Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Svchost beendet,Windowsdienste Fehler!

Svchost beendet,Windowsdienste Fehler!


Log-Analyse und Auswertung: Svchost beendet,Windowsdienste Fehler!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 12.08.2010, 12:16   #1
SugarAngel
 
Svchost beendet,Windowsdienste Fehler! - Standard

Svchost beendet,Windowsdienste Fehler!


Hallo,

seit 3 Tagen zeigt mein PC immer wieder ein Problem mit dem Hostprozess von Windows Diensten an ( svchost.exe )
Auch wurde vom Taskmanager zwei Sachen beendet u.a svchost (ist auch nach wie vor nicht mehr im Taskmanager zu finden,desweiteren ging ein Fenster auf in dem Stand das ich versuche eine E-Mail zu senden,dies jedoch nicht eingerichtet wäre,ich habe garnichts versucht zu schicken.
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04:39, on 12.08.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Pro\DTAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\kikin\KikinBroker.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Users\*****\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [T-Home Dialerschutz-Software] "C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix: 
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - hxxp://www6.king.com/ctl/kingcomie.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - hxxp://games.bigfishgames.com/de_big-city-adventure-sydney-australia/online/JBGamePlayer.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://tonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFD832B0-5D0A-4A31-BB56-1CB8A9AF36E2} (CPlayFirstdreamControl Object) - hxxp://games.bigfishgames.com/de_dream-chronicles/online/dream.1.0.0.17_de.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:   
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: T-Home Dialerschutz Dienst (DFSVC) - T-Systems International GmbH - C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7992 bytes
Ich hoffe ihr könnt mir helfen

Alt 12.08.2010, 12:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Svchost beendet,Windowsdienste Fehler! - Standard

Svchost beendet,Windowsdienste Fehler!


Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 12.08.2010, 12:42   #3
SugarAngel
 
Svchost beendet,Windowsdienste Fehler! - Standard

Svchost beendet,Windowsdienste Fehler!


Hier nun die Logfiles

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4420

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.08.2010 12:52:30
mbam-log-2010-08-12 (12-52-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 236075
Laufzeit: 1 Stunde(n), 29 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msn (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Conny\AppData\Local\Temp\NS9A73.tmp (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Conny\AppData\Local\Temp\NSAA86.tmp (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Conny\Win 7 Aktivatoren\Win 7 x86.x64 OEM Activation-WiiX\oem.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Conny\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
Code:
ATTFilter
OTL logfile created on: 12.08.2010 13:26:15 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Conny\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 564,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 48,18 Gb Free Space | 64,66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CONNY-PC
Current User Name: Conny
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Conny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
PRC - C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe (T-Systems International GmbH)
PRC - C:\Program Files\kikin\KikinBroker.exe (kikin)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe (T-Systems International GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Conny\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\T-Home\Dialerschutz-Software\df.dll (T-Systems International GmbH)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30128_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe (Microsoft Corporation)
SRV - (DFSVC) -- C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe (T-Systems International GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\Sandra.sys File not found
DRV - (cpuz132) -- C:\Users\Conny\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (SipIMNDI) -- C:\Windows\System32\drivers\SipIMNDI.sys (T-Systems International GmbH)
DRV - (DFSYS) -- C:\Program Files\T-Home\Dialerschutz-Software\DFSYS.SYS (T-Systems International GmbH)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ATIAVPCI) -- C:\Windows\System32\drivers\atinavrr.sys (ATI Technologies Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (moufiltr) -- C:\Windows\System32\drivers\moufiltr.sys (Chic)
DRV - (ati2mtag) -- C:\Windows\System32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 7A 86 51 86 93 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.t-online.de/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://torrentreactor.wyzostart.com/?cfg=2-156-0-1Ecch"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.31 09:01:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.15 20:35:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.11 16:46:51 | 000,000,000 | ---D | M]
 
[2010.04.15 20:36:24 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\mozilla\Extensions
[2010.01.12 16:59:36 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2010.08.04 21:44:02 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\mozilla\Firefox\Profiles\volb2ana.default\extensions
[2010.08.04 21:45:38 | 000,000,000 | ---D | M] (kikin plugin (JDownloader Edition)) -- C:\Users\Conny\AppData\Roaming\mozilla\Firefox\Profiles\volb2ana.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.07.25 19:43:35 | 000,002,059 | ---- | M] () -- C:\Users\Conny\AppData\Roaming\Mozilla\FireFox\Profiles\volb2ana.default\searchplugins\daemon-search.xml
[2010.08.11 16:46:54 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.08.11 16:46:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.08 12:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O2 - BHO: (no name) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\Windows\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe (T-Systems International GmbH)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} hxxp://www6.king.com/ctl/kingcomie.cab (king.com)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} hxxp://games.bigfishgames.com/de_big-city-adventure-sydney-australia/online/JBGamePlayer.cab (Jolly Bear Games Player)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://tonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DFD832B0-5D0A-4A31-BB56-1CB8A9AF36E2} hxxp://games.bigfishgames.com/de_dream-chronicles/online/dream.1.0.0.17_de.cab (CPlayFirstdreamControl Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\Windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{365adbba-982b-11df-8da3-0030055a8edf}\Shell - "" = AutoRun
O33 - MountPoints2\{365adbba-982b-11df-8da3-0030055a8edf}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\{4d014006-98c4-11df-b394-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4d014006-98c4-11df-b394-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{a2e15aca-ff77-11de-b4ed-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a2e15aca-ff77-11de-b4ed-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{c6d51a5c-06a8-11df-b24b-0030842a0971}\Shell - "" = AutoRun
O33 - MountPoints2\{c6d51a5c-06a8-11df-b24b-0030842a0971}\Shell\AutoRun\command - "" = G:\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.12 13:24:21 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Conny\Desktop\OTL.exe
[2010.08.12 13:04:08 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Conny\Desktop\HiJackThis.exe
[2010.08.12 10:10:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.12 10:10:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.12 10:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.12 10:09:53 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Conny\Desktop\mbam146-setup.exe
[2010.08.12 00:08:56 | 008,195,079 | ---- | C] (McAfee Inc.) -- C:\Users\Conny\Desktop\stinger1001886.exe
[2010.08.11 16:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.08.11 16:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.08.11 16:46:51 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.08.11 16:46:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.11 16:46:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.11 16:46:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.11 15:53:59 | 000,000,000 | ---D | C] -- C:\Users\Conny\Desktop\Vamp_Melina
[2010.08.11 14:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.08.11 12:14:37 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.11 12:10:25 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.08.11 12:10:25 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 12:10:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 12:08:11 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 12:08:10 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.11 12:06:22 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.11 12:06:22 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.11 12:06:22 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 12:06:22 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.11 12:06:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.11 12:06:20 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.11 12:06:20 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.11 12:06:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.10 21:45:23 | 000,468,533 | ---- | C] (http:\\cep.modthesims2.com                                  ) -- C:\Users\Conny\Desktop\ColourOptionsSetup_6.0_Setup.nolink.exe
[2010.08.06 23:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bullfrog
[2010.08.06 23:56:24 | 000,306,688 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2010.08.06 23:55:13 | 000,305,152 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010.08.06 17:50:35 | 000,000,000 | ---D | C] -- C:\Users\Conny\Desktop\Theme.Park.World.Crack-NoCD.+ patch
[2010.08.06 17:28:21 | 000,000,000 | ---D | C] -- C:\Users\Conny\AppData\Local\Radical Software Ltd
[2010.08.05 17:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010.08.05 12:50:21 | 000,000,000 | ---D | C] -- C:\Users\Conny\Documents\SimCity Societies
[2010.08.05 12:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SimCity Societies
[2010.08.04 21:44:02 | 000,000,000 | ---D | C] -- C:\Users\Conny\AppData\Roaming\kikin
[2010.08.04 21:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\kikin
[2010.08.04 21:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010.08.03 23:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2010.07.26 22:40:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2010.07.26 22:40:10 | 000,000,000 | ---D | C] -- C:\Users\Conny\Documents\EA Games
[2010.07.26 20:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2010.07.26 20:11:14 | 000,000,000 | ---D | C] -- C:\Users\Conny\AppData\Roaming\DAEMON Tools Pro
[2010.07.26 20:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2010.07.26 19:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2010.07.26 17:00:37 | 000,000,000 | ---D | C] -- C:\Users\Conny\Documents\Alcohol 120%
[2010.07.26 16:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Franzis
[2010.07.26 15:17:20 | 000,098,304 | ---- | C] (Hewlett-Packard Company) -- C:\Users\Conny\Stick Retter.exe
[2010.07.25 23:08:23 | 000,059,904 | ---- | C] (MB-Soft) -- C:\Users\Conny\Desktop\Pr0t.St0p v1.1.exe
[2010.07.25 22:49:38 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010.07.25 19:17:02 | 000,000,000 | ---D | C] -- C:\Users\Conny\Documents\Alcohol 52%
[2010.07.25 19:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2010.07.25 13:50:03 | 000,442,368 | R--- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2010.07.24 00:06:10 | 000,000,000 | ---D | C] -- C:\Users\Conny\Desktop\Neuer Ordner
[2010.07.23 22:51:45 | 000,000,000 | ---D | C] -- C:\Users\Conny\AppData\Roaming\PandoraRecovery
[2010.07.23 22:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora Recovery
[2010.07.19 18:01:56 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2010.07.16 17:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HipSoft
[2010.07.16 17:45:12 | 000,000,000 | ---D | C] -- C:\Users\Conny\Desktop\a-bal2de
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.12 13:28:42 | 002,621,440 | -HS- | M] () -- C:\Users\Conny\NTUSER.DAT
[2010.08.12 13:24:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Conny\Desktop\OTL.exe
[2010.08.12 13:04:11 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Conny\Desktop\HiJackThis.exe
[2010.08.12 12:59:35 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 12:59:35 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 12:54:20 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\ikvknzqhca.job
[2010.08.12 12:54:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.12 12:54:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.12 12:53:56 | 804,560,896 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.12 12:52:52 | 001,143,846 | -H-- | M] () -- C:\Users\Conny\AppData\Local\IconCache.db
[2010.08.12 10:10:30 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.12 10:10:07 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Conny\Desktop\mbam146-setup.exe
[2010.08.12 00:09:26 | 008,195,079 | ---- | M] (McAfee Inc.) -- C:\Users\Conny\Desktop\stinger1001886.exe
[2010.08.11 22:18:33 | 000,000,004 | ---- | M] () -- C:\Users\Conny\proxy_port
[2010.08.11 16:55:57 | 000,267,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.11 13:14:13 | 000,173,056 | RHS- | M] () -- C:\Windows\System32\appinfoi.dll
[2010.08.10 21:45:37 | 000,468,533 | ---- | M] (http:\\cep.modthesims2.com                                  ) -- C:\Users\Conny\Desktop\ColourOptionsSetup_6.0_Setup.nolink.exe
[2010.08.06 17:28:37 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.08.05 17:46:39 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2010.08.01 15:36:16 | 000,084,611 | ---- | M] () -- C:\Users\Conny\Desktop\Besuch_in_Cux.jpg
[2010.07.29 08:30:49 | 000,197,632 | ---- | M] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.07.26 22:54:40 | 000,000,736 | ---- | M] () -- C:\Users\Conny\Desktop\Sims2_1.mds
[2010.07.26 22:54:38 | 682,057,728 | ---- | M] () -- C:\Users\Conny\Desktop\Sims2_1.mdf
[2010.07.26 21:46:26 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2010.07.26 20:08:02 | 000,036,970 | ---- | M] () -- C:\YASU_1.6_9040.zip
[2010.07.26 19:40:12 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims 2.lnk
[2010.07.26 16:47:01 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010.07.26 15:53:15 | 000,000,226 | ---- | M] () -- C:\Users\Conny\Documents\ax_files.xml
[2010.07.26 15:17:36 | 000,098,304 | ---- | M] (Hewlett-Packard Company) -- C:\Users\Conny\Stick Retter.exe
[2010.07.26 15:04:40 | 000,000,017 | ---- | M] () -- C:\Users\Conny\AppData\Local\resmon.resmoncfg
[2010.07.26 14:56:16 | 001,611,160 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.26 14:56:16 | 000,696,132 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.26 14:56:16 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.26 14:56:16 | 000,147,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.26 14:56:16 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.25 22:49:38 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010.07.25 15:46:54 | 000,697,328 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010.07.23 22:51:19 | 003,267,488 | ---- | M] () -- C:\Users\Conny\Desktop\PandoraRecovery.exe
[2010.07.17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.07.17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.07.17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.12 10:10:30 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.11 22:18:33 | 000,000,004 | ---- | C] () -- C:\Users\Conny\proxy_port
[2010.08.11 13:14:14 | 000,000,304 | -HS- | C] () -- C:\Windows\tasks\ikvknzqhca.job
[2010.08.11 13:14:13 | 000,173,056 | RHS- | C] () -- C:\Windows\System32\appinfoi.dll
[2010.08.06 17:28:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.08.05 17:46:35 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2010.08.01 15:36:38 | 000,084,611 | ---- | C] () -- C:\Users\Conny\Desktop\Besuch_in_Cux.jpg
[2010.07.26 22:43:24 | 682,057,728 | ---- | C] () -- C:\Users\Conny\Desktop\Sims2_1.mdf
[2010.07.26 22:43:23 | 000,000,736 | ---- | C] () -- C:\Users\Conny\Desktop\Sims2_1.mds
[2010.07.26 20:11:45 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2010.07.26 19:55:11 | 000,043,520 | ---- | C] () -- C:\Users\Conny\Desktop\YASU.exe
[2010.07.26 19:52:00 | 000,036,970 | ---- | C] () -- C:\YASU_1.6_9040.zip
[2010.07.26 19:40:12 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims 2.lnk
[2010.07.26 16:47:01 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010.07.26 15:04:40 | 000,000,017 | ---- | C] () -- C:\Users\Conny\AppData\Local\resmon.resmoncfg
[2010.07.25 19:49:18 | 000,000,226 | ---- | C] () -- C:\Users\Conny\Documents\ax_files.xml
[2010.07.23 22:50:49 | 003,267,488 | ---- | C] () -- C:\Users\Conny\Desktop\PandoraRecovery.exe
[2010.07.12 19:44:38 | 000,000,046 | ---- | C] () -- C:\Windows\QTW.INI
[2010.04.13 14:07:07 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.03.29 10:39:53 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.01.21 18:17:48 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2000.01.07 02:00:00 | 000,024,448 | ---- | C] () -- C:\Windows\sysgtime.dll
[2000.01.07 02:00:00 | 000,024,448 | ---- | C] () -- C:\Windows\System32\proclsvr.drv
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FDA8D6AE
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:3D36932D
< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 12.08.2010 13:26:15 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Conny\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 564,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 48,18 Gb Free Space | 64,66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CONNY-PC
Current User Name: Conny
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = WyzoHTML] -- C:\Program Files\Wyzo\wyzo.exe File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{33cc8e60-d6db-45be-9276-b6698187688a}" = F2100
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AB06254A-9A28-F8AD-236E-FB5C3108FE85}" = ATI Catalyst Install Manager
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{B8742BE5-6238-3EC0-A9B9-CD562E054A54}" = Microsoft .NET Framework 4 Client Profile
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0AD8FC1-1860-33CA-9CFE-5962B91DDDEB}" = Microsoft .NET Framework 4 Extended
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8C5BD56-F5D8-41D3-8A71-273468FE256A}" = T-Home Dialerschutz-Software
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"CrystalDiskInfo_is1" = CrystalDiskInfo 3.7.0
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"JDownloader" = JDownloader
"kikin Plugin (JDownloader Edition)" = kikin Plugin (JDownloader Edition) 1.11
"king.com" = king.com (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PandoraRecovery" = PandoraRecovery (Remove Only)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Shop for HP Supplies" = Shop for HP Supplies
"SystemRequirementsLab" = System Requirements Lab
"Theme Park World" = Theme Park World
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.08.2010 10:12:16 | Computer Name = *****-PC | Source = Avira Firewall | ID = 0
Description = 
 
Error - 11.08.2010 10:12:16 | Computer Name = *****-PC | Source = Avira Firewall | ID = 0
Description = 
 
Error - 11.08.2010 10:12:48 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 11.08.2010 10:13:30 | Computer Name = *****-PC | Source = Avira Firewall | ID = 0
Description = 
 
Error - 11.08.2010 10:13:30 | Computer Name = *****-PC | Source = Avira Firewall | ID = 0
Description = 
 
Error - 11.08.2010 10:17:59 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4c07d2b2  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b21e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00061bdf  ID des fehlerhaften
 Prozesses: 0x9c04  Startzeit der fehlerhaften Anwendung: 0x01cb395ffe25d555  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 3dd64201-a553-11df-9e3a-0030055a8edf
 
Error - 11.08.2010 10:45:01 | Computer Name = *****-PC | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 11.08.2010 10:46:01 | Computer Name = *****-PC | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 11.08.2010 10:56:06 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 11.08.2010 11:09:17 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
[ System Events ]
Error - 12.08.2010 06:39:22 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 12.08.2010 06:40:52 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 12.08.2010 06:42:22 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 12.08.2010 06:43:52 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 12.08.2010 06:45:22 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 12.08.2010 06:46:53 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 12.08.2010 06:48:23 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 12.08.2010 06:49:53 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 12.08.2010 06:51:23 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 12.08.2010 06:52:53 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
__________________
Alt 12.08.2010, 12:45   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Svchost beendet,Windowsdienste Fehler! - Standard

Svchost beendet,Windowsdienste Fehler!


Zitat:
C:\Users\Conny\Win 7 Aktivatoren\Win 7 x86.x64 OEM Activation-WiiX\oem.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Besorg Dir eine legale Windows-Version. Dann geht es für Dich hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Svchost beendet,Windowsdienste Fehler!
adobe, bandoo, bho, desktop, download, e-mail, explorer, fehler, hijack, hijackthis, hkus\s-1-5-18, hostprozess, hotkey, icq, internet, internet explorer, logfile, malwarebytes, microsoft, plug-in, problem, prozess, senden, svchost, svchost.exe, system, taskmanager, windows


« R3 - URLSearchHook: (no name) - - (no file) schädlich? | Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100% »


Ähnliche Themen: Svchost beendet,Windowsdienste Fehler!


  1. Fehler im Hostprozess BEX-svchost.exe // Verschiedenste Fehlermeldungen
    Log-Analyse und Auswertung - 13.04.2011 (3)
  2. Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc...
    Antiviren-, Firewall- und andere Schutzprogramme - 13.03.2011 (18)
  3. svchost.exe beendet - pc fährt nicht mehr hoch
    Plagegeister aller Art und deren Bekämpfung - 12.09.2010 (19)
  4. Svchost.exe beendet und jetzt fährt PC nicht mehr hoch
    Alles rund um Windows - 14.12.2009 (0)
  5. svchost.exe Fehler in der Anwendung
    Log-Analyse und Auswertung - 25.07.2009 (3)
  6. Diverse Trojaner und svchost fehler
    Log-Analyse und Auswertung - 12.06.2009 (2)
  7. svchost fehler
    Log-Analyse und Auswertung - 05.03.2009 (17)
  8. Explorer.exeverursacht einen Fehler und muss beendet werden
    Log-Analyse und Auswertung - 16.09.2008 (1)
  9. svchost.exe - fehler in anwendung
    Mülltonne - 07.08.2008 (0)
  10. svchost.exe -fehler in Anwendung
    Log-Analyse und Auswertung - 25.08.2007 (1)
  11. svchost.exe - Fehler
    Log-Analyse und Auswertung - 17.08.2006 (20)
  12. "Das Programm hat einen Fehler festgestellt und muss beendet werden..."
    Log-Analyse und Auswertung - 07.02.2006 (7)
  13. häufige svchost.exe fehler
    Alles rund um Windows - 02.08.2005 (5)
  14. häufige svchost.exe fehler
    Alles rund um Windows - 31.07.2005 (5)
  15. Fehler in svchost.exe --> totalcrash
    Alles rund um Windows - 02.03.2005 (2)
  16. svchost.exe verursacht fehler! Wurm??
    Plagegeister aller Art und deren Bekämpfung - 02.04.2004 (6)
  17. svchost.exe Fehler
    Plagegeister aller Art und deren Bekämpfung - 06.01.2004 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Svchost beendet,Windowsdienste Fehler! - Hallo, seit 3 Tagen zeigt mein PC immer wieder ein Problem mit dem Hostprozess von Windows Diensten an ( svchost.exe ) Auch wurde vom Taskmanager zwei Sachen beendet u.a svchost - Svchost beendet,Windowsdienste Fehler!...
Archiv
Du betrachtest: Svchost beendet,Windowsdienste Fehler! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55