\System32\mswsock.dll]
Service nm [C:\WINDOWS\system32\DRIVERS\NMnt.sys]
Service Npfs [C:\WINDOWS\System32\Drivers\Npfs.sys]
Service NPPTNT2 [C:\WINDOWS\system32\npptNT2.sys]
Service Ntfs [C:\WINDOWS\System32\Drivers\Ntfs.sys]
Service NtLmSsp [C:\WINDOWS\system32\lsass.exe]
Service NtmsSvc [C:\WINDOWS\system32\ntmssvc.dll]
Service Null [C:\WINDOWS\System32\Drivers\Null.sys]
Service nv [C:\WINDOWS\system32\DRIVERS\nv4_mini.sys]
Service NVR0Dev [C:\WINDOWS\nvoclock.sys]
Service NVStrap [???]
Service NwlnkFlt [C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys]
Service NwlnkFwd [C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys]
Service ohci1394 [C:\WINDOWS\system32\DRIVERS\ohci1394.sys]
Service omniserv [C:\Programme\Softex\OmniPass\Omniserv.exe]
Service p2pgasvc [C:\WINDOWS\system32\p2pgasvc.dll]
Service p2pimsvc [C:\WINDOWS\system32\p2psvc.dll]
Service p2psvc [C:\WINDOWS\system32\p2psvc.dll]
Service P3 [???]
Service PageDefrag [???]
Service Parport [C:\WINDOWS\system32\DRIVERS\parport.sys]
Service PartMgr [C:\WINDOWS\System32\Drivers\PartMgr.sys]
Service ParVdm [C:\WINDOWS\System32\Drivers\ParVdm.sys]
Service PCI [C:\WINDOWS\system32\DRIVERS\pci.sys]
Service PCIDump [C:\WINDOWS\System32\Drivers\PCIDump.sys]
Service PCIIde [C:\WINDOWS\system32\DRIVERS\pciide.sys]
Service Pcmcia [C:\WINDOWS\System32\Drivers\Pcmcia.sys]
Service PDCOMP [C:\WINDOWS\System32\Drivers\PDCOMP.sys]
Service PDFRAME [C:\WINDOWS\System32\Drivers\PDFRAME.sys]
Service PDRELI [C:\WINDOWS\System32\Drivers\PDRELI.sys]
Service PDRFRAME [C:\WINDOWS\System32\Drivers\PDRFRAME.sys]
Service perc2 [C:\WINDOWS\System32\Drivers\perc2.sys]
Service perc2hib [C:\WINDOWS\System32\Drivers\perc2hib.sys]
Service PerfDisk [???]
Service PerfNet [???]
Service PerfOS [???]
Service PerfProc [???]
Service PlugPlay [C:\WINDOWS\system32\services.exe]
Service PNRPSvc [C:\WINDOWS\system32\p2psvc.dll]
Service Point32 [C:\WINDOWS\system32\DRIVERS\point32.sys]
Service PolicyAgent [C:\WINDOWS\system32\lsass.exe]
Service PortProxy [???]
Service PortTalk [C:\WINDOWS\system32\Drivers\PtbTalk.sys]
Service Poweroff [C:\WINDOWS\system32\poweroff.exe]
Service PptpMiniport [C:\WINDOWS\system32\DRIVERS\raspptp.sys]
Service prodrv06 [C:\WINDOWS\System32\drivers\prodrv06.sys]
Service prohlp02 [C:\WINDOWS\System32\drivers\prohlp02.sys]
Service prosync1 [C:\WINDOWS\System32\drivers\prosync1.sys]
Service ProtectedStorage [C:\WINDOWS\system32\lsass.exe]
Service PSched [C:\WINDOWS\system32\DRIVERS\psched.sys]
Service PSI [C:\WINDOWS\system32\DRIVERS\psi_mf.sys]
Service Ptilink [C:\WINDOWS\system32\DRIVERS\ptilink.sys]
Service PxHelp20 [C:\WINDOWS\System32\Drivers\PxHelp20.sys]
Service QCPro [C:\WINDOWS\system32\DRIVERS\p35u.sys]
Service ql1080 [C:\WINDOWS\System32\Drivers\ql1080.sys]
Service Ql10wnt [C:\WINDOWS\System32\Drivers\Ql10wnt.sys]
Service ql12160 [C:\WINDOWS\System32\Drivers\ql12160.sys]
Service ql1240 [C:\WINDOWS\System32\Drivers\ql1240.sys]
Service ql1280 [C:\WINDOWS\System32\Drivers\ql1280.sys]
Service RasAcd [C:\WINDOWS\system32\DRIVERS\rasacd.sys]
Service RasAuto [C:\WINDOWS\System32\rasauto.dll]
Service Rasl2tp [C:\WINDOWS\system32\DRIVERS\rasl2tp.sys]
Service RasMan [C:\WINDOWS\System32\rasmans.dll]
Service RasPppoe [C:\WINDOWS\system32\DRIVERS\raspppoe.sys]
Service Raspti [C:\WINDOWS\system32\DRIVERS\raspti.sys]
Service Rdbss [C:\WINDOWS\system32\DRIVERS\rdbss.sys]
Service RDPCDD [C:\WINDOWS\System32\DRIVERS\RDPCDD.sys]
Service RDPDD [???]
Service RDPNP [???]
Service RDPWD [C:\WINDOWS\System32\Drivers\RDPWD.sys]
Service Rdr [???]
Service RDSessMgr [C:\WINDOWS\system32\sessmgr.exe]
Service redbook [C:\WINDOWS\system32\DRIVERS\redbook.sys]
Service RemoteAccess [C:\WINDOWS\System32\mprdim.dll]
Service RemoteRegistry [???]
Service RichVideo [C:\Programme\CyberLink\Shared Files\RichVideo.exe]
Service RpcLocator [C:\WINDOWS\system32\locator.exe]
Service RpcSs [C:\WINDOWS\system32\svchost]
Service rseb [C:\WINDOWS\System32\Drivers\rseb.sys]
Service RSVP [C:\WINDOWS\system32\rsvp.exe]
Service RT2500USB [C:\WINDOWS\system32\DRIVERS\rt2500usb.sys]
Service rtl8139 [C:\WINDOWS\system32\DRIVERS\RTL8139.SYS]
Service SamSs [C:\WINDOWS\system32\lsass.exe]
Service SASDIFSV [C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS]
Service SASKUTIL [C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS]
Service SCardDrv [???]
Service SCardSvr [C:\WINDOWS\System32\SCardSvr.exe]
Service Schedule [C:\WINDOWS\system32\schedsvc.dll]
Service ScsiPort [???]
Service SDScannerService [C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe]
Service SDUpdateService [C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe]
Service Secdrv [C:\WINDOWS\system32\DRIVERS\secdrv.sys]
Service seclogon [C:\WINDOWS\System32\seclogon.dll]
Service Secunia PSI Agent [C:\Programme\Secunia\PSI\PSIA.exe]
Service Secunia Update Agent [C:\Programme\Secunia\PSI\sua.exe]
Service SENS [C:\WINDOWS\system32\sens.dll]
Service serenum [C:\WINDOWS\system32\DRIVERS\serenum.sys]
Service Serial [C:\WINDOWS\system32\DRIVERS\serial.sys]
Service sermouse [C:\WINDOWS\system32\DRIVERS\sermouse.sys]
Service ServiceModelEndpoint 3.0.0.0 [???]
Service ServiceModelEndpoint 4.0.0.0 [???]
Service ServiceModelOperation 3.0.0.0 [???]
Service ServiceModelOperation 4.0.0.0 [???]
Service ServiceModelService 3.0.0.0 [???]
Service ServiceModelService 4.0.0.0 [???]
Service sfdrv01a [C:\WINDOWS\System32\drivers\sfdrv01a.sys]
Service sfhlp01 [C:\WINDOWS\System32\drivers\sfhlp01.sys]
Service sfhlp02 [C:\WINDOWS\System32\drivers\sfhlp02.sys]
Service Sfloppy [C:\WINDOWS\System32\Drivers\Sfloppy.sys]
Service sfsync04 [C:\WINDOWS\System32\drivers\sfsync04.sys]
Service sfvfs02 [C:\WINDOWS\System32\drivers\sfvfs02.sys]
Service SharedAccess [C:\WINDOWS\System32\ipnathlp.dll]
Service ShellHWDetection [C:\WINDOWS\System32\shsvcs.dll]
Service Simbad [C:\WINDOWS\System32\Drivers\Simbad.sys]
Service SimpTcp [C:\WINDOWS\system32\tcpsvcs.exe]
Service SLIP [C:\WINDOWS\system32\DRIVERS\SLIP.sys]
Service SMSvcHost 3.0.0.0 [???]
Service SMSvcHost 4.0.0.0 [???]
Service SNMP [C:\WINDOWS\System32\snmp.exe]
Service SNMPTRAP [C:\WINDOWS\System32\snmptrap.exe]
Service Sparrow [C:\WINDOWS\System32\Drivers\Sparrow.sys]
Service splitter [C:\WINDOWS\system32\drivers\splitter.sys]
Service Spooler [C:\WINDOWS\system32\spoolsv.exe]
Service sptd [C:\WINDOWS\System32\Drivers\sptd.sys]
Service sr [C:\WINDOWS\system32\DRIVERS\sr.sys]
Service srservice [C:\WINDOWS\system32\srsvc.dll]
Service Srv [C:\WINDOWS\system32\DRIVERS\srv.sys]
Service SSDPSRV [C:\WINDOWS\System32\ssdpsrv.dll]
Service SSPORT [C:\WINDOWS\system32\Drivers\SSPORT.sys]
Service ss_bbus [C:\WINDOWS\system32\DRIVERS\ss_bbus.sys]
Service ss_bmdfl [C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys]
Service ss_bmdm [C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys]
Service StarOpen [C:\WINDOWS\System32\Drivers\StarOpen.sys]
Service stisvc [C:\WINDOWS\system32\wiaservc.dll]
Service streamip [C:\WINDOWS\system32\DRIVERS\StreamIP.sys]
Service swenum [C:\WINDOWS\system32\DRIVERS\swenum.sys]
Service swmidi [C:\WINDOWS\system32\drivers\swmidi.sys]
Service SwPrv [C:\WINDOWS\system32\dllhost.exe]
Service swwd [???]
Service symc810 [C:\WINDOWS\System32\Drivers\symc810.sys]
Service symc8xx [C:\WINDOWS\System32\Drivers\symc8xx.sys]
Service sym_hi [C:\WINDOWS\System32\Drivers\sym_hi.sys]
Service sym_u3 [C:\WINDOWS\System32\Drivers\sym_u3.sys]
Service sysaudio [C:\WINDOWS\system32\drivers\sysaudio.sys]
Service SysmonLog [C:\WINDOWS\system32\smlogsvc.exe]
Service TapiSrv [C:\WINDOWS\System32\tapisrv.dll]
Service tbhsd [C:\WINDOWS\system32\drivers\tbhsd.sys]
Service Tcpip [C:\WINDOWS\system32\DRIVERS\tcpip.sys]
Service Tcpip6 [C:\WINDOWS\system32\DRIVERS\tcpip6.sys]
Service TDPIPE [C:\WINDOWS\System32\Drivers\TDPIPE.sys]
Service TDTCP [C:\WINDOWS\System32\Drivers\TDTCP.sys]
Service TermDD [C:\WINDOWS\system32\DRIVERS\termdd.sys]
Service TermService [C:\WINDOWS\System32\svchost]
Service TfFsMon [C:\WINDOWS\system32\drivers\TfFsMon.sys]
Service TfNetMon [C:\WINDOWS\system32\drivers\TfNetMon.sys]
Service TfSysMon [C:\WINDOWS\system32\drivers\TfSysMon.sys]
Service Themes [C:\WINDOWS\System32\shsvcs.dll]
Service ThreatFire [C:\Programme\ThreatFire\TFService.exe]
Service TlntSvr [???]
Service TosIde [C:\WINDOWS\System32\Drivers\TosIde.sys]
Service TrkWks [C:\WINDOWS\system32\trkwks.dll]
Service TSDDD [???]
Service TuneUp.UtilitiesSvc [C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe]
Service TuneUpUtilitiesDrv [C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys]
Service tunmp [C:\WINDOWS\system32\DRIVERS\tunmp.sys]
Service Udfs [C:\WINDOWS\System32\Drivers\Udfs.sys]
Service ultra [C:\WINDOWS\System32\Drivers\ultra.sys]
Service UMWdf [C:\WINDOWS\system32\wdfmgr.exe]
Service Update [C:\WINDOWS\system32\DRIVERS\update.sys]
Service uploadmgr [C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll]
Service upnphost [C:\WINDOWS\System32\upnphost.dll]
Service UPS [C:\WINDOWS\System32\ups.exe]
Service usb [???]
Service usbccgp [C:\WINDOWS\system32\DRIVERS\usbccgp.sys]
Service usbehci [C:\WINDOWS\system32\DRIVERS\usbehci.sys]
Service usbhub [C:\WINDOWS\system32\DRIVERS\usbhub.sys]
Service usbprint [C:\WINDOWS\system32\DRIVERS\usbprint.sys]
Service usbscan [C:\WINDOWS\system32\DRIVERS\usbscan.sys]
Service usbser [???]
Service usbstor [C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS]
Service usbuhci [C:\WINDOWS\system32\DRIVERS\usbuhci.sys]
Service usprserv [C:\WINDOWS\System32\svchost.exe]
Service UxTuneUp [C:\WINDOWS\System32\uxtuneup.dll]
Service VgaSave [C:\WINDOWS\System32\drivers\vga.sys]
Service ViaIde [C:\WINDOWS\System32\Drivers\ViaIde.sys]
Service VMnetAdapter [C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys]
Service VolSnap [C:\WINDOWS\System32\Drivers\VolSnap.sys]
Service vsdatant [C:\WINDOWS\System32\vsdatant.sys]
Service VSS [C:\WINDOWS\System32\vssvc.exe]
Service VxD [???]
Service W32Time [C:\WINDOWS\system32\w32time.dll]
Service W3SVC [???]
Service Wanarp [C:\WINDOWS\system32\DRIVERS\wanarp.sys]
Service wanatw [C:\WINDOWS\system32\DRIVERS\wanatw4.sys]
Service WDICA [C:\WINDOWS\System32\Drivers\WDICA.sys]
Service wdmaud [C:\WINDOWS\system32\drivers\wdmaud.sys]
Service WDMCAPI [C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys]
Service WDMWANMP [C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys]
Service WebClient [C:\WINDOWS\System32\webclnt.dll]
Service Windows Workflow Foundation 3.0.0.0 [???]
Service Windows Workflow Foundation 4.0.0.0 [???]
Service Windows7FirewallControl [C:\Programme\Windows7FirewallControl\Windows7FirewallControl.sys]
Service Windows7FirewallService [C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe]
Service winmgmt [C:\WINDOWS\system32\wbem\WMIsvc.dll]
Service WinRing0_1_2_0 [C:\WINDOWS\system32\Drivers\ptbring0.sys]
Service Winsock [C:\WINDOWS\System32\Drivers\Winsock.sys]
Service WinSock2 [???]
Service WinTrust [???]
Service WmBEnum [C:\WINDOWS\system32\drivers\WmBEnum.sys]
Service WmdmPmSN [C:\WINDOWS\system32\mspmsnsv.dll]
Service WmdmPmSp [???]
Service WmFilter [C:\WINDOWS\system32\drivers\WmFilter.sys]
Service WmHidLo [C:\WINDOWS\system32\drivers\WmHidLo.sys]
Service Wmi [???]
Service WmiApRpl [???]
Service WmiApSrv [C:\WINDOWS\system32\wbem\wmiapsrv.exe]
Service WmVirHid [C:\WINDOWS\system32\drivers\WmVirHid.sys]
Service WmXlCore [C:\WINDOWS\system32\drivers\WmXlCore.sys]
Service WPFFontCache_v0400 [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe]
Service WS2IFSL [C:\WINDOWS\System32\drivers\ws2ifsl.sys]
Service wscsvc [C:\WINDOWS\system32\wscsvc.dll]
Service WSTCODEC [C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS]
Service wuauserv [C:\WINDOWS\system32\wuauserv.dll]
Service WZCSVC [C:\WINDOWS\System32\wzcsvc.dll]
Service x10nets [C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe]
Service xmlprov [C:\WINDOWS\System32\xmlprov.dll]
Service XUIF [C:\WINDOWS\System32\Drivers\x10ufx2.sys]
Service {8E114390-8C7B-4796-9780-75FD5C8BC72D} [???]
Service {9483E099-9769-4F78-BC0F-E60192C6DD9B} [???]
Service {C359499E-F946-419E-8538-B856D0881332} [???]
Service {E95E35F4-9C2C-4D71-B3F7-B37DBCCA9AC7} [???]

Scan finished: Dienstag, 17. Juli 2012 14:33:18
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0

Zitat:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/17/2012 at 05:43 PM

Application Version : 5.1.1002

Core Rules Database Version : 8912
Trace Rules Database Version: 6724

Scan type : Quick Scan
Total Scan Time : 00:08:40

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 611
Memory threats detected : 0
Registry items scanned : 30080
Registry threats detected : 0
File items scanned : 8048
File threats detected : 6

Adware.Tracking Cookie
.elitetrading.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]
.elitetrading.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]
accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]

Zitat:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.13.09

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Roman :: PALME [Administrator]

17.07.2012 14:05:43
mbam-log-2012-07-17 (14-05-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 257313
Laufzeit: 11 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Ein Trojaner Fund!

Zitat:

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.07.17.07

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Roman :: PALME [Administrator]

17.07.2012 22:36:39
mbam-log-2012-07-17 (22-36-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 428745
Laufzeit: 1 Stunde(n), 29 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\WINDOWS\ie8\iexplore.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\www.download.de\kmplayer_downloader.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Polarbär · 18.07.2012, 12:23

GMER LOGFILE vom 18.7.12 angehängt

Polarbär · 18.07.2012, 14:05

Trojaner gefunden!

Zitat:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 07/18/2012 at 02:59 PM

Application Version : 5.1.1002

Core Rules Database Version : 8917
Trace Rules Database Version: 6729

Scan type : Complete Scan
Total Scan Time : 01:29:24

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 567
Memory threats detected : 0
Registry items scanned : 38835
Registry threats detected : 0
File items scanned : 71017
File threats detected : 3

Trojan.Agent/Gen-Bancos
C:\PROGRAMME\MEDIAPIRATEN\MEDIAPIRATEN\DATA\METASPINNERTELETEXTFILTER.AX

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP144\A0134398.EXE

Trojan.Agent/Gen-Downloader
C:\WWW.DOWNLOAD.DE\DSP_ROCKSTEADY21.EXE

cosinus · 18.07.2012, 14:41

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.

Drücke bitte die

+ R Taste und kopiere folgenden Text in das Ausführen Fenster.

Code:

ATTFilter

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"

Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

ATTFilter

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"

Poste nun den Inhalt der log.txt.

Polarbär · 18.07.2012, 19:56

Hallo Cosinus hier die Logfile wie gewünscht

Zitat:

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7c2681206c3f5e4886217db698871183
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-18 06:35:54
# local_time=2012-07-18 08:35:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 149062365 149062365 0 0
# compatibility_mode=768 16777215 100 0 74366252 74366252 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=186034
# found=10
# cleaned=0
# scan_time=15022
C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\KFZ Vers TK +Rabattschutz_files\status.js JS/Agent.NEJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\KFZ Vers VK 500 grob varl + Rabattsch_files\status.js JS/Agent.NEJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\KFZ Vers VK 500 grob varl o Rabattsch_files\status.js JS/Agent.NEJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\KFZ VK +Rabattschutz_files\status.js JS/Agent.NEJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Registry Easy\RegEasy.exe probably a variant of Win32/Adware.RegistryEasy application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Trend Micro\HijackThis\backups\backup-20081207-152341-860.dll Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\www.download.de\asc-setup.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\www.download.de\fvdsuite_installer.exe a variant of Win32/InstallCore.W application (unable to clean) 00000000000000000000000000000000 I
C:\www.download.de\registrybooster.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\www.download.de\unlocker1.8.9.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

cosinus · 19.07.2012, 12:31

Zitat:

C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\KFZ Vers TK +Rabattschutz_files\status.js

Was genau soll das sein? Woher kommt das?

Zitat:

C:\Programme\Registry Easy\RegEasy.exe
\www.download.de\registrybooster.exe

Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.

Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Polarbär · 19.07.2012, 13:53

Hey Cosinus

Das hab ich von einem Versicherungsvergleichsportal deren Webseite ich gespeichert habe, kann ich löschen brauch ich nicht mehr.
C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\KFZ Vers TK +Rabattschutz_files\status.js
O.k. Danke! Registry-Cleanern werde ich nicht mehr verwenden.

Zitat:

# AdwCleaner v1.702 - Logfile created 07/19/2012 at 14:35:25
# Updated 13/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Roman - PALME
# Running from : C:\Dokumente und Einstellungen\Roman\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
Folder Found : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
Folder Found : C:\Programme\Conduit
Folder Found : C:\Programme\Viewpoint
Folder Found : C:\Programme\Viewpoint
File Found : C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\QuickStores.url

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Viewpoint

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2809 octets] - [19/07/2012 14:35:25]

########## EOF - C:\AdwCleaner[R1].txt - [2937 octets] ##########

cosinus · 19.07.2012, 19:35

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Polarbär · 20.07.2012, 05:30

Alles Ausgefüht

Zitat:

# AdwCleaner v1.702 - Logfile created 07/20/2012 at 06:18:34
# Updated 13/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Roman - PALME
# Running from : C:\Dokumente und Einstellungen\Roman\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
Folder Deleted : C:\Programme\Conduit
Folder Deleted : C:\Programme\Viewpoint
File Deleted : C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\QuickStores.url

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Viewpoint

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2938 octets] - [19/07/2012 14:35:25]
AdwCleaner[S1].txt - [2799 octets] - [20/07/2012 06:18:34]

########## EOF - C:\AdwCleaner[S1].txt - [2927 octets] ##########

cosinus · 20.07.2012, 15:51

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Polarbär · 20.07.2012, 17:21

Hallo Arne,
1.) Der normale Modus von Windows geht soweit normal.
2.) Sind da leere Ordner unter alle Programme?
Sind leere Ordner da ,aber wahrscheinlich von mir gelöschte Programme.

cosinus · 21.07.2012, 14:42

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL

Log-Analyse und Auswertung: Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL