kann keine Windows Updates machen alles wird wieder rückgängig gemacht, habe auch die csrss.exe zweimal

bobbypascha · 10.03.2013, 15:27

kann keine Windows Updates machen alles wird wieder rückgängig gemacht, habe auch die csrss.exe zweimal in den Dateien entdeckt. Mein Rechnung läuft sehr langsam, Exploer schließt immer öfter das Programm.

Suche nach einer Lösung. Der Computer ist für mich wie böhmische Dörfer, könnte mir einer Schrittweise erklären was zu tun ist. Ich verzweifele langsam, brauche den Rechner für die Arbeit.

Lieben Dank im Vorraus für die Hilfe

cosinus · 11.03.2013, 11:26

Hallo und

Zitat:

brauche den Rechner für die Arbeit.

Was genau heißt das?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

bobbypascha · 11.03.2013, 13:22

nein ist ein Privatrechner, habe nur gerade einen Job angenommen und muss viel googeln,
und recherche machen. Bin deshlab auf den Rechner angewiesen.
Habe einen Vista Home Premium ist allerdings von 2007.

gruss
bobbypascha

cosinus · 11.03.2013, 13:34

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

bobbypascha · 12.03.2013, 20:41

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 12.03.2013 20:08:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,57% Memory free
6,22 Gb Paging File | 4,95 Gb Available in Paging File | 79,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 457,95 Gb Total Space | 338,48 Gb Free Space | 73,91% Space Free | Partition Type: NTFS
Drive D: | 7,81 Gb Total Space | 3,43 Gb Free Space | 43,84% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3396425265-1340493425-710984192-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02905E2A-2264-4446-8421-8E9BFAF2D76C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1BAF6DC5-2DF5-4E50-B3FE-49985E6D1B63}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{2949FE81-E5AB-4911-AED0-67B19A7392D0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3B3DCAAD-5A81-41EA-8F85-34D7DC735286}" = lport=445 | protocol=6 | dir=in | app=system | 
"{54FD9164-6CBB-4917-8F5F-C3AA970B9B56}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5FB8D268-E784-4D86-BC10-04ABE5B1AFEE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{86D9B6C7-B9CB-4220-8490-6B069523D620}" = rport=445 | protocol=6 | dir=out | app=system | 
"{96885CAB-D1FB-4B95-A81E-93A7D10252E8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B95C7369-7A1C-48DC-B537-FB39D21AD83C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BCE25E81-D5B1-4295-A045-AC3C210FB932}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C0F2CE8A-FE5A-401D-847F-0427A0554BB7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DA23AB71-4E52-4D8C-95DE-8D2144D33182}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E6D81D7C-A7D9-4CC6-9BF5-940AAD65CC72}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F6F0ACA1-655E-4301-A762-626E8016FC1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{162295D4-7DB0-40BE-BE29-C20E4B5BF862}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{26CDF56C-5179-4BE2-A12C-915A87AC4350}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{5182A271-23F9-4359-8A03-AE3D0BA70A2A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{59B6C471-EE4C-491E-A1E2-A81AB70DFCC3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5F025DEE-B875-442D-85D0-604BC99D11CD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{6068B7CB-307D-4CE4-8841-617815509282}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{60A0AD61-DDC1-40EF-A456-077B12086ECB}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{68C77884-B8B5-4253-A7B4-DC8260BFC436}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{6C2A44BA-FB9B-4A65-B39C-02ED36725949}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7D9F119F-33FA-4559-8A62-962D0381457D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{893AECF9-CC33-4A9E-9ACC-C64CF2E25821}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9ACE2CF0-2D2A-4004-A926-1A3D2D671ABA}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe | 
"{9DECF058-5699-4EB8-9CAD-4C045F92BAB0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D36CD17A-AE13-48EF-A996-C20564258A5A}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{D82AC7B2-A681-4A46-B323-2110C8457190}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{F140AD2B-09F4-45C6-82B3-C6B6610CA14F}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{F23D3C88-7AB8-4144-BFD3-1EFA3A1FD2E5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{F86C210E-58C4-4CF6-AD6C-A3555A65B94E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.576
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Foto 7.0
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{70AB1576-7883-2313-C650-7A71270B1031}" = Nero 7 Ultra Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75674E4C-CDE5-4E64-8014-FDF6D9204C4B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{897CA0D9-948F-4E5B-A20E-535E1060D3E6}" = MyDVD-VR Recorder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DCFFB64E-A757-4430-A455-B947F029BFD4}" = Roxio WinOnCD 9 Basic
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1" = PDF-XChange 4
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{897CA0D9-948F-4E5B-A20E-535E1060D3E6}" = Sonic MyDVD-VR
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"WNLT" = IB Updater Service
"Works2003Setup" = Microsoft Works 2003-Setup-Start
"xvid" = XviD MPEG-4 Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3396425265-1340493425-710984192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{206a7328-437f-4bd9-b53e-12bfee24d588}" = G-Filter
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.03.2013 11:25:08 | Computer Name = ****** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.03.2013 11:25:31 | Computer Name = ****** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.03.2013 13:35:44 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.03.2013 15:01:01 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.03.2013 15:01:46 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm Taskmgr.exe, Version 6.0.6001.18000 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: c7c  Anfangszeit: 01ce1e8aabd1439e  Zeitpunkt
 der Beendigung: 16
 
Error - 12.03.2013 03:24:13 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.03.2013 06:30:17 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.03.2013 11:02:18 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.03.2013 11:16:14 | Computer Name = ***** | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.03.2013 14:24:45 | Computer Name =  *****| Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 12.03.2013 11:16:14 | Computer Name = ***** | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 12.03.2013 11:17:56 | Computer Name = ***** | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 12.03.2013 11:17:56 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.03.2013 14:23:08 | Computer Name = ***** | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.102 für die Netzwerkkarte mit der Netzwerkadresse
 002421F119F8 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 12.03.2013 14:24:45 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 12.03.2013 14:24:45 | Computer Name = ***** | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 12.03.2013 14:25:42 | Computer Name = ***** | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 12.03.2013 14:25:42 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.03.2013 14:34:45 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 12.03.2013 14:35:04 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description = 
 
 
< End of report >

--- --- ---

Hey,
ich hoffe ich habe alles richtig gemacht, sry,bin schon ein äteres Semester, du hast es aber super erklärt, vielen Dank nochmals für deine Hilfe ich warte jetzt ab, bist du wieder Zeit hast, damit ich die nächsten Schritte machen kann.

Gruss
bobbypascha

cosinus · 12.03.2013, 23:44

Was ist mit dem anderen Log von OTL, das nebenbei bemerkt viel wichtiger ist als die extras.txt?

bobbypascha · 13.03.2013, 09:19

sry, hier die gewünschte Kopie.

Gruss
bobbypaschaOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 12.03.2013 20:08:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,57% Memory free
6,22 Gb Paging File | 4,95 Gb Available in Paging File | 79,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 457,95 Gb Total Space | 338,48 Gb Free Space | 73,91% Space Free | Partition Type: NTFS
Drive D: | 7,81 Gb Total Space | 3,43 Gb Free Space | 43,84% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.12 20:07:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
PRC - [2013.02.25 16:05:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.25 16:05:21 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013.02.25 16:05:20 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.25 16:05:18 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.25 16:05:17 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.15 16:26:38 | 000,896,512 | ---- | M] () -- C:\Users\*****\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe
PRC - [2013.02.15 16:26:37 | 000,096,768 | ---- | M] () -- C:\Windows\System32\GFilterSvc.exe
PRC - [2013.02.15 16:26:35 | 000,067,584 | ---- | M] () -- C:\Windows\System32\CHxReaeingStringIME.exe
PRC - [2013.02.08 15:11:04 | 000,300,480 | ---- | M] (Abine Inc.) -- C:\Programme\Ask.com\AbineSDK\IE\DNTPService.exe
PRC - [2013.02.08 15:11:02 | 001,185,872 | ---- | M] (CallingID Ltd.) -- C:\Programme\Ask.com\CallingIDSDK\CIDGlobalLight.exe
PRC - [2013.02.08 15:10:08 | 001,644,680 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2013.01.29 14:30:00 | 000,188,760 | ---- | M] () -- C:\Programme\IB Updater\ExtensionUpdaterService.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.06.21 12:57:34 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012.01.07 18:13:17 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.05.11 02:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.15 16:26:39 | 000,138,752 | ---- | M] () -- C:\ProgramData\DNSErrorHelper\bho.dll
MOD - [2013.02.08 15:11:04 | 000,925,120 | ---- | M] () -- C:\Programme\Ask.com\AbineSDK\IE\DNTPContentFilter.dll
MOD - [2013.02.08 15:11:04 | 000,245,696 | ---- | M] () -- C:\Programme\Ask.com\AbineSDK\IE\DNTPButton.dll
MOD - [2013.01.29 14:30:00 | 000,170,840 | ---- | M] () -- C:\Programme\IB Updater\Extension32.dll
MOD - [2008.10.15 00:03:48 | 003,076,096 | ---- | M] () -- c:\Programme\Adobe\Reader 8.0\Reader\RdLang32.DEU
MOD - [2008.01.11 20:49:24 | 000,098,304 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Escript.deu
MOD - [2007.05.11 01:55:44 | 000,053,248 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Weblink.DEU
MOD - [2007.05.11 01:54:20 | 000,026,112 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SendMail.deu
MOD - [2007.05.11 01:54:02 | 000,053,248 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU
MOD - [2007.05.11 01:53:52 | 000,974,848 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\PPKLITE.DEU
MOD - [2007.05.11 01:53:32 | 000,028,672 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU
MOD - [2007.05.11 01:53:22 | 000,013,312 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU
MOD - [2007.05.11 01:52:58 | 000,159,744 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU
MOD - [2007.05.11 01:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\makeaccessible.DEU
MOD - [2007.05.11 01:52:02 | 000,006,656 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU
MOD - [2007.05.11 01:51:42 | 000,221,184 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU
MOD - [2007.05.11 01:51:38 | 001,224,704 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU
MOD - [2007.05.11 01:51:24 | 000,192,512 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU
MOD - [2007.05.11 01:50:30 | 000,811,008 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Acroform.DEU
MOD - [2007.05.11 01:50:04 | 000,077,824 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\accessibility.DEU
MOD - [2007.01.13 02:01:28 | 000,475,136 | R--- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\ccme_base.dll
MOD - [2007.01.13 02:01:28 | 000,397,312 | R--- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\cryptocme2.dll
MOD - [2006.10.23 00:34:44 | 000,005,120 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\updater.DEU
MOD - [2006.10.23 00:33:38 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU
MOD - [2006.10.23 00:33:02 | 000,008,192 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU
MOD - [2006.10.23 00:32:30 | 000,011,264 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\pddom.DEU
MOD - [2006.10.23 00:31:30 | 000,013,312 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Hls.deu
MOD - [2006.10.23 00:30:32 | 000,028,672 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.02.25 16:05:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 16:05:21 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.02.25 16:05:18 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.15 16:26:38 | 000,896,512 | ---- | M] () [Auto | Running] -- C:\Users\*****\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe -- (AddonsHelper)
SRV - [2013.02.15 16:26:37 | 000,096,768 | ---- | M] () [Auto | Running] -- C:\Windows\System32\GFilterSvc.exe -- (GFilterSvc)
SRV - [2013.02.15 16:26:35 | 000,067,584 | ---- | M] () [Auto | Running] -- C:\Windows\System32\CHxReaeingStringIME.exe -- (iscsicql)
SRV - [2013.01.29 14:30:00 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.23 17:46:30 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) [Disabled | Stopped] -- C:\Windows\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PRISMA02.sys -- (PRISM_A02)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\CBPMp50.sys -- (CBPMp50)
DRV - [2013.02.25 16:05:48 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.02.25 16:05:48 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.02.25 16:05:48 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.25 16:05:48 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.08.17 09:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.08.17 09:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.08.17 09:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.08.17 09:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.01.21 03:23:00 | 000,000,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2007.11.18 02:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.10.31 11:23:22 | 000,124,960 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.10.31 11:23:22 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.10.23 17:48:16 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2007.10.23 17:48:12 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\Windows\System32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2007.07.07 08:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.04.20 20:29:24 | 000,870,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007.01.29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006.12.02 12:19:30 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006.11.28 21:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CBPSp50.sys -- (CBPSp50)
DRV - [2005.12.19 10:15:44 | 000,028,800 | ---- | M] (O2Micro ) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2005.08.05 03:51:26 | 000,034,144 | ---- | M] (O2Micro ) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2000.06.02 18:07:56 | 000,003,636 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HIDSWVD.sys -- (HIDSwvd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://gogle.de/
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 90 83 B7 B1 0B CE 01  [binary data]
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\SearchScopes\{13B42FF3-B6DC-413C-BA4C-BCDB077EF609}: "URL" = hxxp://eu.wowarmory.com/search.xml?searchQuery={searchTerms}&searchType=all
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\SearchScopes\{2541357A-CF45-4F95-A283-39F210F10A04}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=f610184d-b9b0-4362-b728-06939e49879c&apn_sauid=F370E216-45FB-40D1-9A66-4DDC59899FAE
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={1F703F1F-1CE7-482E-AAB4-45F0A69F6AB8}&mid=93110bfb70c947d18667d16d6715f00b-8ace37aa17cc00c20a7496765243dec3e233c46f&lang=de&ds=tt014&pr=sa&d=2012-01-14 15:16:13&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6R8HV4m8ur&i=26
IE - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013.03.02 15:55:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013.03.02 15:55:18 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.de/
CHR - Extension: IB Updater = C:\Users\*****AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.576_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll ()
O2 - BHO: (DNS Error Helper) - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll ()
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3396425265-1340493425-710984192-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.lnk =  File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{347A8191-78C4-4D4B-B91B-B163B90A8A5B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C78B36F8-4683-43EF-AF44-94B44BD9DA42}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.12 20:07:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe
[2013.03.11 15:08:52 | 000,000,000 | R--D | C] -- C:\Users *****\Contacts
[2013.03.09 18:19:57 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.03.09 13:32:55 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.03.09 10:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.08 17:29:36 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2013.03.08 17:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.03 14:38:48 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\*************
[2013.02.27 15:28:08 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.02.27 14:43:25 | 000,000,000 | ---D | C] -- C:\Users\*****Documents\************
[2013.02.27 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.02.27 13:38:20 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.02.27 11:24:28 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.02.26 14:18:34 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.02.26 14:15:39 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.02.26 14:11:59 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************
[2013.02.26 13:24:31 | 000,000,000 | ---D | C] -- C:\Users\*****Documents\************ 
[2013.02.26 12:26:44 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************  
[2013.02.25 16:07:03 | 000,000,000 | ---D | C] -- C:\Firefox
[2013.02.25 16:06:47 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.02.25 16:06:47 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.02.25 16:06:47 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.02.25 16:06:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.02.24 15:44:03 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\************  
[2013.02.24 15:23:52 | 000,000,000 | ---D | C] -- C:\Users\*****Documents\************ 
[2013.02.23 00:31:42 | 000,000,000 | ---D | C] -- C:\Users\*****AppData\Local\DoNotTrackPlus
[2013.02.18 16:13:11 | 000,000,000 | ---D | C] -- C:\Users\*****AppData\Roaming\Avira
[2013.02.18 16:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.02.18 10:15:44 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\AskToolbar
[2013.02.18 10:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2013.02.18 10:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.15 16:56:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO
[2013.02.15 16:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\node PDF-XChange
[2013.02.15 16:42:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\4D
[2013.02.15 16:40:46 | 000,059,008 | ---- | C] (Tracker Software Products Ltd.) -- C:\Windows\System32\pxc40pm.dll
[2013.02.15 16:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2013.02.15 16:39:46 | 000,000,000 | ---D | C] -- C:\EXPOSE8_App
[2013.02.15 16:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.02.15 16:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2013.02.15 16:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.02.15 16:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent
[2013.02.15 16:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DNSErrorHelper
[2013.02.15 16:26:35 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\DesktopIconForAmazon
[2013.02.15 16:26:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Opera
[2013.02.15 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\OCS
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.12 20:07:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.03.12 20:01:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.12 19:23:12 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.12 19:23:12 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.12 19:23:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.12 19:23:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.12 19:23:00 | 3220,316,160 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.10 09:43:03 | 000,002,605 | ---- | M] () -- C:\Users\*****esktop\Microsoft Word.lnk
[2013.03.09 20:23:56 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.09 20:23:56 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.09 20:23:56 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.09 20:23:56 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.09 10:12:19 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.06 17:36:13 | 000,002,708 | ---- | M] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2013.03.04 13:01:48 | 000,196,608 | ---- | M] () -- C:\Windows\SPInstall.etl
[2013.03.04 12:35:30 | 000,002,641 | ---- | M] () -- C:\Users\*****\Desktop\Microsoft Excel.lnk
[2013.03.04 09:58:40 | 000,028,160 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll
[2013.03.04 09:07:26 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2013.03.04 09:07:26 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2013.03.04 09:07:26 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll
[2013.02.27 15:56:35 | 000,000,830 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.02.25 16:05:48 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.02.25 16:05:48 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.02.25 16:05:48 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.02.25 16:05:48 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.02.15 16:26:37 | 000,096,768 | ---- | M] () -- C:\Windows\System32\GFilterSvc.exe
[2013.02.15 16:26:35 | 000,067,584 | ---- | M] () -- C:\Windows\System32\CHxReaeingStringIME.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.11 19:56:49 | 000,001,757 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.lnk
[2013.03.06 17:41:39 | 3220,316,160 | -HS- | C] () -- C:\hiberfil.sys
[2013.03.04 13:00:54 | 000,196,608 | ---- | C] () -- C:\Windows\SPInstall.etl
[2013.02.25 16:07:53 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.15 16:27:08 | 000,000,830 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.02.15 16:26:37 | 000,096,768 | ---- | C] () -- C:\Windows\System32\GFilterSvc.exe
[2013.02.15 16:26:35 | 000,067,584 | ---- | C] () -- C:\Windows\System32\CHxReaeingStringIME.exe
[2012.10.12 10:38:32 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2012.02.21 11:30:33 | 000,196,653 | ---- | C] () -- C:\Windows\System32\drivers\aVivid.bin
[2012.02.21 11:30:33 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\nVivid.bin
[2012.02.21 11:30:33 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\nStandard.bin
[2012.02.21 11:30:33 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\nAsmedia.bin
[2012.02.21 11:30:33 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\nAdvanced.bin
[2012.02.21 11:30:33 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\aAdvanced.bin
[2012.02.21 11:30:33 | 000,196,582 | ---- | C] () -- C:\Windows\System32\drivers\aStandard.bin
[2012.02.21 11:30:33 | 000,196,582 | ---- | C] () -- C:\Windows\System32\drivers\aAsmedia.bin
[2012.02.21 11:30:33 | 000,000,018 | ---- | C] () -- C:\Windows\System32\atkid.ini
[2012.02.21 11:30:32 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.02.21 11:30:32 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.02.21 11:30:32 | 000,046,592 | ---- | C] () -- C:\Windows\System32\asfrench.dll
[2012.02.21 11:30:32 | 000,046,080 | ---- | C] () -- C:\Windows\System32\asrussian.dll
[2012.02.21 11:30:32 | 000,046,080 | ---- | C] () -- C:\Windows\System32\asgerman.dll
[2012.02.21 11:30:32 | 000,046,080 | ---- | C] () -- C:\Windows\System32\aseng.dll
[2012.02.21 11:30:32 | 000,045,568 | ---- | C] () -- C:\Windows\System32\askorean.dll
[2012.02.21 11:30:32 | 000,045,568 | ---- | C] () -- C:\Windows\System32\asjapan.dll
[2012.02.21 11:30:32 | 000,045,568 | ---- | C] () -- C:\Windows\System32\ASCHT.dll
[2012.02.21 11:30:32 | 000,045,568 | ---- | C] () -- C:\Windows\System32\aschs.dll
[2012.01.12 18:38:53 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\{5FE5A8F1-9357-46EC-9BE4-16F6F8D0EA4D}
[2012.01.11 21:22:15 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\{6D303FFB-B5C9-4A9C-A927-4D6F18EB4F9F}
[2011.11.09 00:44:23 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\{59EC2B87-EDC8-41D2-8418-0EF890C99184}
[2011.11.06 12:17:15 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.11.06 12:17:03 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[2011.06.28 11:54:52 | 000,164,302 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.06.28 11:54:38 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010.03.23 17:21:59 | 010,335,744 | ---- | C] () -- C:\Program Files\usb_adapter_108_V2025_eng.exe
[2009.01.23 17:49:13 | 000,002,708 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2008.10.06 09:59:51 | 000,012,800 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.15 16:52:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\4D
[2013.02.15 16:55:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DesktopIconForAmazon
[2009.04.27 16:14:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MobMapUpdater
[2013.02.15 16:26:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OCS
[2013.02.15 16:26:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera
[2012.09.04 13:42:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client
[2012.03.24 19:33:15 | 000,000,000 | ---D | M] -- C:\Users\*****\Roaming\ts3overlay
[2012.01.14 15:15:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

cosinus · 13.03.2013, 11:37

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

bobbypascha · 14.03.2013, 11:40

hey,
ich habe mehrmals versucht den Logfile unter Gmer.txt auf Destkop zu speichern, hatte immer die Ansage kann nicht gespeichert werden zuviel Speicher. Kann nicht sein habe genug Arbeitsspeicher. ok
Habe dann mit Malwarebytes Anti-Rootkit aktiviert hier die Daten:
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
Malwarebytes : Free Anti-Malware download

Database version: v2013.02.15.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
***** :: ***** [administrator]

14.03.2013 11:27:57
mbar-log-2013-03-14 (11-27-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29345
Time elapsed: 10 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Danach habe ich den Rechner runtergefahren und Neustart gemacht und habe die Uptades - Windows gestartet es waren 31 Stück, wurden wieder nicht konfiguriert.

Langsam verzweifele ich

((

Gruss
Bobbypascha

cosinus · 14.03.2013, 14:41

Zitat:

Database version: v2013.02.15.09

So wird das auch nichts, du musst die SIgnaturen von MBAR aktualisieren und den Scan wiederholen
Außerdem solltest du die Logs in CODE-Tags posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

bobbypascha · 14.03.2013, 17:24

sry, habe den MBAR aktualisiert, er hatte einen Fund. habe dann das gesamte Longfile mit Strg+A makiert und anschließend mit Strg.+C kopiert in die Zwischenablage im Editor finde ich die Route nicht.

probiere es nochmal so, sry sry sry

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.14.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
***** :: ***** [administrator]

14.03.2013 16:25:35
mbar-log-2013-03-14 (16-25-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29140
Time elapsed: 7 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\****\AppData\Local\Temp\PricePeep_BetterInstaller_2012-10-02.exe (Adware.Shopper) -> Delete on reboot.

(end)

cosinus · 14.03.2013, 21:51

Bitte die Logs in CODE-Tags posten, es wurde genau ein Posting vorher von mir haarklein erklärt wie das geht!

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

bobbypascha · 15.03.2013, 10:57

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-15 07:31:29
-----------------------------
07:31:29.181    OS Version: Windows 6.0.6002 Service Pack 2
07:31:29.181    Number of processors: 2 586 0x1706
07:31:29.181    ComputerName: *****  UserName: *****
07:31:32.634    Initialize success
07:33:17.873    AVAST engine defs: 13031402
07:33:40.107    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
07:33:40.107    Disk 0 Vendor: WDC_WD5000AAVS-00ZTB0 01.01B01 Size: 476940MB BusType: 3
07:33:40.138    Disk 0 MBR read successfully
07:33:40.138    Disk 0 MBR scan
07:33:40.154    Disk 0 Windows VISTA default MBR code
07:33:40.169    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       468937 MB offset 2048
07:33:40.201    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         8000 MB offset 960387072
07:33:40.216    Disk 0 scanning sectors +976771072
07:33:40.279    Disk 0 scanning C:\Windows\system32\drivers
07:33:50.263    Service scanning
07:33:57.623    Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
07:33:59.873    Service iscsicql C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
07:34:13.091    Modules scanning
07:34:16.826    Disk 0 trace - called modules:
07:34:16.873    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
07:34:16.888    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86408ac8]
07:34:16.888    3 CLASSPNP.SYS[8af678b3] -> nt!IofCallDriver -> [0x8528d860]
07:34:16.904    5 acpi.sys[8ae436bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x8527d3c8]
07:34:20.498    AVAST engine scan C:\Windows
07:34:26.044    AVAST engine scan C:\Windows\system32
07:34:35.982    File: C:\Windows\system32\CHxReaeingStringIME.exe  **INFECTED** Win32:Agent-AQRH [Trj]
07:38:23.904    AVAST engine scan C:\Windows\system32\drivers
07:38:38.482    AVAST engine scan C:\Users\*****
07:50:48.638    AVAST engine scan C:\ProgramData
07:52:25.591    Scan finished successfully
07:53:01.873    Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
07:53:01.904    The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-15 07:31:29
-----------------------------
07:31:29.181    OS Version: Windows 6.0.6002 Service Pack 2
07:31:29.181    Number of processors: 2 586 0x1706
07:31:29.181    ComputerName:****  UserName: *****
07:31:32.634    Initialize success
07:33:17.873    AVAST engine defs: 13031402
07:33:40.107    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
07:33:40.107    Disk 0 Vendor: WDC_WD5000AAVS-00ZTB0 01.01B01 Size: 476940MB BusType: 3
07:33:40.138    Disk 0 MBR read successfully
07:33:40.138    Disk 0 MBR scan
07:33:40.154    Disk 0 Windows VISTA default MBR code
07:33:40.169    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       468937 MB offset 2048
07:33:40.201    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         8000 MB offset 960387072
07:33:40.216    Disk 0 scanning sectors +976771072
07:33:40.279    Disk 0 scanning C:\Windows\system32\drivers
07:33:50.263    Service scanning
07:33:57.623    Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
07:33:59.873    Service iscsicql C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
07:34:13.091    Modules scanning
07:34:16.826    Disk 0 trace - called modules:
07:34:16.873    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
07:34:16.888    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86408ac8]
07:34:16.888    3 CLASSPNP.SYS[8af678b3] -> nt!IofCallDriver -> [0x8528d860]
07:34:16.904    5 acpi.sys[8ae436bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x8527d3c8]
07:34:20.498    AVAST engine scan C:\Windows
07:34:26.044    AVAST engine scan C:\Windows\system32
07:34:35.982    File: C:\Windows\system32\CHxReaeingStringIME.exe  **INFECTED** Win32:Agent-AQRH [Trj]
07:38:23.904    AVAST engine scan C:\Windows\system32\drivers
07:38:38.482    AVAST engine scan C:\Users\*****
07:50:48.638    AVAST engine scan C:\ProgramData
07:52:25.591    Scan finished successfully
07:53:01.873    Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
07:53:01.904    The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
07:56:18.891    Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
07:56:18.922    The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-15 07:31:29
-----------------------------
07:31:29.181    OS Version: Windows 6.0.6002 Service Pack 2
07:31:29.181    Number of processors: 2 586 0x1706
07:31:29.181    ComputerName: *****  UserName: *****
07:31:32.634    Initialize success
07:33:17.873    AVAST engine defs: 13031402
07:33:40.107    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
07:33:40.107    Disk 0 Vendor: WDC_WD5000AAVS-00ZTB0 01.01B01 Size: 476940MB BusType: 3
07:33:40.138    Disk 0 MBR read successfully
07:33:40.138    Disk 0 MBR scan
07:33:40.154    Disk 0 Windows VISTA default MBR code
07:33:40.169    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       468937 MB offset 2048
07:33:40.201    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         8000 MB offset 960387072
07:33:40.216    Disk 0 scanning sectors +976771072
07:33:40.279    Disk 0 scanning C:\Windows\system32\drivers
07:33:50.263    Service scanning
07:33:57.623    Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
07:33:59.873    Service iscsicql C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
07:34:13.091    Modules scanning
07:34:16.826    Disk 0 trace - called modules:
07:34:16.873    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
07:34:16.888    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86408ac8]
07:34:16.888    3 CLASSPNP.SYS[8af678b3] -> nt!IofCallDriver -> [0x8528d860]
07:34:16.904    5 acpi.sys[8ae436bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x8527d3c8]
07:34:20.498    AVAST engine scan C:\Windows
07:34:26.044    AVAST engine scan C:\Windows\system32
07:34:35.982    File: C:\Windows\system32\CHxReaeingStringIME.exe  **INFECTED** Win32:Agent-AQRH [Trj]
07:38:23.904    AVAST engine scan C:\Windows\system32\drivers
07:38:38.482    AVAST engine scan C:\Users\*****
07:50:48.638    AVAST engine scan C:\ProgramData
07:52:25.591    Scan finished successfully
07:53:01.873    Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
07:53:01.904    The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
07:56:18.891    Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
07:56:18.922    The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
07:57:55.519    Disk 0 MBR has been saved successfully to "C:\Users\*****\Downloads\MBR.dat"
07:57:55.535    The log file has been saved successfully to "C:\Users\*****\Downloads\aswMBR.txt"
08:00:06.725    Disk 0 MBR has been saved successfully to "C:\Users\*****\Documents\MBR.dat"
08:00:06.975    The log file has been saved successfully to "C:\Users\*****\Documents\aswMBR.txt"
08:01:08.212    Disk 0 MBR has been saved successfully to "C:\Users\*****\Documents\MBR.dat"
08:01:08.212    The log file has been saved successfully to "C:\Users\*****\Documents\aswMBR.txt"
08:03:02.521    Disk 0 MBR has been saved successfully to "C:\Users\*****Desktop\MBR.dat"
08:03:02.536    The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-15 07:31:29
-----------------------------
07:31:29.181    OS Version: Windows 6.0.6002 Service Pack 2
07:31:29.181    Number of processors: 2 586 0x1706
07:31:29.181    ComputerName: *****  UserName: *****
07:31:32.634    Initialize success
07:33:17.873    AVAST engine defs: 13031402
07:33:40.107    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
07:33:40.107    Disk 0 Vendor: WDC_WD5000AAVS-00ZTB0 01.01B01 Size: 476940MB BusType: 3
07:33:40.138    Disk 0 MBR read successfully
07:33:40.138    Disk 0 MBR scan
07:33:40.154    Disk 0 Windows VISTA default MBR code
07:33:40.169    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       468937 MB offset 2048
07:33:40.201    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         8000 MB offset 960387072
07:33:40.216    Disk 0 scanning sectors +976771072
07:33:40.279    Disk 0 scanning C:\Windows\system32\drivers
07:33:50.263    Service scanning
07:33:57.623    Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
07:33:59.873    Service iscsicql C:\Windows\system32\CHxReaeingStringIME.exe **INFECTED** Win32:Agent-AQRH [Trj]
07:34:13.091    Modules scanning
07:34:16.826    Disk 0 trace - called modules:
07:34:16.873    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
07:34:16.888    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86408ac8]
07:34:16.888    3 CLASSPNP.SYS[8af678b3] -> nt!IofCallDriver -> [0x8528d860]
07:34:16.904    5 acpi.sys[8ae436bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x8527d3c8]
07:34:20.498    AVAST engine scan C:\Windows
07:34:26.044    AVAST engine scan C:\Windows\system32
07:34:35.982    File: C:\Windows\system32\CHxReaeingStringIME.exe  **INFECTED** Win32:Agent-AQRH [Trj]
07:38:23.904    AVAST engine scan C:\Windows\system32\drivers
07:38:38.482    AVAST engine scan C:\Users\*****
07:50:48.638    AVAST engine scan C:\ProgramData
07:52:25.591    Scan finished successfully

cosinus · 15.03.2013, 12:48

Was ist mit dem anderen Tool?

Zitat:

C:\Windows\system32\CHxReaeingStringIME.exe

Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

bobbypascha · 15.03.2013, 14:15

C:\72feafd18f6f85bacd8b37aac0c4e03915d8f64e5c55b5d8faded86fa1affd27

ich hoffe es ist der richtige

gruß petra

12.03.2013, 23:44	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	kann keine Windows Updates machen alles wird wieder rückgängig gemacht, habe auch die csrss.exe zweimal Was ist mit dem anderen Log von OTL, das nebenbei bemerkt viel wichtiger ist als die extras.txt? __________________ --> kann keine Windows Updates machen alles wird wieder rückgängig gemacht, habe auch die csrss.exe zweimal

kann keine Windows Updates machen alles wird wieder rückgängig gemacht, habe auch die csrss.exe zweimal

Log-Analyse und Auswertung: kann keine Windows Updates machen alles wird wieder rückgängig gemacht, habe auch die csrss.exe zweimal