Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware

C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware


Plagegeister aller Art und deren Bekämpfung: C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.09.2012, 16:06   #1
dyntio
 
C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware - Standard

C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware


Hi@all, hab mich grad registriert und brauche direkt Hilfe^^,

Avast hat unter C:\WINDOWS\system32\scvhost\svchost.exe einen Virus gefunden.

Hijackthis meldet dazu folgendes: F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe

Hab jetz bei Avast das Ding gelöscht und bei HijackThis den Registryeintrag und dann mal gegooglet und bin hier auf dieses Forum gestoßen.
Da ich keine Ahnung habe, hätte ich gerne mal eine Expertenmeinung ob jetz noch Befall vorhanden ist oder nicht.

Otl Scan:

@
Code:
ATTFilter
OTL logfile created on: 06.09.2012 14:05:06 - Run 1
OTL by OldTimer - Version 3.2.61.0     Folder = C:\Dokumente und Einstellungen\user.TEH-PC\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,42 Mb Total Physical Memory | 617,35 Mb Available Physical Memory | 60,38% Memory free
2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,53% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 116,41 Gb Total Space | 53,09 Gb Free Space | 45,60% Space Free | Partition Type: NTFS
Drive D: | 109,63 Gb Total Space | 41,62 Gb Free Space | 37,97% Space Free | Partition Type: NTFS
Drive E: | 6,83 Gb Total Space | 0,36 Gb Free Space | 5,32% Space Free | Partition Type: FAT32
Drive F: | 672,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TEH-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.06 14:01:23 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user.TEH-PC\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.05.24 15:57:49 | 000,510,960 | ---- | M] () -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
PRC - [2012.05.24 15:57:42 | 000,343,024 | ---- | M] () -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
PRC - [2011.04.28 09:59:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2009.07.24 18:56:57 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2008.09.19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008.09.19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2008.07.04 12:52:18 | 000,014,336 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2006.02.28 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.02.24 16:35:06 | 002,372,760 | ---- | M] (Sygate Technologies, Inc.) -- C:\Programme\Sygate\SPF\Smc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.06 09:53:39 | 001,807,872 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12090600\algo.dll
MOD - [2012.08.14 08:37:18 | 000,962,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\9cbb2652df5c2243902429b74aad6401\System.Configuration.ni.dll
MOD - [2012.08.14 00:38:18 | 005,640,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9836cee6676ab74cad770ce1945f0ccf\System.Xml.ni.dll
MOD - [2012.08.14 00:37:47 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ff091be1f5321f4782cdc8f348ac8c5d\System.ni.dll
MOD - [2012.08.14 00:37:33 | 011,411,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b8995fed79290c488540ac8212bb4347\mscorlib.ni.dll
MOD - [2012.08.14 00:37:02 | 000,368,640 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012.08.14 00:36:55 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012.05.24 15:57:49 | 000,510,960 | ---- | M] () -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
MOD - [2012.05.24 15:57:42 | 000,343,024 | ---- | M] () -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.05.24 15:57:42 | 000,343,024 | ---- | M] () [Auto | Running] -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service)
SRV - [2009.11.23 22:45:00 | 003,571,484 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2009.07.24 18:56:57 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.07.24 18:56:56 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.07.15 11:48:20 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.09.19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008.07.04 12:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004.02.24 16:35:06 | 002,372,760 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Programme\Sygate\SPF\Smc.exe -- (SmcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.08.14 00:09:47 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.04.16 00:44:16 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.04.16 00:44:16 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.04.16 00:27:03 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007.03.27 13:27:02 | 000,543,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006.11.07 01:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET)
DRV - [2006.01.13 18:13:18 | 004,137,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004.02.02 10:53:28 | 000,018,518 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004.02.02 10:51:04 | 000,055,891 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Teefer.sys -- (Teefer)
DRV - [2004.02.02 10:37:32 | 000,011,914 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg3n.sys -- (wg3n)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://ixquick.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1466
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.06 11:29:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.25 10:21:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.03 20:50:00 | 000,000,000 | ---D | M]
 
[2009.08.10 16:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Mozilla\Extensions
[2009.08.10 16:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Mozilla\Firefox\Profiles\chs3hv6i.default\extensions
[2012.09.06 13:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.08 17:39:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012.09.06 11:29:54 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMME\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010.10.08 17:38:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.10.08 17:38:44 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.03 20:49:52 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.03 20:49:52 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.03 20:49:52 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.03 20:49:52 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.03 20:49:52 | 000,000,801 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SmcService] C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk = C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DCE25BC-B101-40B7-9FEB-FDDDEBC40DA6}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.24 16:32:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3be63cf0-e79a-11e1-af64-0016172b56cd}\Shell - "" = AutoRun
O33 - MountPoints2\{3be63cf0-e79a-11e1-af64-0016172b56cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3be63cf0-e79a-11e1-af64-0016172b56cd}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{61d73d5e-e523-11e1-af5e-0016172b56cd}\Shell - "" = AutoRun
O33 - MountPoints2\{61d73d5e-e523-11e1-af5e-0016172b56cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61d73d5e-e523-11e1-af5e-0016172b56cd}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{61d73d5f-e523-11e1-af5e-0016172b56cd}\Shell\verb1\command - "" = I:\desktop.exe
O33 - MountPoints2\{762b0894-e6d4-11e1-af62-0016172b56cd}\Shell - "" = AutoRun
O33 - MountPoints2\{762b0894-e6d4-11e1-af62-0016172b56cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{762b0894-e6d4-11e1-af62-0016172b56cd}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.06 11:30:08 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.09.06 11:30:08 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.09.06 11:30:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
[2012.09.06 11:30:07 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.09.06 11:30:07 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.09.06 11:30:06 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.09.06 11:30:05 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.09.06 11:30:05 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.09.06 11:30:05 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.09.06 11:29:44 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.09.06 11:29:43 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.09.06 11:29:24 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2012.09.06 11:29:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.08.17 12:13:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Everest Poker
[2012.08.17 12:09:36 | 000,000,000 | ---D | C] -- C:\Programme\Everest Poker
[2012.08.14 00:59:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Vodafone
[2012.08.14 00:58:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2012.08.14 00:58:52 | 000,000,000 | ---D | C] -- C:\Programme\Vodafone
[2012.08.14 00:43:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Vodafone
[2012.08.14 00:42:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallShield
[2012.08.14 00:42:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone
[2012.08.14 00:41:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\{D53238E8-3427-491E-A57E-097FA966AAC1}
[2012.08.14 00:10:49 | 000,860,928 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2012.08.14 00:10:49 | 000,117,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2012.08.14 00:10:49 | 000,106,496 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2012.08.14 00:10:49 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2012.08.14 00:10:49 | 000,082,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2012.08.14 00:10:49 | 000,072,576 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2012.08.14 00:10:49 | 000,051,456 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2012.08.14 00:10:49 | 000,026,496 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2012.08.14 00:10:49 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2012.08.14 00:10:49 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2012.08.14 00:10:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\ALDITALKVerbindungsassistent
[2012.08.14 00:09:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ALDI TALK Verbindungsassistent
[2012.08.14 00:09:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\ALDITALKVerbindungsassistent
[2012.08.14 00:09:44 | 000,000,000 | ---D | C] -- C:\Programme\ALDITALKVerbindungsassistent
[2012.08.14 00:09:16 | 015,254,224 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Dokumente und Einstellungen\user.TEH-PC\Desktop\AldiTalk-v4_06-Win.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.06 14:00:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.09.06 13:57:09 | 000,000,306 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.09.06 13:56:37 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.09.06 13:56:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.06 13:55:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.06 13:54:43 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\user.TEH-PC\defogger_reenable
[2012.09.06 13:16:13 | 000,000,172 | -HS- | M] () -- C:\WINDOWS\System32\bootrun.reg
[2012.09.06 11:30:08 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.09.06 11:30:06 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.09.06 09:38:00 | 000,000,457 | -HS- | M] () -- C:\WINDOWS\System32\boothide.reg
[2012.09.05 20:10:29 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\scvhost.ini
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.08.21 11:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.08.17 12:13:12 | 000,001,585 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Everest Poker.lnk
[2012.08.16 20:14:49 | 000,002,533 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone Mobile Connect.lnk
[2012.08.14 00:59:00 | 000,001,978 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone SMS.lnk
[2012.08.14 00:37:12 | 000,475,558 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.08.14 00:37:12 | 000,455,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.08.14 00:37:12 | 000,091,740 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.08.14 00:37:12 | 000,075,150 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.08.14 00:09:52 | 000,001,862 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ALDI TALK Verbindungsassistent.lnk
[2012.08.14 00:09:49 | 000,001,899 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk
[2012.08.14 00:09:48 | 000,860,928 | ---- | M] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2012.08.14 00:09:48 | 000,026,496 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2012.08.14 00:09:48 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2012.08.14 00:09:47 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2012.08.14 00:09:47 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2012.08.14 00:09:47 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2012.08.14 00:09:47 | 000,082,816 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2012.08.14 00:09:47 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2012.08.14 00:09:47 | 000,051,456 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2012.08.14 00:09:47 | 000,024,448 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2012.08.13 19:56:52 | 015,254,224 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Dokumente und Einstellungen\user.TEH-PC\Desktop\AldiTalk-v4_06-Win.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.06 13:54:36 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\user.TEH-PC\defogger_reenable
[2012.09.06 11:30:08 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.09.06 11:30:06 | 000,000,306 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.08.17 12:13:12 | 000,001,585 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Everest Poker.lnk
[2012.08.14 00:59:00 | 000,002,533 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone Mobile Connect.lnk
[2012.08.14 00:59:00 | 000,001,978 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone SMS.lnk
[2012.08.14 00:09:52 | 000,001,862 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ALDI TALK Verbindungsassistent.lnk
[2012.08.14 00:09:49 | 000,001,899 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk
[2012.08.14 00:09:06 | 000,000,172 | -HS- | C] () -- C:\WINDOWS\System32\bootrun.reg
[2012.08.14 00:09:05 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\scvhost.ini
[2012.08.14 00:09:04 | 000,000,457 | -HS- | C] () -- C:\WINDOWS\System32\boothide.reg
[2012.08.01 19:08:46 | 000,004,135 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flwjycbm.bab
[2012.07.09 21:01:02 | 002,815,240 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-436374069-838170752-839522115-1007-0.dat
[2012.07.09 21:01:01 | 000,315,886 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.05.08 17:43:43 | 000,004,877 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bltofzsb.qlf
[2010.05.21 16:05:54 | 003,099,648 | ---- | C] () -- C:\Programme\openofficeorg32.msi
[2010.05.21 16:04:24 | 000,460,088 | ---- | C] () -- C:\Programme\setup.exe
[2010.05.21 16:02:28 | 145,988,142 | ---- | C] () -- C:\Programme\openofficeorg1.cab
[2010.05.21 15:07:44 | 000,000,290 | ---- | C] () -- C:\Programme\setup.ini
[2009.08.14 18:15:12 | 000,004,985 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ojvzdisj.xda
[2009.08.13 16:26:46 | 000,026,112 | ---- | C] () -- C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.23 13:02:02 | 000,097,410 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4
[2008.05.23 17:48:50 | 000,020,270 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceInstaller.xml
 
========== LOP Check ==========
 
[2012.09.06 11:29:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2010.04.16 00:25:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2012.04.19 14:41:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hotspot Shield
[2009.07.25 17:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2012.02.27 00:11:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2010.04.30 23:57:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK
[2009.07.24 18:56:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.08.14 00:58:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2012.07.09 20:53:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XHEO INC
[2009.07.24 18:22:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2012.03.06 23:53:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\.minecraft
[2012.08.30 11:30:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\ALDITALKVerbindungsassistent
[2010.12.19 15:27:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\DAEMON Tools Lite
[2012.07.09 21:13:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\HEM Data
[2012.07.12 02:15:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\HoldemManager
[2011.11.17 22:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\LolClient
[2011.03.20 23:57:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Rift
[2011.12.03 21:52:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\TS3Client
[2012.07.12 01:45:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\TuneUp Software
[2012.08.14 00:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Vodafone
[2012.09.06 14:00:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2012.09.06 13:57:09 | 000,000,306 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
 
========== Purity Check ==========
 
 

< End of report >
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 06.09.2012 14:05:06 - Run 1
OTL by OldTimer - Version 3.2.61.0     Folder = C:\Dokumente und Einstellungen\user.TEH-PC\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,42 Mb Total Physical Memory | 617,35 Mb Available Physical Memory | 60,38% Memory free
2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,53% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 116,41 Gb Total Space | 53,09 Gb Free Space | 45,60% Space Free | Partition Type: NTFS
Drive D: | 109,63 Gb Total Space | 41,62 Gb Free Space | 37,97% Space Free | Partition Type: NTFS
Drive E: | 6,83 Gb Total Space | 0,36 Gb Free Space | 5,32% Space Free | Partition Type: FAT32
Drive F: | 672,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TEH-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58995:TCP" = 58995:TCP:*:Enabled:Pando Media Booster
"58995:UDP" = 58995:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"8395:TCP" = 8395:TCP:*:Enabled:League of Legends Launcher
"8395:UDP" = 8395:UDP:*:Enabled:League of Legends Launcher
"8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher
"8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher
"58995:TCP" = 58995:TCP:*:Enabled:Pando Media Booster
"58995:UDP" = 58995:UDP:*:Enabled:Pando Media Booster
"6926:TCP" = 6926:TCP:*:Enabled:League of Legends Launcher
"6926:UDP" = 6926:UDP:*:Enabled:League of Legends Launcher
"6940:TCP" = 6940:TCP:*:Enabled:League of Legends Launcher
"6940:UDP" = 6940:UDP:*:Enabled:League of Legends Launcher
"8397:TCP" = 8397:TCP:*:Enabled:League of Legends Launcher
"8397:UDP" = 8397:UDP:*:Enabled:League of Legends Launcher
"6991:TCP" = 6991:TCP:*:Enabled:League of Legends Launcher
"6991:UDP" = 6991:UDP:*:Enabled:League of Legends Launcher
"6935:TCP" = 6935:TCP:*:Enabled:League of Legends Launcher
"6935:UDP" = 6935:UDP:*:Enabled:League of Legends Launcher
"6981:TCP" = 6981:TCP:*:Enabled:League of Legends Launcher
"6981:UDP" = 6981:UDP:*:Enabled:League of Legends Launcher
"6949:TCP" = 6949:TCP:*:Enabled:League of Legends Launcher
"6949:UDP" = 6949:UDP:*:Enabled:League of Legends Launcher
"6990:TCP" = 6990:TCP:*:Enabled:League of Legends Launcher
"6990:UDP" = 6990:UDP:*:Enabled:League of Legends Launcher
"6901:TCP" = 6901:TCP:*:Enabled:League of Legends Launcher
"6901:UDP" = 6901:UDP:*:Enabled:League of Legends Launcher
"6946:TCP" = 6946:TCP:*:Enabled:League of Legends Launcher
"6946:UDP" = 6946:UDP:*:Enabled:League of Legends Launcher
"6936:TCP" = 6936:TCP:*:Enabled:League of Legends Launcher
"6936:UDP" = 6936:UDP:*:Enabled:League of Legends Launcher
"6895:TCP" = 6895:TCP:*:Enabled:League of Legends Launcher
"6895:UDP" = 6895:UDP:*:Enabled:League of Legends Launcher
"8398:TCP" = 8398:TCP:*:Enabled:League of Legends Launcher
"8398:UDP" = 8398:UDP:*:Enabled:League of Legends Launcher
"6980:TCP" = 6980:TCP:*:Enabled:League of Legends Launcher
"6980:UDP" = 6980:UDP:*:Enabled:League of Legends Launcher
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Miranda IM\miranda32.exe" = C:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\Programme\League of Legends\Air\LolClient.exe" = C:\Programme\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Programme\League of Legends\Game\League of Legends.exe" = C:\Programme\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam
"C:\Programme\Reality Pump\Two Worlds II\TwoWorlds2.exe" = C:\Programme\Reality Pump\Two Worlds II\TwoWorlds2.exe:*:Enabled:Two Worlds II -- (Reality Pump)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Riot Games\League of Legends\lol.launcher.exe" = C:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher
"C:\Programme\Steam\steamapps\reyeddi\counter-strike source\hl2.exe" = C:\Programme\Steam\steamapps\reyeddi\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}" = HP Photosmart All-In-One Software 9.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EE91E474-9298-47B8-817F-8E0042408998}" = Risen Hotfix 1.01
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F860F390-78F4-4B45-8C1A-0489618E315B}" = Sygate Personal Firewall
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"avast" = avast! Free Antivirus
"CABAL Online (Europe)_is1" = CABAL Online
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Everest Poker" = Everest Poker (Remove Only)
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.0
"MedionVFD" = Medion Info Display
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Miranda IM" = Miranda IM 0.8.10
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tremulous" = Tremulous 1.1.0
"Two Worlds II" = Two Worlds II
"WIC" = Windows Imaging Component
"William Hill Poker" = William Hill Poker
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Worms Reloaded_is1" = Worms Reloaded
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.09.2012 03:43:52 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 05.09.2012 14:01:11 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 05.09.2012 15:44:17 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 06.09.2012 03:37:46 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 06.09.2012 07:19:28 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 06.09.2012 07:22:20 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = GetProcessOwner
 
Error - 06.09.2012 07:29:51 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 06.09.2012 07:35:45 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 06.09.2012 07:56:06 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 06.09.2012 07:57:25 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = GetProcessOwner
 
[ OSession Events ]
Error - 12.11.2010 13:47:12 | Computer Name = TEH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9921
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 06.09.2012 05:29:05 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 06.09.2012 05:29:06 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 06.09.2012 05:29:08 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 06.09.2012 05:29:09 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 06.09.2012 05:29:11 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 06.09.2012 05:29:12 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 06.09.2012 05:29:14 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 06.09.2012 05:29:16 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 06.09.2012 05:29:17 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 06.09.2012 05:29:19 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
[ TuneUp Events ]
Error - 30.08.2012 04:58:37 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-08-30 10:58:37',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 30.08.2012 19:51:13 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-08-31 01:51:13',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 31.08.2012 05:55:21 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-08-31 11:55:21',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 31.08.2012 08:32:04 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-08-31 14:32:04',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 01.09.2012 05:09:32 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-09-01 11:09:32',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 02.09.2012 06:56:28 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-09-02 12:56:28',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 03.09.2012 06:23:43 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-09-03 12:23:43',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 04.09.2012 05:11:05 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-09-04 11:11:05',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 05.09.2012 04:43:55 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-09-05 10:43:55',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 05.09.2012 15:01:14 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-09-05 21:01:14',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
 
< End of report >
Vielen Dank schonmal

 

Themen zu C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware
32 bit, antivirus, bho, desktop, einstellungen, error, excel, firefox, flash player, format, helper, home, hotspot, league of legends, logfile, malware, plug-in, realtek, rundll, scan, security, software, svchost.exe, system, teamspeak, udp, virus, vodafone, windows


« Weißer Bildschirm Windows XP | Trojaner: Dropper.Generic_c.MMI »


Ähnliche Themen: C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware


  1. Avast Pop-ups Infection: URL:Mal Process: C:\Windows\System32\svchost.exe
    Log-Analyse und Auswertung - 13.06.2015 (11)
  2. URL:Mal in C:\Windows\System32\svchost.exe von avast gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.03.2015 (11)
  3. C:windows/system32/svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (1)
  4. Win32:Malware-gen und Win32:Downloader-PKU.C:\Windows\System32\services.exe.Weitere Meldungen
    Log-Analyse und Auswertung - 12.09.2012 (10)
  5. Win32: Sirefef-AHF [Trj] und Win32: Malware-gen in C:\Windows\System32\services.exe Windows 7 64bit
    Log-Analyse und Auswertung - 31.08.2012 (16)
  6. C:/windows/system32/svchost.exe trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.01.2012 (4)
  7. C:\windows\system32\svchost.exe Tojaner , Malwarebytes blockt IP
    Log-Analyse und Auswertung - 10.12.2011 (44)
  8. c:\windows\system32\svchost.exe Virus?
    Plagegeister aller Art und deren Bekämpfung - 13.08.2011 (24)
  9. C:\Windows\system32\Winbooterr\Svchost.exe
    Log-Analyse und Auswertung - 19.11.2010 (7)
  10. virus in windows/system32/drivers und svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 29.04.2010 (1)
  11. D:\WINDOWS\system32\scvhost.exe kann nicht gefunden werden!
    Log-Analyse und Auswertung - 02.03.2010 (14)
  12. C:\Windows\system32\svchost.exe.
    Plagegeister aller Art und deren Bekämpfung - 17.07.2009 (19)
  13. (wuauserv) (BITS) - Unknown owner - C:\WINDOWS\
    Log-Analyse und Auswertung - 27.03.2009 (4)
  14. c:windows\system32\svchost.exe oO
    Log-Analyse und Auswertung - 14.03.2009 (1)
  15. F2 - REG:system.ini: Shell=Explorer.exe C:\Windows\system32\scvhost.exe
    Log-Analyse und Auswertung - 12.02.2008 (4)
  16. scvhost svchost
    Plagegeister aller Art und deren Bekämpfung - 28.12.2007 (6)
  17. C:Windows/System32/scvhost.exe Problem
    Plagegeister aller Art und deren Bekämpfung - 29.08.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware - Hi@all, hab mich grad registriert und brauche direkt Hilfe^^, Avast hat unter C:\WINDOWS\system32\scvhost\svchost.exe einen Virus gefunden. Hijackthis meldet dazu folgendes: F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe Hab jetz bei Avast das Ding - C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware...
Archiv
Du betrachtest: C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19