Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Computer läuft zu langsam oder garnicht

Computer läuft zu langsam oder garnicht


Log-Analyse und Auswertung: Computer läuft zu langsam oder garnicht

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 19.02.2010, 16:24   #1
Marlissa
 
Computer läuft zu langsam oder garnicht - Standard

Computer läuft zu langsam oder garnicht


-explorer braucht ewig um aufzugehen
-computer arbeitet zu langsam
-habe keine Ahnung von Computer weiss nur wie er an und aus geht.Bei Anleitungen bitte genaue Anweisungen

malwarebytes

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3760
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

19.02.2010 15:47:10
mbam-log-2010-02-19 (15-47-10).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 228379
Laufzeit: 32 minute(s), 12 second(s)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 3
Infizierte Registrierungsschlüssel: 62
Infizierte Registrierungswerte: 9
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 19
Infizierte Dateien: 102

Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\marlissa\Anwendungsdaten\WhereSphere\wheresphere.exe (Adware.WhereSphere) -> Unloaded process successfully.
C:\Dokumente und Einstellungen\marlissa\Anwendungsdaten\Microsoft\Windows\oulwsv.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\9129837.exe (Trojan.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\WINDOWS\system32\kbdusr32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\6.tmp (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\sprio80032.dll (Trojan.Tracur) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{007117bc-4908-4d41-898b-7c7aa6da2bff} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{007117bc-4908-4d41-898b-7c7aa6da2bff} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\320d180e700 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{007117bc-4908-4d41-898b-7c7aa6da2bff} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\evenmoremegaswelladsforyou.evenmoremegaswelladsforyou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\evenmoremegaswelladsforyou.evenmoremegaswelladsforyou.1 (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{338bfb9a-ea66-7554-fb44-df75ba3936ac} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1cac32c4-1d91-9430-9efd-947861eb3b39} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb692fe4-6873-09e0-c127-95e8ba2f94ff} (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb692fe4-6873-09e0-c127-95e8ba2f94ff} (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{869518cc-e538-47c4-8150-3c97549c5c98} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{869518cc-e538-47c4-8150-3c97549c5c98} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{869518cc-e538-47c4-8150-3c97549c5c98} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{869518cc-e538-47c4-8150-3c97549c5c98} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{869518cd-e538-47c4-8150-3c97549c5c98} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{869518cd-e538-47c4-8150-3c97549c5c98} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{869518cd-e538-47c4-8150-3c97549c5c98} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{869518cd-e538-47c4-8150-3c97549c5c98} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wheresphere (Adware.WhereSphere) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WhereSphere (Adware.WhereSphere) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\EvenMoreMegaSwellAdsForYou.DLL (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\EvenMoreMegaSwellAdsForYou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\PremiereAdvertisingPlatform.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hbcvxykl (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{869518cc-e538-47c4-8150-3c97549c5c98} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{869518cc-e538-47c4-8150-3c97549c5c98} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wheresphere (Adware.WhereSphere) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wipus (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ttool (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\kbdusr32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: system32\kbdusr32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\ShoppingReport\cs\res2 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Programme\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Delete on reboot.
C:\Dokumente und Einstellungen\marlissa\Startmenü\Programme\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\marlissa\Anwendungsdaten\WhereSphere (Adware.WhereSphere) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\sprio80032.dll (Trojan.BHO.H) -> Delete on reboot.
c:\dokumente und einstellungen\marlissa\lokale einstellungen\anwendungsdaten\hbcvxykl.exe (Trojan.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\kbdusr32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\6.tmp (Trojan.Tracur) -> Delete on reboot.
C:\Programme\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll (Adware.PlayMP3z) -> Delete on reboot.
C:\WINDOWS\system32\tsbyuv32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mmdrv32.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbdfr32.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\12A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ncxpnt32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\74.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\usrvpa32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\0f78.dll (Adware.Mirar) -> Delete on reboot.
C:\WINDOWS\system32\winsta32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mag_hook32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\samlib32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbdusr32(3).dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntsdexts32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wmerrDEU32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oleaccrc32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\deskperf32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rsvpperf32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wavemsp32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Programme\PlayMP3z\PlayMP3.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Programme\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AEB2247-8163-4A3E-8912-821F95B85C3A}\RP600\A0085328.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AEB2247-8163-4A3E-8912-821F95B85C3A}\RP600\A0085330.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AEB2247-8163-4A3E-8912-821F95B85C3A}\RP600\A0085331.dll (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AEB2247-8163-4A3E-8912-821F95B85C3A}\RP600\A0085389.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AEB2247-8163-4A3E-8912-821F95B85C3A}\RP600\A0085390.exe (Adware.Kwanzy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AEB2247-8163-4A3E-8912-821F95B85C3A}\RP600\A0085396.exe (Adware.Kwanzy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AEB2247-8163-4A3E-8912-821F95B85C3A}\RP604\A0087107.exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AEB2247-8163-4A3E-8912-821F95B85C3A}\RP608\A0088221.exe (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AEB2247-8163-4A3E-8912-821F95B85C3A}\RP611\A0089252.exe (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AEB2247-8163-4A3E-8912-821F95B85C3A}\RP611\A0089253.exe (Rogue.PClean) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AEB2247-8163-4A3E-8912-821F95B85C3A}\RP611\A0089254.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AEB2247-8163-4A3E-8912-821F95B85C3A}\RP612\A0091422.exe (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AEB2247-8163-4A3E-8912-821F95B85C3A}\RP612\A0091423.exe (Rogue.PClean) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AEB2247-8163-4A3E-8912-821F95B85C3A}\RP612\A0091424.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AEB2247-8163-4A3E-8912-821F95B85C3A}\RP615\A0091584.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AEB2247-8163-4A3E-8912-821F95B85C3A}\RP615\A0091585.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AEB2247-8163-4A3E-8912-821F95B85C3A}\RP615\A0091587.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\ShoppingReport\cs\res2\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\024CF39B (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\000A5236.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\000A608E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\000A62B1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\000A6522.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\000A74E1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Programme\PremiereAdvertisingPlatform\uninstall.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\marlissa\Startmenü\Programme\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\marlissa\Anwendungsdaten\WhereSphere\WSUninstall.exe (Adware.WhereSphere) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\marlissa\Anwendungsdaten\WhereSphere\wheresphere.exe (Adware.WhereSphere) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\marlissa\Anwendungsdaten\WhereSphere\config.cfg (Adware.WhereSphere) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1750549076v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1750549076v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1750549076v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1750549076v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1750549076v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1750549076v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1750549076v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1750549076v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@i1750549076v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1750549076v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@i1750549076v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@i1750549076v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1750549076v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1750549076v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1750549076v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1750549076v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_i1750549076v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1750549076v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_i1750549076v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_i1750549076v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1750549076v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1750549076v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1750549076v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1750549076v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1750549076v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1750549076v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1750549076v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1750549076v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1750549076v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1750549076v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1750549076v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\marlissa\Anwendungsdaten\Microsoft\Windows\oulwsv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\9129837.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
Code:
ATTFilter
Logfile of random's system information tool 1.06 (written by random/random)
Run by marlissa at 2010-02-19 16:08:55
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 18 GB (40%) free of 46 GB
Total RAM: 1014 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:09:09, on 19.02.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Acer\eRecovery\Monitor.exe
C:\Programme\Acer\Acer Arcade\PCMService.exe
C:\Programme\QuickTime\qttask.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\marlissa\Desktop\RSIT.exe
C:\Programme\trend micro\marlissa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Programme\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.commerzbanking.de
O15 - Trusted Zone: www.freenet.de
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-de.cab
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.tanzbarscorpio.de/auth/controls/IlosoftImageUpload.dll
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O16 - DPF: {FA81E151-CFE7-4B18-8B9E-8B96E62BAC11} - https://de.web.music.realnetworks.com/portal/applets/DownloadManager.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 13146 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer prüfen - marlissa.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job
C:\WINDOWS\tasks\ParetoLogic Registration.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-07-15 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - C:\Programme\Norton AntiVirus\NavShExt.dll [2005-07-19 218736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Programme\Norton AntiVirus\NavShExt.dll [2005-07-19 218736]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-07 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-07 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-06-07 114688]
"High Definition Audio Property Page Shortcut"=HDAShCut.exe []
"AzMixerSel"=C:\Programme\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 53248]
"SynTPLpr"=C:\Programme\Synaptics\SynTP\SynTPLpr.exe [2004-10-08 98394]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2004-10-08 688218]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PCMService"=C:\Programme\Acer\Acer Arcade\PCMService.exe [2005-08-11 143360]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2005-08-24 98304]
"EPM-DM"=c:\acer\epm\epm-dm.exe [2005-08-11 200704]
"ePowerManagement"=C:\Acer\ePM\ePM.exe [2005-03-15 2893824]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2005-08-19 462848]
"eRecoveryService"=C:\Programme\Acer\eRecovery\Monitor.exe [2005-08-18 352256]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"ccApp"=C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [2007-02-21 58984]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2007-10-16 100056]
"RealTray"=C:\Programme\Real\RealPlayer\RealPlay.exe [2005-08-24 26112]
"HP Software Update"=C:\Programme\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"NWEReboot"= []
"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-08-09 14743552]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-26 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"updateMgr"=C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2004-11-22 307200]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208]
"Skype"=C:\Programme\Skype\Phone\Skype.exe [2009-07-16 25604904]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Adobe Reader Speed Launch.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier – Schnellstart.lnk - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-07 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Acer\Acer Arcade\PCMService.exe"="C:\Programme\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe"="C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe"="C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Programme\AOL 9.0\waol.exe"="C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\IncrediMail\bin\ImApp.exe"="C:\Programme\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Programme\IncrediMail\bin\IncMail.exe"="C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Programme\IncrediMail\bin\ImpCnt.exe"="C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:Windows Shell"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe"="C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe"="C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Programme\AOL 9.0\waol.exe"="C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 3 months======

2010-02-19 16:08:56 ----D---- C:\Programme\trend micro
2010-02-19 16:08:55 ----D---- C:\rsit
2010-02-19 15:26:08 ----A---- C:\WINDOWS\system32\29.tmp
2010-02-19 14:37:41 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Malwarebytes
2010-02-19 14:37:30 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-02-19 14:37:30 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-02-19 14:31:45 ----D---- C:\Programme\CCleaner
2010-02-19 14:22:09 ----HD---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-19 14:19:49 ----HD---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-19 13:30:39 ----A---- C:\WINDOWS\system32\54.tmp
2010-02-19 13:24:42 ----HD---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-19 13:24:25 ----HD---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-19 13:22:59 ----A---- C:\WINDOWS\system32\25.tmp
2010-02-19 13:22:58 ----A---- C:\WINDOWS\system32\24.tmp
2010-01-21 17:12:47 ----A---- C:\WINDOWS\WindowsXP-KB822603-x86.exe
2010-01-21 17:12:45 ----A---- C:\WINDOWS\vsnp2std.exe
2010-01-21 17:12:44 ----A---- C:\WINDOWS\snp2std.ini
2010-01-21 17:12:39 ----A---- C:\WINDOWS\vsnp2std.dll
2010-01-21 17:12:39 ----A---- C:\WINDOWS\system32\csnp2std.dll
2010-01-21 17:12:39 ----A---- C:\WINDOWS\rsnp2std.dll
2010-01-18 17:13:47 ----D---- C:\WINDOWS\ie8updates
2010-01-18 17:10:19 ----HD---- C:\WINDOWS\ie8
2010-01-18 17:04:21 ----A---- C:\WINDOWS\system32\KfgDROvSgd5qNsV.vbs
2010-01-15 14:26:25 ----A---- C:\WINDOWS\system32\C7lMU.vbs
2010-01-15 00:58:27 ----HD---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-15 00:58:19 ----HD---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-14 13:24:41 ----A---- C:\WINDOWS\system32\kp5PgLQgcSjB8PX.vbs
2010-01-12 13:59:14 ----A---- C:\WINDOWS\system32\EPCMU.vbs
2010-01-08 14:47:12 ----A---- C:\WINDOWS\system32\3xZja4dFOUV7V.vbs
2010-01-08 13:58:55 ----A---- C:\WINDOWS\system32\27.tmp
2010-01-08 13:58:55 ----A---- C:\WINDOWS\system32\26.tmp
2010-01-04 21:05:21 ----A---- C:\WINDOWS\system32\CPomW.vbs
2010-01-04 19:01:37 ----A---- C:\WINDOWS\system32\aPlN6.vbs
2010-01-04 18:57:44 ----HD---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-04 18:57:39 ----HD---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-04 18:57:33 ----HD---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-04 18:56:55 ----HD---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-04 18:56:10 ----HD---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-12 05:21:26 ----A---- C:\WINDOWS\system32\Xk0En8pufWcw6GS.vbs
2009-12-12 05:09:36 ----A---- C:\WINDOWS\system32\AscSQLite.dll
2009-12-12 05:09:36 ----A---- C:\WINDOWS\system32\AscConTest.dll
2009-12-12 05:09:36 ----A---- C:\WINDOWS\system32\ascbalon.dll
2009-12-09 11:37:18 ----A---- C:\WINDOWS\system32\B6.tmp
2009-12-09 11:37:16 ----A---- C:\WINDOWS\system32\B5.tmp
2009-12-08 12:10:03 ----A---- C:\WINDOWS\system32\17.tmp
2009-12-08 12:10:03 ----A---- C:\WINDOWS\system32\16.tmp
2009-12-01 19:48:21 ----A---- C:\WINDOWS\system32\SU97q.vbs
2009-12-01 17:54:40 ----A---- C:\WINDOWS\system32\36.tmp
2009-12-01 17:54:38 ----A---- C:\WINDOWS\system32\35.tmp
2009-11-25 17:21:02 ----HD---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 17:20:53 ----HD---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-24 11:10:49 ----A---- C:\WINDOWS\system32\s0Q1v.vbs
2009-11-23 17:26:18 ----D---- C:\WINDOWS\system32\4161385
2009-11-23 17:26:18 ----D---- C:\Dokumente und Einstellungen\marlissa\Anwendungsdaten\WinRAR
2009-11-23 17:23:46 ----D---- C:\Dokumente und Einstellungen\marlissa\Anwendungsdaten\Windows Live Writer
2009-11-23 17:04:01 ----A---- C:\WINDOWS\system32\J9R6b.vbs
2009-11-23 15:57:14 ----D---- C:\WINDOWS\SHELLNEW
2009-11-23 15:57:12 ----D---- C:\Programme\Gemeinsame Dateien\DESIGNER
2009-11-23 15:57:11 ----D---- C:\Programme\Microsoft.NET
2009-11-23 15:56:18 ----RHD---- C:\MSOCache
2009-11-22 13:58:42 ----D---- C:\Programme\G & G Soft
2009-11-22 13:58:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G & G Soft
2009-11-21 12:37:25 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion(3)
2009-11-21 12:37:23 ----D---- C:\Programme\FunWebProducts(3)
2009-11-21 12:37:22 ----D---- C:\Programme\MyWebSearch(3)
2009-11-20 17:59:36 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion
2009-11-20 17:20:30 ----A---- C:\WINDOWS\system32\3qxtDWFnI28R5.vbs
2009-11-20 11:55:46 ----A---- C:\WINDOWS\system32\8LfOyFr.vbs

======List of files/folders modified in the last 3 months======

2010-02-19 16:03:20 ----N---- C:\WINDOWS\system32\eRLog.ini
2010-02-19 16:00:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-26 00:09:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-21 17:12:54 ----A---- C:\WINDOWS\win.ini
2009-12-17 08:57:56 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-12-09 11:23:48 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-12-09 11:23:48 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-11-25 18:00:54 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Voice Modem with SmartCP.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192]
R1 SAVRTPEL;SAVRTPEL; \??\C:\Programme\Norton AntiVirus\SAVRTPEL.SYS []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-03-28 266552]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-07-05 17119]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-08-24 8552]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15.sys;int15.sys; \??\C:\Programme\Acer\eRecovery\int15.sys []
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-07 1050140]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-08-24 6144]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-03-28 11480]
R3 SymEvent;SymEvent; \??\C:\Programme\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-03-28 171928]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-03-28 37016]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\IDS-DI~1\20081031.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-03-28 47192]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-03-28 18904]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-08 185824]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys []
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys []
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-05-16 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-05-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-01-19 21568]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-08-09 3855360]
S3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20080109.006\NAVENG.Sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20080109.006\NavEx15.Sys []
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2003-04-04 30336]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 SAVRT;SAVRT; \??\C:\Programme\Norton AntiVirus\SAVRT.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2005-06-06 1273344]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler; C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 ccEvtMgr;Symantec Event Manager; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe [2007-02-21 198248]
R2 ccSetMgr;Symantec Settings Manager; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe [2007-02-21 181864]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2005-08-11 249954]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2005-08-11 114772]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2005-08-11 61440]
R2 EvtEng;EvtEng; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-26 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 NPFMntor;Norton AntiVirus Firewall Monitor Service; C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe [2005-01-10 46704]
R2 RegSrvc;RegSrvc; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
R2 SeaPort;SeaPort; C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe [2007-03-28 206552]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe [2004-07-21 173160]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 268800]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe [2005-07-19 67184]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe [2007-02-21 79464]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-03 2119360]
S3 navapsvc;Norton AntiVirus Auto-Protect-Dienst; C:\Programme\Norton AntiVirus\navapsvc.exe [2005-07-19 177264]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programme\WinPcap\rpcapd.exe [2003-04-04 77824]
S3 SAVScan;SAVScan; C:\Programme\Norton AntiVirus\SAVScan.exe [2004-12-10 198368]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

 

Themen zu Computer läuft zu langsam oder garnicht
.dll, 1.exe, adobe, adware.agent, adware.gamesbar, adware.hotbar, adware.mirar, adware.mywebsearch, adware.playmp3z, adware.shopperreports, adware.zango, browser, computer, desktop, diagnostics, disabled.securitycenter, einstellungen, fontcache, hdaudio.sys, helper, hijack, hijackthis, hkus\s-1-5-18, home, hook, install.exe, langsam, limewire, malware.trace, msimg32.dll, notebook, plug-in, programme, prüfen, realtek, registrierungsschlüssel, registry, rogue.ascentive, rogue.pclean, rogue.privacycenter, rundll, searchscopes, security, shortcut, skype.exe, software, symantec, system, toolbars, trojan.agent.h, trojan.downloader, trojan.tracur, usbvideo.sys, windows live messenger, windows xp, wlan, zu langsam


« TR/Object.amxf.7 | Hatte 2 Trojaner und wollte Hijack prüfen lassen »


Ähnliche Themen: Computer läuft zu langsam oder garnicht


  1. Computer läuft langsam
    Log-Analyse und Auswertung - 10.08.2015 (32)
  2. Netbook,Windows 7Starter läuft langsam oder reagiert gar nicht mehr
    Log-Analyse und Auswertung - 28.04.2015 (55)
  3. mein Computer läuft langsam
    Plagegeister aller Art und deren Bekämpfung - 15.03.2015 (5)
  4. Internet läuft sehr langsam oder gar nicht, Riskware gefunden
    Plagegeister aller Art und deren Bekämpfung - 08.12.2014 (10)
  5. Browser extrem langsam oder funktionieren nicht. PC läuft normal.
    Log-Analyse und Auswertung - 18.11.2014 (13)
  6. Google startet die Suche garnicht oder nur ganz langsam
    Plagegeister aller Art und deren Bekämpfung - 19.03.2014 (23)
  7. Computer läuft langsam und bunt unterstrichene Wörter führen zu Werbung...
    Plagegeister aller Art und deren Bekämpfung - 06.11.2013 (7)
  8. Computer stürzt ab, läuft dann stabil. Virus oder Hardwaredefekt?
    Log-Analyse und Auswertung - 18.09.2013 (23)
  9. Avira System Speedup scan und rechner stürzt ab oder läuft extrem langsam
    Log-Analyse und Auswertung - 18.02.2013 (28)
  10. Windowsdienste funktionieren nicht, screen friert ein oder system läuft langsam!
    Plagegeister aller Art und deren Bekämpfung - 29.05.2011 (1)
  11. Internet Explorer läuft im Hintergrung obwohl ich ihn garnicht geöffnet habe
    Log-Analyse und Auswertung - 14.12.2009 (1)
  12. internet seit tagen zu langsam oder garnicht 'ansprechbar'
    Log-Analyse und Auswertung - 10.03.2009 (1)
  13. Computer läuft plötzlich langsam
    Mülltonne - 03.11.2008 (0)
  14. Computer läuft vermutlich durch Viren langsam
    Plagegeister aller Art und deren Bekämpfung - 27.07.2007 (27)
  15. Internet läuft nicht oder langsam.
    Netzwerk und Hardware - 13.06.2007 (2)
  16. Computer läuft ziemlich langsam!!
    Log-Analyse und Auswertung - 10.07.2006 (1)
  17. Computer läuft ziemlich langsam! -> Log
    Log-Analyse und Auswertung - 16.10.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Computer läuft zu langsam oder garnicht - -explorer braucht ewig um aufzugehen -computer arbeitet zu langsam -habe keine Ahnung von Computer weiss nur wie er an und aus geht.Bei Anleitungen bitte genaue Anweisungen malwarebytes Code: Alles auswählen - Computer läuft zu langsam oder garnicht...
Archiv
Du betrachtest: Computer läuft zu langsam oder garnicht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19