Knacken, Rauschen, Zerren bei Audiowiedergabe

chak · 18.11.2010, 22:13

Hallo zusammen,

bereits nachdem Hochfahren von Windows 7 hört man bei der Startmelodie das Knacken und zerren.
Ich benutze meinen Samsung R530 notebook eigentlich nur zum surfen, schreiben (Office) und zum Musik hören.
Wenn ich Musik über itunes oder winamp höre, nimmt seit einiger Zeit ein Knacken/Rauschen und ein Verzerren beim abspielen der Musik zu.
Dies tritt verstärkt ein, wenn ich z.B. ein anderes Programm öffne wie Word , Firefox etc.
Aber selbst wenn ich sonst nichts mache, hört man wähend jedem Lied ein paar Mal diese Störungen.

Ich poste jetz mal die Ergebnisse der Logs von HJT, Antimalware, und OTL

HJT:

Zitat:

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\starter4g.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\Users\elle\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMen u.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStart Menu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStart Menu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [starter4g] C:\windows\starter4g.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: WTGService - Unknown owner - C:\Program Files\XSManager\WTGService.exe
O23 - Service: XS Stick Service - 4G Systems GmbH & Co. KG - C:\windows\service4g.exe

--
End of file - 8967 bytes

Antimalware (hier habe ich das Objekt HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) vom Anbieter Broken.OpenCommand bereits entfernt.

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5147

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

18.11.2010 21:32:01
mbam-log-2010-11-18 (21-32-01).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 143782
Laufzeit: 7 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11/18/2010 9:41:47 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\elle\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.94 Gb Total Space | 25.45 Gb Free Space | 49.96% Space Free | Partition Type: NTFS
Drive D: | 232.05 Gb Total Space | 132.33 Gb Free Space | 57.03% Space Free | Partition Type: NTFS
 
Computer Name: ELLE-PC | User Name: elle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\elle\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe ()
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\XSManager\WTGService.exe ()
PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\elle\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WTGService) -- C:\Program Files\XSManager\WTGService.exe ()
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\windows\System32\drivers\StarOpen.sys ()
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (SABI) -- C:\Windows\System32\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.startup.homepage: "hxxp://www.sueddeutsche.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 10:03:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/07 16:57:19 | 000,000,000 | ---D | M]
 
[2010/04/15 20:09:05 | 000,000,000 | ---D | M] -- C:\Users\elle\AppData\Roaming\mozilla\Extensions
[2010/11/18 11:24:56 | 000,000,000 | ---D | M] -- C:\Users\elle\AppData\Roaming\mozilla\Firefox\Profiles\umph23a9.default\extensions
[2010/11/03 10:58:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\elle\AppData\Roaming\mozilla\Firefox\Profiles\umph23a9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/25 16:38:52 | 000,002,101 | ---- | M] () -- C:\Users\elle\AppData\Roaming\Mozilla\FireFox\Profiles\umph23a9.default\searchplugins\googlede.xml
[2010/11/02 10:28:54 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/08/27 11:11:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 10:28:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/09/11 00:17:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/09/11 00:17:34 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/09/11 00:17:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/09/11 00:17:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/09/11 00:17:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.208.255.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cd322906-492e-11df-857c-00245467d71d}\Shell - "" = AutoRun
O33 - MountPoints2\{cd322906-492e-11df-857c-00245467d71d}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/11/18 21:17:00 | 000,000,000 | ---D | C] -- C:\Users\elle\AppData\Roaming\Malwarebytes
[2010/11/18 21:16:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/11/18 21:16:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/11/18 21:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/18 21:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/18 20:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/18 19:46:00 | 000,000,000 | ---D | C] -- C:\windows\pss
[2010/11/18 13:49:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/02 10:28:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2010/11/02 10:28:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2010/11/02 10:28:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2010/10/27 10:11:37 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CPFilters.dll
[2010/10/27 10:11:37 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdri.dll
[2010/10/27 10:11:37 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax
[2010/10/27 10:11:37 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mpg2splt.ax
[2010/10/27 10:11:32 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2010/10/23 22:24:48 | 000,000,000 | ---D | C] -- C:\Users\elle\AppData\Local\PokerStars
[2010/10/23 22:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2010/10/23 22:08:39 | 000,000,000 | ---D | C] -- C:\Users\elle\AppData\Local\PokerStars.NET
[2010/10/23 22:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.NET
[2 C:\Users\elle\*.tmp files -> C:\Users\elle\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/11/18 21:40:57 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/18 21:40:57 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/18 21:38:57 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010/11/18 21:38:57 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/11/18 21:38:57 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010/11/18 21:38:57 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/11/18 21:33:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/11/18 21:33:21 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/15 13:01:46 | 000,122,620 | ---- | M] () -- C:\Users\elle\Documents\baf_g_formblatt.pdf
[2010/11/15 13:00:32 | 000,010,069 | ---- | M] () -- C:\Users\elle\Documents\kein_baf_g.pdf
[2010/11/15 12:51:46 | 000,022,729 | ---- | M] () -- C:\Users\elle\Documents\ba_anmeldung_msk_neu.pdf
[2010/11/15 12:37:53 | 000,051,200 | ---- | M] () -- C:\Users\elle\Desktop\Elvis_Husagic_BA_Arbeit_Is Another Deepwater Disaster Inevitable.doc
[2010/11/12 03:19:45 | 000,079,221 | ---- | M] () -- C:\Users\elle\Desktop\us.docx
[2010/11/03 10:59:43 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2010/11/03 10:59:43 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2010/11/02 11:38:51 | 000,349,451 | ---- | M] () -- C:\Users\elle\Documents\semester_fhkoeln_wi_2010.pdf
[2010/10/27 13:01:58 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010/10/23 22:36:22 | 000,083,754 | ---- | M] () -- C:\Users\elle\Desktop\chatting.jpg
[2010/10/23 22:24:46 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2 C:\Users\elle\*.tmp files -> C:\Users\elle\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/11/15 13:01:39 | 000,122,620 | ---- | C] () -- C:\Users\elle\Documents\baf_g_formblatt.pdf
[2010/11/15 13:00:26 | 000,010,069 | ---- | C] () -- C:\Users\elle\Documents\kein_baf_g.pdf
[2010/11/15 12:51:44 | 000,022,729 | ---- | C] () -- C:\Users\elle\Documents\ba_anmeldung_msk_neu.pdf
[2010/11/15 12:37:52 | 000,051,200 | ---- | C] () -- C:\Users\elle\Desktop\Elvis_Husagic_BA_Arbeit_Is Another Deepwater Disaster Inevitable.doc
[2010/11/10 18:31:24 | 000,079,221 | ---- | C] () -- C:\Users\elle\Desktop\us.docx
[2010/11/02 11:38:51 | 000,349,451 | ---- | C] () -- C:\Users\elle\Documents\semester_fhkoeln_wi_2010.pdf
[2010/10/27 13:01:58 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010/10/23 22:36:22 | 000,083,754 | ---- | C] () -- C:\Users\elle\Desktop\chatting.jpg
[2010/10/23 22:24:46 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2010/09/15 22:02:22 | 000,007,168 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys
[2010/04/22 13:00:04 | 000,000,412 | ---- | C] () -- C:\windows\MAXLINK.INI
[2010/04/16 22:44:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/15 18:08:09 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/04/15 17:52:07 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/02/16 06:42:32 | 000,201,512 | ---- | C] () -- C:\windows\System32\vpnapi.dll
[2009/12/05 01:03:10 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/12/05 01:02:05 | 000,000,110 | ---- | C] () -- C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
[2009/12/05 01:01:10 | 000,000,106 | ---- | C] () -- C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
[2009/12/05 00:58:43 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/12/05 00:57:40 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/12/05 00:57:13 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/09/28 10:22:00 | 000,315,392 | ---- | C] () -- C:\windows\System32\drivers\yk62x86.sys
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
 
========== LOP Check ==========
 
[2010/04/15 19:03:20 | 000,000,000 | -HSD | M] -- C:\Users\elle\AppData\Roaming\.#
[2010/09/15 22:02:33 | 000,000,000 | ---D | M] -- C:\Users\elle\AppData\Roaming\Canneverbe Limited
[2010/05/13 21:07:21 | 000,000,000 | ---D | M] -- C:\Users\elle\AppData\Roaming\Canon
[2010/04/15 19:03:13 | 000,000,000 | ---D | M] -- C:\Users\elle\AppData\Roaming\GameConsole
[2010/09/25 17:05:48 | 000,000,000 | ---D | M] -- C:\Users\elle\AppData\Roaming\MAGIX
[2010/04/19 16:24:09 | 000,000,000 | ---D | M] -- C:\Users\elle\AppData\Roaming\Miranda
[2010/04/22 12:58:42 | 000,000,000 | ---D | M] -- C:\Users\elle\AppData\Roaming\ScanSoft
[2010/04/16 09:09:05 | 000,000,000 | ---D | M] -- C:\Users\elle\AppData\Roaming\XSManager
[2010/10/12 09:03:36 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 11/18/2010 9:41:47 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\elle\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.94 Gb Total Space | 25.45 Gb Free Space | 49.96% Space Free | Partition Type: NTFS
Drive D: | 232.05 Gb Total Space | 132.33 Gb Free Space | 57.03% Space Free | Partition Type: NTFS
 
Computer Name: ELLE-PC | User Name: elle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7741E8EB-D6F5-4B40-99EC-DD4CF18101EB}" = Cisco Systems VPN Client 5.0.07.0240
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP140 series Benutzerregistrierung" = Canon MP140 series Benutzerregistrierung
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"Drumaxx" = Drumaxx
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 9" = FL Studio 9
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.8.26
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MP Navigator 3.1" = Canon MP Navigator 3.1
"NVIDIA Drivers" = NVIDIA Drivers
"PoiZone" = PoiZone
"PokerStars" = PokerStars
"Sakura" = Sakura
"Sawer" = Sawer
"Soulseek2" = SoulSeek 157 NS 13e
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"XSManager" = XSManager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11/8/2010 9:32:40 AM | Computer Name = elle-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 11/8/2010 9:35:07 AM | Computer Name = elle-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
in Zeile 2. Ungültige XML-Syntax.
 
Error - 11/11/2010 2:04:44 PM | Computer Name = elle-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 11/11/2010 2:05:16 PM | Computer Name = elle-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 11/11/2010 2:08:00 PM | Computer Name = elle-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
in Zeile 2. Ungültige XML-Syntax.
 
Error - 11/11/2010 10:19:38 PM | Computer Name = elle-PC | Source = Bonjour Service | ID = 100
Description = 440: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 11/11/2010 10:19:38 PM | Computer Name = elle-PC | Source = Bonjour Service | ID = 100
Description = 460: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 11/11/2010 10:19:38 PM | Computer Name = elle-PC | Source = Bonjour Service | ID = 100
Description = 192: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 11/11/2010 10:19:38 PM | Computer Name = elle-PC | Source = Bonjour Service | ID = 100
Description = 324: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 11/11/2010 10:19:38 PM | Computer Name = elle-PC | Source = Bonjour Service | ID = 100
Description = 368: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
[ System Events ]
Error - 7/29/2010 2:50:11 PM | Computer Name = elle-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
 
Error - 8/12/2010 8:30:18 AM | Computer Name = elle-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?08.?2010 um 01:53:25 unerwartet heruntergefahren.
 
Error - 8/12/2010 1:02:30 PM | Computer Name = elle-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?08.?2010 um 16:52:13 unerwartet heruntergefahren.
 
Error - 8/15/2010 4:59:30 PM | Computer Name = elle-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
 
Error - 8/17/2010 2:10:26 PM | Computer Name = elle-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
 
Error - 8/22/2010 8:15:29 AM | Computer Name = elle-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?08.?2010 um 14:13:41 unerwartet heruntergefahren.
 
Error - 8/27/2010 2:39:46 AM | Computer Name = elle-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
 
Error - 8/27/2010 2:40:24 AM | Computer Name = elle-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst iphlpsvc erreicht.
 
Error - 9/8/2010 1:31:19 PM | Computer Name = elle-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?09.?2010 um 18:32:24 unerwartet heruntergefahren.
 
Error - 9/8/2010 6:11:33 PM | Computer Name = elle-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?09.?2010 um 21:29:57 unerwartet heruntergefahren.
 
 
< End of report >

--- --- ---

Kann mir jemand bei meinem Problem helfen?
Danke für jede Hilfe schonmal im Voraus.

LG
chak

cosinus · 19.11.2010, 12:05

Hallo und

Zitat:

Internet Explorer 9.0.7930.16406

Wieso installierst du einen IE in der Testphase?!
Der IE9 ist noch nicht freigegeben und strotz noch so vor Fehlern!

Zitat:

18.11.2010 21:32:01
mbam-log-2010-11-18 (21-32-01).txt
Art des Suchlaufs: Quick-Scan

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

chak · 19.11.2010, 14:10

Danke für den Hinweis zum IE9. Das wusste ich nicht, aber ich benutze den IE eh so gut wie nie.

Ich poste jetz dann mal das Ergebnis vom Vollscan

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5147

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

19.11.2010 13:40:19
mbam-log-2010-11-19 (13-40-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 254854
Laufzeit: 59 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

LG
chak

cosinus · 19.11.2010, 20:19

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cd322906-492e-11df-857c-00245467d71d}\Shell - "" = AutoRun
O33 - MountPoints2\{cd322906-492e-11df-857c-00245467d71d}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
[2010/04/15 19:03:20 | 000,000,000 | -HSD | M] -- C:\Users\elle\AppData\Roaming\.#
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

chak · 19.11.2010, 23:20

Jo, hier ist die Logfile

Zitat:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\starter4g deleted successfully.
C:\Windows\starter4g.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd322906-492e-11df-857c-00245467d71d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd322906-492e-11df-857c-00245467d71d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd322906-492e-11df-857c-00245467d71d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd322906-492e-11df-857c-00245467d71d}\ not found.
File F:\autorun.exe not found.
C:\Users\elle\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: elle
->Temp folder emptied: 312320 bytes
->Temporary Internet Files folder emptied: 2258098 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 95077957 bytes
->Flash cache emptied: 1371 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 775712 bytes
RecycleBin emptied: 176595 bytes

Total Files Cleaned = 94.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11192010_231602

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 20.11.2010, 00:54

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

chak · 20.11.2010, 02:38

Ich habe alle Anweisungen befolgt. Vielen Dank für deine Hilfe!
Aber welchen Beitrag meintest du, in den ich den Inhalt vom combofix.txt kopieren sollte? An meiner Taskleiste konnte ich sehen, dass irgendetwas geöffnet war, jedoch konnte ich nicht drauf klicken und es ansehen.

hier ist die Logfile
Combofix Logfile:

Code:

ATTFilter

ComboFix 10-11-19.01 - elle 20.11.2010   2:18.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3037.2173 [GMT 1:00]
ausgeführt von:: c:\users\elle\Desktop\cofi.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\FullRemove.exe
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Thumbs.db
c:\windows\SEC\Wallpapers\Thumbs.db
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg

.
(((((((((((((((((((((((   Dateien erstellt von 2010-10-20 bis 2010-11-20  ))))))))))))))))))))))))))))))
.

2010-11-19 22:16 . 2010-11-19 22:16	--------	d-----w-	C:\_OTL
2010-11-19 01:31 . 2010-11-20 01:02	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-11-19 01:31 . 2010-11-19 01:33	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-11-18 20:17 . 2010-11-18 20:17	--------	d-----w-	c:\users\elle\AppData\Roaming\Malwarebytes
2010-11-18 20:16 . 2010-04-29 11:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-18 20:16 . 2010-11-18 20:16	--------	d-----w-	c:\programdata\Malwarebytes
2010-11-18 20:16 . 2010-04-29 11:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-11-18 20:16 . 2010-11-18 20:16	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-11-18 19:24 . 2010-11-18 19:24	--------	d-----w-	c:\program files\CCleaner
2010-10-27 09:11 . 2010-08-04 06:18	641536	----a-w-	c:\windows\system32\CPFilters.dll
2010-10-27 09:11 . 2010-08-04 06:17	417792	----a-w-	c:\windows\system32\msdri.dll
2010-10-27 09:11 . 2010-08-04 06:15	204288	----a-w-	c:\windows\system32\MSNP.ax
2010-10-27 09:11 . 2010-08-04 06:15	199680	----a-w-	c:\windows\system32\mpg2splt.ax
2010-10-27 09:11 . 2010-07-13 05:22	26504	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2010-10-23 21:24 . 2010-10-24 00:07	--------	d-----w-	c:\users\elle\AppData\Local\PokerStars
2010-10-23 21:24 . 2010-10-23 21:24	--------	d-----w-	c:\program files\PokerStars

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-03 09:59 . 2010-04-15 23:07	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-11-03 09:59 . 2010-04-15 23:07	126856	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-09-15 03:50 . 2010-08-27 10:11	472808	----a-w-	c:\windows\system32\deployJava1.dll
2010-09-08 09:17 . 2010-09-08 09:17	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17	69632	----a-w-	c:\windows\system32\QuickTime.qts
2010-09-02 07:05 . 2010-09-02 07:05	1247744	----a-w-	c:\windows\system32\drivers\athr.sys
2010-09-01 04:23 . 2010-10-14 10:28	12625408	----a-w-	c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-14 10:27	2327552	----a-w-	c:\windows\system32\win32k.sys
2010-08-31 22:46 . 2010-09-15 23:09	1355264	----a-w-	c:\windows\system32\jscript9.dll
2010-08-31 22:44 . 2010-09-15 23:09	367104	----a-w-	c:\windows\system32\html.iec
2010-08-31 22:44 . 2010-09-15 23:09	1448448	----a-w-	c:\windows\system32\inetcpl.cpl
2010-08-31 22:44 . 2010-09-15 23:09	1122304	----a-w-	c:\windows\system32\wininet.dll
2010-08-31 22:44 . 2010-09-15 23:09	424960	----a-w-	c:\windows\system32\vbscript.dll
2010-08-31 22:43 . 2010-09-15 23:09	23552	----a-w-	c:\windows\system32\licmgr10.dll
2010-08-31 22:43 . 2010-09-15 23:09	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2010-08-31 22:43 . 2010-09-15 23:09	114176	----a-w-	c:\windows\system32\iesysprep.dll
2010-08-31 22:43 . 2010-09-15 23:09	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2010-08-31 22:43 . 2010-09-15 23:09	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2010-08-31 22:42 . 2010-09-15 23:09	51200	----a-w-	c:\windows\system32\admparse.dll
2010-08-31 22:42 . 2010-09-15 23:09	75264	----a-w-	c:\windows\system32\iesetup.dll
2010-08-31 22:42 . 2010-09-15 23:09	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2010-08-31 22:42 . 2010-09-15 23:09	150016	----a-w-	c:\windows\system32\iexpress.exe
2010-08-31 22:42 . 2010-09-15 23:09	149504	----a-w-	c:\windows\system32\wextract.exe
2010-08-31 22:42 . 2010-09-15 23:09	33280	----a-w-	c:\windows\system32\imgutil.dll
2010-08-31 22:42 . 2010-09-15 23:09	48640	----a-w-	c:\windows\system32\mshtmler.dll
2010-08-31 22:42 . 2010-09-15 23:09	11264	----a-w-	c:\windows\system32\mshta.exe
2010-08-31 22:42 . 2010-09-15 23:09	2381824	----a-w-	c:\windows\system32\mshtml.tlb
2010-08-31 22:42 . 2010-09-15 23:09	63488	----a-w-	c:\windows\system32\tdc.ocx
2010-08-31 22:41 . 2010-09-15 23:09	160768	----a-w-	c:\windows\system32\msls31.dll
2010-08-31 04:32 . 2010-10-14 10:28	954752	----a-w-	c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-14 10:28	954288	----a-w-	c:\windows\system32\mfc40u.dll
2010-08-27 05:46 . 2010-10-14 10:27	168448	----a-w-	c:\windows\system32\srvsvc.dll
2010-08-27 03:31 . 2010-10-14 10:27	310784	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-27 03:30 . 2010-10-14 10:27	308736	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-27 03:30 . 2010-10-14 10:27	113664	----a-w-	c:\windows\system32\drivers\srvnet.sys
2010-08-26 04:39 . 2010-10-14 10:28	109056	----a-w-	c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-14 8120864]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-10 13834856]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^elle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\elle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-11-03 09:59	281768	----a-w-	c:\program files\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-06-03 11:59	103720	------w-	c:\program files\CyberLink\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware  (reboot)]
2010-04-29 11:19	1090952	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 10:02	79400	----a-w-	c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2009-04-15 14:54	50472	------w-	c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2009-04-15 14:52	91432	------w-	c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07	2260480	--sha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2009-05-19 13:16	222504	------w-	c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2008-10-31 103424]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WTGService;WTGService;c:\program files\XSManager\WTGService.exe [2009-09-25 312784]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2009-09-17 125200]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\elle\AppData\Roaming\Mozilla\Firefox\Profiles\umph23a9.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - hxxp://www.sueddeutsche.de/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-11-20  02:26:56
ComboFix-quarantined-files.txt  2010-11-20 01:26

Vor Suchlauf: 7 Verzeichnis(se), 26.945.384.448 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 26.828.402.688 Bytes frei

- - End Of File - - 414CB57C10C78A6C2541FF7D4092540D

--- --- ---

cosinus · 20.11.2010, 02:42

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

chak · 20.11.2010, 12:50

Gmer

Zitat:

gmer 1.0.15.15530 - hxxp://www.gmer.net
rootkit quick scan 2010-11-20 12:25:12
windows 6.1.7600 harddisk0\dr0 -> \device\ide\iaastoragedevice-1 hitachi_ rev.pb3o
running: Poo3d180.exe; driver: C:\users\elle\appdata\local\temp\kxldapow.sys

---- devices - gmer 1.0.15 ----

attacheddevice \driver\kbdclass \device\keyboardclass0 wdf01000.sys (kernelmodustreiber-frameworklaufzeit/microsoft corporation)
attacheddevice \driver\kbdclass \device\keyboardclass1 wdf01000.sys (kernelmodustreiber-frameworklaufzeit/microsoft corporation)

---- eof - gmer 1.0.15 ----

osam
OSAM Logfile:

Code:

ATTFilter

report of osam: Autorun manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
saved at 12:44:52 on 20.11.2010

os: Windows 7 home premium edition (build 7600), 32-bit
default browser: Mozilla corporation firefox 3.6.12

scanner settings
[x] rootkits detection (hidden registry)
[x] rootkits detection (hidden files)
[x] retrieve files information
[x] check microsoft signatures

filters
[ ] trusted entries
[ ] empty entries
[x] hidden registry entries (rootkit activity)
[x] exclusively opened files
[x] not found files
[x] files without detailed information
[x] existing files
[ ] non-startable services
[ ] non-startable drivers
[x] active entries
[x] disabled entries


[control panel objects]
-----( %systemroot%\system32 )-----
"divxcontrolpanelapplet.cpl" - "divx, inc." - c:\windows\system32\divxcontrolpanelapplet.cpl
"nvcpl.cpl" - "nvidia corporation" - c:\windows\system32\nvcpl.cpl
-----( hklm\software\microsoft\windows\currentversion\control panel\cpls )-----
"mlcfg32.cpl" - "microsoft corporation" - c:\progra~1\micros~3\office12\mlcfg32.cpl
"quicktime" - "apple inc." - c:\program files\quicktime\qtsystem\quicktime.cpl

[drivers]
-----( hklm\system\currentcontrolset\services )-----
"avgntflt" (avgntflt) - "avira gmbh" - c:\windows\system32\drivers\avgntflt.sys
"avipbb" (avipbb) - "avira gmbh" - c:\windows\system32\drivers\avipbb.sys
"catchme" (catchme) - ? - c:\users\elle\appdata\local\temp\catchme.sys  (file not found)
"fssfltr" (fssfltr) - "microsoft corporation" - c:\windows\system32\drivers\fssfltr.sys
"kxldapow" (kxldapow) - ? - c:\users\elle\appdata\local\temp\kxldapow.sys  (hidden registry entry, rootkit activity | file not found)
"ssmdrv" (ssmdrv) - "avira gmbh" - c:\windows\system32\drivers\ssmdrv.sys
"staropen" (staropen) - ? - c:\windows\system32\drivers\staropen.sys  (file found, but it contains no detailed information)

[explorer]
-----( hklm\software\classes\folder\shellex\columnhandlers )-----
autorunsdisabled "autorunsdisabled" - ? -   (file not found | com-object registry key not found)
-----( hklm\software\classes\protocols\filter )-----
{807563e5-5146-11d5-a672-00b0d022e945} "microsoft office infopath xml mime filter" - "microsoft corporation" - c:\progra~1\common~1\micros~1\office12\msoxmlmf.dll
-----( hklm\software\classes\protocols\handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "hxprotocol class" - "microsoft corporation" - c:\program files\common files\microsoft shared\help\hxds.dll
{ffc8b962-9b40-4dff-9458-1830c7dd7f5d} "ieprotocolhandler class" - "skype technologies" - c:\progra~1\common~1\skype\skype4~1.dll
{828030a1-22c1-4009-854f-8e305202313f} "livecall" - "microsoft corporation" - c:\progra~1\wic4a1~1\messen~1\msgrap~1.dll
{88fed34c-f0ca-4636-a375-3cb6248b04cd} "local groove web services protocol" - "microsoft corporation" - c:\program files\microsoft office\office12\groovesystemservices.dll
{0a9007c0-4076-11d3-8789-0000f8105754} "microsoft infotech storage protocol for ie 4.0" - "microsoft corporation" - c:\program files\common files\microsoft shared\information retrieval\msitss.dll
{828030a1-22c1-4009-854f-8e305202313f} "msnim" - "microsoft corporation" - c:\progra~1\wic4a1~1\messen~1\msgrap~1.dll
{03c514a3-1efb-4856-9f99-10d7be1653c0} "windows live mail html asynchronous pluggable protocol handler" - "microsoft corporation" - c:\program files\windows live\mail\mailcomm.dll
-----( hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks )-----
{b5a7f190-dda6-4420-b3ba-52453494e6cd} "groove gfs stub execution hook" - "microsoft corporation" - c:\program files\microsoft office\office12\grooveshellextensions.dll
{aeb6717e-7e19-11d0-97ee-00c04fd91972} "{aeb6717e-7e19-11d0-97ee-00c04fd91972}" - ? -   (file not found | com-object registry key not found)
-----( hklm\software\microsoft\windows\currentversion\shell extensions\approved )-----
{23170f69-40c1-278a-1000-000100020000} "7-zip shell extension" - "igor pavlov" - c:\program files\7-zip\7-zip.dll
{0563db41-f538-4b37-a92d-4659049b7766} "clsid_wlmcmimefilter" - "microsoft corporation" - c:\program files\windows live\mail\mailcomm.dll
{a70c977a-bf00-412c-90b7-034c51da2439} "desktopcontext class" - "nvidia corporation" - c:\windows\system32\nvcpl.dll
{d8d1ce8c-b1eb-4e95-b63b-1531ba60e992} "divx property handler" - "divx, inc." - c:\program files\divx\divx plus media foundation components\divxpropertyhandler.dll
{83238fae-d346-4e12-8734-d42f7554b3e6} "divx thumbnail provider" - "divx, inc." - c:\program files\divx\divx plus media foundation components\divxthumbnailprovider.dll
{99fd978c-d287-4f50-827f-b2c658eda8e7} "groove explorer icon overlay 1 (gfs unread stub)" - "microsoft corporation" - c:\program files\microsoft office\office12\grooveshellextensions.dll
{ab5c5600-7e6e-4b06-9197-9ecef74d31cc} "groove explorer icon overlay 2 (gfs stub)" - "microsoft corporation" - c:\program files\microsoft office\office12\grooveshellextensions.dll
{920e6db1-9907-4370-b3a0-bafc03d81399} "groove explorer icon overlay 2.5 (gfs unread folder)" - "microsoft corporation" - c:\program files\microsoft office\office12\grooveshellextensions.dll
{16f3dd56-1af5-4347-846d-7c10c4192619} "groove explorer icon overlay 3 (gfs folder)" - "microsoft corporation" - c:\program files\microsoft office\office12\grooveshellextensions.dll
{2916c86e-86a6-43fe-8112-43abe6bf8dcc} "groove explorer icon overlay 4 (gfs unread mark)" - "microsoft corporation" - c:\program files\microsoft office\office12\grooveshellextensions.dll
{2a541ae1-5bf6-4665-a8a3-cfa9672e4291} "groove folder synchronization" - "microsoft corporation" - c:\program files\microsoft office\office12\grooveshellextensions.dll
{72853161-30c5-4d22-b7f9-0bbc1d38a37e} "groove gfs browser helper" - "microsoft corporation" - c:\program files\microsoft office\office12\grooveshellextensions.dll
{6c467336-8281-4e60-8204-430ced96822d} "groove gfs context menu handler" - "microsoft corporation" - c:\program files\microsoft office\office12\grooveshellextensions.dll
{b5a7f190-dda6-4420-b3ba-52453494e6cd} "groove gfs stub execution hook" - "microsoft corporation" - c:\program files\microsoft office\office12\grooveshellextensions.dll
{a449600e-1dc6-4232-b948-9bd794d62056} "groove gfs stub icon handler" - "microsoft corporation" - c:\program files\microsoft office\office12\grooveshellextensions.dll
{387e725d-dc16-4d76-b310-2c93ed4752a0} "groove xml icon handler" - "microsoft corporation" - c:\program files\microsoft office\office12\grooveshellextensions.dll
{b9e1d2cb-ccff-4aa6-9579-d7a4754030ef} "itunes" - "apple inc." - c:\program files\itunes\itunesminiplayer.dll
{42042206-2d85-11d3-8cff-005004838597} "microsoft office html icon handler" - "microsoft corporation" - c:\program files\microsoft office\office12\msohevi.dll
{993be281-6695-4ba5-8a2a-7aacbfaab69e} "microsoft office metadata handler" - "microsoft corporation" - c:\progra~1\common~1\micros~1\office12\msoshext.dll
{5858a72c-c2b4-4dd7-b2bf-b76db1bd9f6c} "microsoft office onenote namespace extension for windows desktop search" - "microsoft corporation" - c:\progra~1\micros~3\office12\onfilter.dll
{00020d75-0000-0000-c000-000000000046} "microsoft office outlook" - "microsoft corporation" - c:\progra~1\micros~3\office12\mlshext.dll
{c41662bb-1fa0-4ce0-8dc5-9b7f8279ff97} "microsoft office thumbnail handler" - "microsoft corporation" - c:\progra~1\common~1\micros~1\office12\msoshext.dll
{a929c4ce-fd36-4270-b4f5-34ecac5bd63c} "nvappshext class" - "nvidia corporation" - c:\windows\system32\nv3dappshext.dll
{3d1975af-48c6-4f8e-a182-be0e08fa86a9} "nvidia cpl context menu extension" - "nvidia corporation" - c:\windows\system32\nvshext.dll
{ffb699e0-306a-11d3-8bd1-00104b6f7516} "nvidia cpl extension" - "nvidia corporation" - c:\windows\system32\nvcpl.dll
{0006f045-0000-0000-c000-000000000046} "outlook file icon extension" - "microsoft corporation" - c:\progra~1\micros~3\office12\olkfstub.dll
{45ac2688-0253-4ed8-97de-b5370fa7d48a} "shell extension for malware scanning" - "avira gmbh" - c:\program files\avira\antivir desktop\shlext.dll
{2be99fd4-a181-4996-bfa9-58c5ffd11f6c} "windows live photo gallery autoplay drop target" - "microsoft corporation" - c:\program files\windows live\photo gallery\wlxphotogallery.exe
{00f30f64-ac33-42f5-8fd1-5dc2d3fde06c} "windows live photo gallery editor drop target" - "microsoft corporation" - c:\program files\windows live\photo gallery\wlxphotogallery.exe
{00f3712a-ca79-45b4-9e4d-d7891e7f8b9d} "windows live photo gallery editor shim" - "microsoft corporation" - c:\program files\windows live\photo gallery\photoviewershim.dll
{00f30f90-3e96-453b-afcd-d71989ecc2c7} "windows live photo gallery viewer autoplay shim" - "microsoft corporation" - c:\program files\windows live\photo gallery\photoviewershim.dll
{00f33137-ee26-412f-8d71-f84e4c2c6625} "windows live photo gallery viewer autoplay shim" - "microsoft corporation" - c:\program files\windows live\photo gallery\photoviewershim.dll
{00f374b7-b390-4884-b372-2fc349f2172b} "windows live photo gallery viewer drop target" - "microsoft corporation" - c:\program files\windows live\photo gallery\wlxphotogallery.exe
{00f346cb-35a4-465b-8b8f-65a29dbab1f6} "windows live photo gallery viewer shim" - "microsoft corporation" - c:\program files\windows live\photo gallery\photoviewershim.dll
{b41db860-8ee4-11d2-9906-e49fadc173ca} "winrar" - "alexander roshal" - c:\program files\winrar\rarext.dll
{06a2568a-ced6-4187-bb20-400b8c02be5a} "{06a2568a-ced6-4187-bb20-400b8c02be5a}" - "microsoft corporation" - c:\program files\windows live\photo gallery\wlxphotoacquirewizard.exe

[internet explorer]
-----( hkcu\software\microsoft\internet explorer\toolbar\webbrowser )-----
<binary data> "&windows live toolbar" - "microsoft corporation" - c:\program files\windows live\toolbar\wltcore.dll
itbar7height "itbar7height" - ? -   (file not found | com-object registry key not found)
<binary data> "itbar7layout" - ? -   (file not found | com-object registry key not found)
-----( hklm\software\microsoft\code store database\distribution units )-----
{8ad9c840-044e-11d1-b3e9-00805f499d93} "java plug-in 1.6.0_22" - "sun microsystems, inc." - c:\program files\java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{cafeefac-0016-0000-0022-abcdeffedcba} "java plug-in 1.6.0_22" - "sun microsystems, inc." - c:\program files\java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{cafeefac-ffff-ffff-ffff-abcdeffedcba} "java plug-in 1.6.0_22" - "sun microsystems, inc." - c:\program files\java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
-----( hklm\software\microsoft\internet explorer\extensions )-----
{48e73304-e1d6-4330-914c-f5f514e3486c} "an onenote senden" - "microsoft corporation" - c:\progra~1\micros~3\office12\onbttnie.dll
{53707962-6f74-2d53-2644-206d7942484f} "clsidextension" - "safer networking limited" - c:\program files\spybot - search & destroy\sdhelper.dll
{5f7b1267-94a9-47f5-98db-e99415f33aec} "in blog veröffentlichen" - "microsoft corporation" - c:\program files\windows live\writer\writerbrowserextension.dll
"pokerstars" - "pokerstars" - c:\program files\pokerstars\pokerstarsupdate.exe
{ff059e31-cc5a-4e2e-bf3b-96e929d65503} "research" - "microsoft corporation" - c:\progra~1\micros~3\office12\refiebar.dll
-----( hklm\software\microsoft\internet explorer\toolbar )-----
<binary data> "&windows live toolbar" - "microsoft corporation" - c:\program files\windows live\toolbar\wltcore.dll
-----( hklm\software\microsoft\windows\currentversion\explorer\browser helper objects )-----
{18df081c-e8ad-4283-a596-fa578c2ebdc3} "adobe pdf link helper" - "adobe systems incorporated" - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
autorunsdisabled "autorunsdisabled" - ? -   (file not found | com-object registry key not found)
{72853161-30c5-4d22-b7f9-0bbc1d38a37e} "groove gfs browser helper" - "microsoft corporation" - c:\program files\microsoft office\office12\grooveshellextensions.dll
{dbc80044-a445-435b-bc74-9c25c1c588a9} "java(tm) plug-in 2 ssv helper" - "sun microsystems, inc." - c:\program files\java\jre6\bin\jp2ssv.dll
{6ebf7485-159f-4bff-a14f-b9e3aac4465b} "search helper" - "microsoft corp." - c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll
{9030d464-4c02-4abf-8ecc-5164760863c6} "windows live id-anmelde-hilfsprogramm" - "microsoft corporation" - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
{e15a8dc0-8516-42a1-81ea-dc94ec1acf10} "windows live toolbar helper" - "microsoft corporation" - c:\program files\windows live\toolbar\wltcore.dll
{5c255c8a-e604-49b4-9d64-90988571cecb} "{5c255c8a-e604-49b4-9d64-90988571cecb}" - ? -   (file not found | com-object registry key not found)

[lsa providers]
-----( hklm\system\currentcontrolset\control\lsa )-----
"security packages" - "microsoft corporation" - c:\windows\system32\livessp.dll

[logon]
-----( %appdata%\microsoft\windows\start menu\programs\startup )-----
"desktop.ini" - ? - c:\users\elle\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.ini
-----( %allusersprofile%\microsoft\windows\start menu\programs\startup )-----
"desktop.ini" - ? - c:\programdata\microsoft\windows\start menu\programs\startup\desktop.ini
-----( hklm\system\currentcontrolset\control\terminal server\wds\rdpwd )-----
"startupprograms" - ? - rdpclip  (file not found)
-----( hklm\software\microsoft\windows\currentversion\run )-----
"avgnt" - "avira gmbh" - "c:\program files\avira\antivir desktop\avgnt.exe" /min
"groovemonitor" - "microsoft corporation" - "c:\program files\microsoft office\office12\groovemonitor.exe"
"ituneshelper" - "apple inc." - "c:\program files\itunes\ituneshelper.exe"
"nvcpldaemon" - "nvidia corporation" - rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
"ssbkgdupdate" - "nuance communications, inc." - "c:\program files\common files\scansoft shared\ssbkgdupdate\ssbkgdupdate.exe" -embedding -boot

[print monitors]
-----( hklm\system\currentcontrolset\control\print\monitors )-----
"send to microsoft onenote monitor" - "microsoft corporation" - c:\windows\system32\msonpmon.dll

[services]
-----( hklm\system\currentcontrolset\services )-----
"apple mobile device" (apple mobile device) - "apple inc." - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
"avira antivir guard" (antivirservice) - "avira gmbh" - c:\program files\avira\antivir desktop\avguard.exe
"avira antivir planer" (antivirschedulerservice) - "avira gmbh" - c:\program files\avira\antivir desktop\sched.exe
"cyberlink richvideo service(crvs)" (richvideo) - ? - c:\program files\cyberlink\shared files\richvideo.exe
"dienst "bonjour"" (bonjour service) - "apple inc." - c:\program files\bonjour\mdnsresponder.exe
"ipod-dienst" (ipod service) - "apple inc." - c:\program files\ipod\bin\ipodservice.exe
"microsoft .net framework ngen v4.0.30319_x86" (clr_optimization_v4.0.30319_32) - "microsoft corporation" - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
"microsoft office diagnostics service" (odserv) - "microsoft corporation" - c:\program files\common files\microsoft shared\office12\odserv.exe
"microsoft office groove audit service" (microsoft office groove audit service) - "microsoft corporation" - c:\program files\microsoft office\office12\grooveauditservice.exe
"nmsaccess" (nmsaccess) - ? - c:\program files\cdburnerxp\nmsaccessu.exe  (file found, but it contains no detailed information)
"nvidia display driver service" (nvsvc) - "nvidia corporation" - c:\windows\system32\nvvsvc.exe
"oberon media game console service" (oberongameconsoleservice) - ? - c:\program files\samsung casual games\gameconsole\oberongameconsoleservice.exe
"office source engine" (ose) - "microsoft corporation" - c:\program files\common files\microsoft shared\source engine\ose.exe
"sbsd security center service" (sbsdwscservice) - "safer networking ltd." - c:\program files\spybot - search & destroy\sdwinsec.exe
"seaport" (seaport) - "microsoft corp." - c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
"windows live family safety-dienst" (fsssvc) - "microsoft corporation" - c:\program files\windows live\family safety\fsssvc.exe
"windows live id sign-in assistant" (wlidsvc) - "microsoft corporation" - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
"wtgservice" (wtgservice) - ? - c:\program files\xsmanager\wtgservice.exe  (file found, but it contains no detailed information)
"xs stick service" (xs stick service) - "4g systems gmbh & co. Kg" - c:\windows\service4g.exe

[winsock providers]
-----( hklm\system\currentcontrolset\services\winsock2\parameters\namespace_catalog5\catalog_entries )-----
"mdnsnsp" - "apple inc." - c:\program files\bonjour\mdnsnsp.dll
"windowslive local nsp" - "microsoft corporation" - c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
"windowslive nsp" - "microsoft corporation" - c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

===[ logfile end ]=========================================[ logfile end ]===

--- --- ---

if you have questions or want to get some help, you can visit hxxp://forum.online-solutions.ru[/quote]

chak · 20.11.2010, 12:51

Mbrcheck

Zitat:

mbrcheck, version 1.2.3
(c) 2010, ad

command-line:
Windows version: Windows 7 home premium edition
windows information: (build 7600), 32-bit
base board manufacturer: Samsung electronics co., ltd.
Bios manufacturer: Phoenix technologies ltd.
System manufacturer: Samsung electronics co., ltd.
System product name: R530/r730
logical drives mask: 0x0000000c

kernel drivers (total 188):
0x83c05000 \systemroot\system32\ntoskrnl.exe
0x84005000 \systemroot\system32\halmacpi.dll
0x80baf000 \systemroot\system32\kdcom.dll
0x8c418000 \systemroot\system32\mcupdate_genuineintel.dll
0x8c490000 \systemroot\system32\pshed.dll
0x8c4a1000 \systemroot\system32\bootvid.dll
0x8c4a9000 \systemroot\system32\clfs.sys
0x8c4eb000 \systemroot\system32\ci.dll
0x8c596000 \systemroot\system32\drivers\wdf01000.sys
0x8c607000 \systemroot\system32\drivers\wdfldr.sys
0x8c615000 \systemroot\system32\drivers\acpi.sys
0x8c65d000 \systemroot\system32\drivers\wmilib.sys
0x8c666000 \systemroot\system32\drivers\msisadrv.sys
0x8c66e000 \systemroot\system32\drivers\pci.sys
0x8c698000 \systemroot\system32\drivers\vdrvroot.sys
0x8c6a3000 \systemroot\system32\drivers\partmgr.sys
0x8c6b4000 \systemroot\system32\drivers\compbatt.sys
0x8c6bc000 \systemroot\system32\drivers\battc.sys
0x8c6c7000 \systemroot\system32\drivers\volmgr.sys
0x8c6d7000 \systemroot\system32\drivers\volmgrx.sys
0x8c722000 \systemroot\system32\drivers\mountmgr.sys
0x8c825000 \systemroot\system32\drivers\iastor.sys
0x8c8ff000 \systemroot\system32\drivers\atapi.sys
0x8c908000 \systemroot\system32\drivers\ataport.sys
0x8c92b000 \systemroot\system32\drivers\msahci.sys
0x8c935000 \systemroot\system32\drivers\pciidex.sys
0x8c943000 \systemroot\system32\drivers\amdxata.sys
0x8c94c000 \systemroot\system32\drivers\fltmgr.sys
0x8c980000 \systemroot\system32\drivers\fileinfo.sys
0x8c991000 \systemroot\system32\drivers\ntfs.sys
0x8cac0000 \systemroot\system32\drivers\msrpc.sys
0x8caeb000 \systemroot\system32\drivers\ksecdd.sys
0x8cafe000 \systemroot\system32\drivers\cng.sys
0x8cb5b000 \systemroot\system32\drivers\pcw.sys
0x8cb69000 \systemroot\system32\drivers\fs_rec.sys
0x8c738000 \systemroot\system32\drivers\ndis.sys
0x8cb72000 \systemroot\system32\drivers\netio.sys
0x8cbb0000 \systemroot\system32\drivers\ksecpkg.sys
0x8cc0c000 \systemroot\system32\drivers\volsnap.sys
0x8cc4b000 \systemroot\system32\drivers\spldr.sys
0x8cc53000 \systemroot\system32\drivers\rdyboost.sys
0x8cc80000 \systemroot\system32\drivers\mup.sys
0x8cc90000 \systemroot\system32\drivers\hwpolicy.sys
0x8cc98000 \systemroot\system32\drivers\fvevol.sys
0x8ccca000 \systemroot\system32\drivers\disk.sys
0x8ccdb000 \systemroot\system32\drivers\classpnp.sys
0x8ce17000 \systemroot\system32\drivers\null.sys
0x8ce1e000 \systemroot\system32\drivers\beep.sys
0x8ce25000 \systemroot\system32\drivers\vga.sys
0x8ce31000 \systemroot\system32\drivers\videoprt.sys
0x8ce52000 \systemroot\system32\drivers\watchdog.sys
0x8ce5f000 \systemroot\system32\drivers\rdpcdd.sys
0x8ce67000 \systemroot\system32\drivers\rdpencdd.sys
0x8ce6f000 \systemroot\system32\drivers\rdprefmp.sys
0x8ce77000 \systemroot\system32\drivers\msfs.sys
0x8ce82000 \systemroot\system32\drivers\npfs.sys
0x8ce90000 \systemroot\system32\drivers\tcpip.sys
0x8f424000 \systemroot\system32\drivers\fwpkclnt.sys
0x8f455000 \systemroot\system32\drivers\tdx.sys
0x8f46c000 \systemroot\system32\drivers\tdi.sys
0x8f477000 \systemroot\system32\drivers\afd.sys
0x8f4d1000 \systemroot\system32\drivers\netbt.sys
0x8f503000 \systemroot\system32\drivers\wfplwf.sys
0x8f50a000 \systemroot\system32\drivers\pacer.sys
0x8f529000 \systemroot\system32\drivers\vwififlt.sys
0x8f53a000 \systemroot\system32\drivers\netbios.sys
0x8f548000 \systemroot\system32\drivers\wanarp.sys
0x8f55b000 \systemroot\system32\drivers\termdd.sys
0x8f56b000 \systemroot\system32\drivers\ssmdrv.sys
0x8f571000 \??\c:\windows\system32\drivers\sabi.sys
0x8f579000 \systemroot\system32\drivers\rdbss.sys
0x8f5ba000 \systemroot\system32\drivers\nsiproxy.sys
0x8f5c4000 \systemroot\system32\drivers\mssmbios.sys
0x8f5ce000 \systemroot\system32\drivers\discache.sys
0x8f5da000 \systemroot\system32\drivers\dfsc.sys
0x8f5f2000 \systemroot\system32\drivers\blbdrive.sys
0x8f600000 \systemroot\system32\drivers\avipbb.sys
0x8f623000 \systemroot\system32\drivers\tunnel.sys
0x95814000 \systemroot\system32\drivers\nvlddmkm.sys
0x9618d000 \systemroot\system32\drivers\nvbridge.kmd
0x9618f000 \systemroot\system32\drivers\dxgkrnl.sys
0x96246000 \systemroot\system32\drivers\dxgmms1.sys
0x9627f000 \systemroot\system32\drivers\hdaudbus.sys
0x9629e000 \systemroot\system32\drivers\usbuhci.sys
0x962a9000 \systemroot\system32\drivers\usbport.sys
0x962f4000 \systemroot\system32\drivers\usbehci.sys
0x8f644000 \systemroot\system32\drivers\athr.sys
0x96303000 \systemroot\system32\drivers\vwifibus.sys
0x9630d000 \systemroot\system32\drivers\yk62x86.sys
0x9635e000 \systemroot\system32\drivers\cmbatt.sys
0x96362000 \systemroot\system32\drivers\i8042prt.sys
0x9637a000 \systemroot\system32\drivers\kbdclass.sys
0x96387000 \systemroot\system32\drivers\syntp.sys
0x963c1000 \systemroot\system32\drivers\usbd.sys
0x963c3000 \systemroot\system32\drivers\mouclass.sys
0x963d0000 \systemroot\system32\drivers\intelppm.sys
0x963e2000 \systemroot\system32\drivers\compositebus.sys
0x8f778000 \systemroot\system32\drivers\dne2000.sys
0x95800000 \systemroot\system32\drivers\agilevpn.sys
0x8f797000 \systemroot\system32\drivers\rasl2tp.sys
0x963ef000 \systemroot\system32\drivers\ndistapi.sys
0x8f7af000 \systemroot\system32\drivers\ndiswan.sys
0x8f7d1000 \systemroot\system32\drivers\raspppoe.sys
0x8f7e9000 \systemroot\system32\drivers\raspptp.sys
0x8f400000 \systemroot\system32\drivers\rassstp.sys
0x963fa000 \systemroot\system32\drivers\swenum.sys
0x96801000 \systemroot\system32\drivers\ks.sys
0x96835000 \systemroot\system32\drivers\umbus.sys
0x96843000 \systemroot\system32\drivers\usbhub.sys
0x96887000 \systemroot\system32\drivers\ndproxy.sys
0x96898000 \systemroot\system32\drivers\nvhda32v.sys
0x968ab000 \systemroot\system32\drivers\portcls.sys
0x968da000 \systemroot\system32\drivers\drmk.sys
0x968f3000 \systemroot\system32\drivers\rtkvhda.sys
0x980c0000 \systemroot\system32\win32k.sys
0x96bc9000 \systemroot\system32\drivers\dxapi.sys
0x96bd3000 \systemroot\system32\drivers\crashdmp.sys
0x8cd00000 \systemroot\system32\drivers\dump_iastor.sys
0x96be0000 \systemroot\system32\drivers\dump_dumpfve.sys
0x8cdda000 \systemroot\system32\drivers\usbccgp.sys
0x96bf1000 \systemroot\system32\drivers\hidusb.sys
0x8cdf1000 \systemroot\system32\drivers\hidclass.sys
0x8f417000 \systemroot\system32\drivers\hidparse.sys
0x8ce04000 \systemroot\system32\drivers\mouhid.sys
0x8cfd9000 \systemroot\system32\drivers\monitor.sys
0x8cbd5000 \systemroot\system32\drivers\usbvideo.sys
0x98320000 \systemroot\system32\tsddd.dll
0x98350000 \systemroot\system32\cdd.dll
0x8cfe4000 \systemroot\system32\drivers\luafv.sys
0x8c800000 \systemroot\system32\drivers\avgntflt.sys
0x9003b000 \systemroot\system32\drivers\wudfpf.sys
0x90055000 \systemroot\system32\drivers\lltdio.sys
0x90065000 \systemroot\system32\drivers\nwifi.sys
0x900ab000 \systemroot\system32\drivers\ndisuio.sys
0x900bb000 \systemroot\system32\drivers\rspndr.sys
0x900ce000 \systemroot\system32\drivers\http.sys
0x90153000 \systemroot\system32\drivers\bowser.sys
0x9016c000 \systemroot\system32\drivers\mpsdrv.sys
0x9017e000 \systemroot\system32\drivers\mrxsmb.sys
0x901a1000 \systemroot\system32\drivers\mrxsmb10.sys
0x901dc000 \systemroot\system32\drivers\mrxsmb20.sys
0x9020f000 \systemroot\system32\drivers\peauth.sys
0x902a6000 \systemroot\system32\drivers\secdrv.sys
0x902b0000 \systemroot\system32\drivers\srvnet.sys
0x902d1000 \systemroot\system32\drivers\tcpipreg.sys
0x902de000 \systemroot\system32\drivers\srv2.sys
0x9032d000 \systemroot\system32\drivers\srv.sys
0x90000000 \??\c:\users\elle\appdata\local\temp\kxldapow.sys
0x77420000 \windows\system32\ntdll.dll
0x47600000 \windows\system32\smss.exe
0x77660000 \windows\system32\apisetschema.dll
0x001e0000 \windows\system32\autochk.exe
0x77640000 \windows\system32\lpk.dll
0x775b0000 \windows\system32\oleaut32.dll
0x773a0000 \windows\system32\comdlg32.dll
0x77590000 \windows\system32\imm32.dll
0x77340000 \windows\system32\difxapi.dll
0x77270000 \windows\system32\msctf.dll
0x771d0000 \windows\system32\advapi32.dll
0x770c0000 \windows\system32\urlmon.dll
0x77070000 \windows\system32\gdi32.dll
0x77580000 \windows\system32\psapi.dll
0x77560000 \windows\system32\sechost.dll
0x76fd0000 \windows\system32\usp10.dll
0x76f90000 \windows\system32\ws2_32.dll
0x76e70000 \windows\system32\wininet.dll
0x76de0000 \windows\system32\clbcatq.dll
0x76dd0000 \windows\system32\normaliz.dll
0x76bd0000 \windows\system32\iertutil.dll
0x76b20000 \windows\system32\msvcrt.dll
0x75ed0000 \windows\system32\shell32.dll
0x75e80000 \windows\system32\wldap32.dll
0x75ce0000 \windows\system32\setupapi.dll
0x75c10000 \windows\system32\user32.dll
0x75ab0000 \windows\system32\ole32.dll
0x759d0000 \windows\system32\kernel32.dll
0x759a0000 \windows\system32\imagehlp.dll
0x75940000 \windows\system32\shlwapi.dll
0x75890000 \windows\system32\rpcrt4.dll
0x75880000 \windows\system32\nsi.dll
0x75760000 \windows\system32\crypt32.dll
0x75730000 \windows\system32\xmllite.dll
0x756a0000 \windows\system32\comctl32.dll
0x75680000 \windows\system32\devobj.dll
0x75650000 \windows\system32\cfgmgr32.dll
0x75600000 \windows\system32\kernelbase.dll
0x755d0000 \windows\system32\wintrust.dll
0x755c0000 \windows\system32\msasn1.dll

processes (total 64):
0 system idle process
4 system
300 c:\windows\system32\smss.exe
444 csrss.exe
508 c:\windows\system32\wininit.exe
516 csrss.exe
564 c:\windows\system32\services.exe
580 c:\windows\system32\lsass.exe
588 c:\windows\system32\lsm.exe
692 c:\windows\system32\svchost.exe
776 c:\windows\system32\nvvsvc.exe
816 c:\windows\system32\svchost.exe
872 c:\windows\system32\svchost.exe
908 c:\windows\system32\svchost.exe
932 c:\windows\system32\svchost.exe
1044 c:\windows\system32\svchost.exe
1132 c:\windows\system32\svchost.exe
1236 c:\windows\system32\winlogon.exe
1384 c:\windows\system32\nvvsvc.exe
1408 c:\windows\system32\spoolsv.exe
1504 c:\program files\avira\antivir desktop\sched.exe
1540 c:\windows\system32\svchost.exe
1684 c:\program files\avira\antivir desktop\avguard.exe
1708 c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
1840 c:\windows\system32\taskeng.exe
1860 c:\program files\avira\antivir desktop\avshadow.exe
1868 c:\windows\system32\conhost.exe
1884 c:\windows\system32\dwm.exe
1904 c:\windows\system32\taskhost.exe
1920 c:\windows\explorer.exe
2040 c:\program files\samsung\samsung support center\ssckbdhk.exe
276 c:\program files\samsung\easyspeedupmanager\easyspeedupmanager.exe
332 c:\program files\samsung\easy display manager\dmhkcore.exe
992 c:\program files\bonjour\mdnsresponder.exe
504 c:\windows\system32\svchost.exe
1828 c:\program files\cdburnerxp\nmsaccessu.exe
1772 c:\program files\samsung casual games\gameconsole\oberongameconsoleservice.exe
2216 c:\program files\realtek\audio\hda\rthdvcpl.exe
2228 c:\program files\microsoft office\office12\groovemonitor.exe
2276 c:\program files\itunes\ituneshelper.exe
2308 c:\program files\avira\antivir desktop\avgnt.exe
2328 c:\program files\windows sidebar\sidebar.exe
2588 c:\program files\cyberlink\shared files\richvideo.exe
2620 c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
2708 c:\windows\system32\svchost.exe
2792 c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
2860 c:\program files\xsmanager\wtgservice.exe
2880 c:\windows\service4g.exe
2928 c:\program files\spybot - search & destroy\sdwinsec.exe
3420 c:\program files\common files\microsoft shared\windows live\wlidsvcm.exe
3556 c:\program files\ipod\bin\ipodservice.exe
3620 c:\windows\system32\searchindexer.exe
3800 c:\windows\system32\svchost.exe
1656 c:\program files\mozilla firefox\firefox.exe
3144 c:\windows\explorer.exe
3536 c:\windows\system32\audiodg.exe
4076 c:\program files\winrar\winrar.exe
1344 c:\users\elle\desktop\osam.exe
1584 c:\windows\system32\searchprotocolhost.exe
2976 c:\windows\system32\searchfilterhost.exe
3760 dllhost.exe
584 dllhost.exe
3448 c:\users\elle\desktop\mbrcheck.exe
2540 c:\windows\system32\conhost.exe

\\.\c: --> \\.\physicaldrive0 at offset 0x00000003`c6500000 (ntfs)
\\.\d: --> \\.\physicaldrive0 at offset 0x00000010`82500000 (ntfs)

physicaldrive0 model number: Hitachihts545032b9a300, rev: Pb3oc66g

size device name mbr status
--------------------------------------------
298 gb \\.\physicaldrive0 unknown mbr code
sha1: F5c09acabd4a5370bdd907e8edfe0c1da0f9d3f5

found non-standard or infected mbr.
Enter 'y' and hit enter for more options, or 'n' to exit:

.........

cosinus · 21.11.2010, 10:52

Starte bitte MBRCheck.exe erneut. (mit Adminrechten über rechtsklick als Admin ausführen)
Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter
bei

Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
Enter your choice: 2
Enter the physical disk number to fix (0-99, -1 to cancel): 0
Please select the MBR code to write to this drive: 5 (für Win7)
Gib nun Yes ein und bestätige mit ENTER.
Starte den Rechner neu auf.

Nach dem Neustart starte bitte MBRCheck.exe erneut.
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop.
Poste mir den Inhalt von beiden .txt Dokumenten

chak · 21.11.2010, 20:26

Hi, nachdem ich nach dem Neustart das MBRCheck erneut geöffnet habe, erschien nur eine neue txt-Datei:

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R530/R730
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 187):
0x83C0C000 \SystemRoot\system32\ntoskrnl.exe
0x8400C000 \SystemRoot\system32\halmacpi.dll
0x80BB3000 \SystemRoot\system32\kdcom.dll
0x8C43F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8C4B7000 \SystemRoot\system32\PSHED.dll
0x8C4C8000 \SystemRoot\system32\BOOTVID.dll
0x8C4D0000 \SystemRoot\system32\CLFS.SYS
0x8C512000 \SystemRoot\system32\CI.dll
0x8C5BD000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C62E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C63C000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8C684000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8C68D000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8C695000 \SystemRoot\system32\DRIVERS\pci.sys
0x8C6BF000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8C6CA000 \SystemRoot\System32\drivers\partmgr.sys
0x8C6DB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8C6E3000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8C6EE000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8C6FE000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C749000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C83F000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8C919000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8C922000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8C945000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8C94F000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8C95D000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C966000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C99A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C9AB000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8CADA000 \SystemRoot\System32\Drivers\msrpc.sys
0x8CB05000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8CB18000 \SystemRoot\System32\Drivers\cng.sys
0x8CB75000 \SystemRoot\System32\drivers\pcw.sys
0x8CB83000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8CC1D000 \SystemRoot\system32\drivers\ndis.sys
0x8CCD4000 \SystemRoot\system32\drivers\NETIO.SYS
0x8CD12000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8CD37000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8CD76000 \SystemRoot\System32\Drivers\spldr.sys
0x8CD7E000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CDAB000 \SystemRoot\System32\Drivers\mup.sys
0x8CDBB000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8CDC3000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8CDF5000 \SystemRoot\system32\DRIVERS\disk.sys
0x8CE06000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8CF42000 \SystemRoot\System32\Drivers\Null.SYS
0x8CF49000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CF50000 \SystemRoot\System32\drivers\vga.sys
0x8CF5C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CF7D000 \SystemRoot\System32\drivers\watchdog.sys
0x8CF8A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CF92000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CF9A000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8CFA2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CFAD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x93815000 \SystemRoot\System32\drivers\tcpip.sys
0x9395E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x9398F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x939A6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x939B1000 \SystemRoot\system32\drivers\afd.sys
0x93A0B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x93A3D000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x93A44000 \SystemRoot\system32\DRIVERS\pacer.sys
0x93A63000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x93A74000 \SystemRoot\system32\DRIVERS\netbios.sys
0x93A82000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x93A95000 \SystemRoot\system32\DRIVERS\termdd.sys
0x93AA5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x93AAB000 \??\C:\windows\system32\Drivers\SABI.sys
0x93AB3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x93AF4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x93AFE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x93B08000 \SystemRoot\System32\drivers\discache.sys
0x93B14000 \SystemRoot\System32\Drivers\dfsc.sys
0x93B2C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x93B3A000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x93B5D000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x95421000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x95D9A000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x95D9C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x95E53000 \SystemRoot\System32\drivers\dxgmms1.sys
0x95E8C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x95EAB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x95EB6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x95F01000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x96009000 \SystemRoot\system32\DRIVERS\athr.sys
0x9613D000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x96147000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x96198000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9619C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x961B4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x961C1000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x961FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x961FD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9620A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9621C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x96229000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x96248000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9625A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x96272000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9627D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9629F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x962B7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x962CE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x962E5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x962E7000 \SystemRoot\system32\DRIVERS\ks.sys
0x9631B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x96329000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9636D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9637E000 \SystemRoot\system32\drivers\nvhda32v.sys
0x96391000 \SystemRoot\system32\drivers\portcls.sys
0x963C0000 \SystemRoot\system32\drivers\drmk.sys
0x9740E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9B190000 \SystemRoot\System32\win32k.sys
0x976E4000 \SystemRoot\System32\drivers\Dxapi.sys
0x976EE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x976FB000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x977D5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x977E6000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9B3F0000 \SystemRoot\System32\TSDDD.dll
0x9B020000 \SystemRoot\System32\cdd.dll
0x963D9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x977F1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x95F10000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x97400000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x963F0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x95F23000 \SystemRoot\System32\Drivers\usbvideo.sys
0x95F47000 \SystemRoot\system32\drivers\luafv.sys
0x95F62000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x95F77000 \SystemRoot\system32\drivers\WudfPf.sys
0x95F91000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x95FA1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x95FE7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x95400000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8CE2B000 \SystemRoot\system32\drivers\HTTP.sys
0x93B7E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x93B97000 \SystemRoot\System32\drivers\mpsdrv.sys
0x93BA9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8CEB0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x93BCC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8C75F000 \SystemRoot\system32\drivers\peauth.sys
0x95413000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8CEEB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x93800000 \SystemRoot\System32\drivers\tcpipreg.sys
0x8CB8C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA5423000 \SystemRoot\System32\DRIVERS\srv.sys
0x76F40000 \Windows\System32\ntdll.dll
0x481E0000 \Windows\System32\smss.exe
0x77180000 \Windows\System32\apisetschema.dll
0x00720000 \Windows\System32\autochk.exe
0x770A0000 \Windows\System32\user32.dll
0x77080000 \Windows\System32\imm32.dll
0x76D40000 \Windows\System32\iertutil.dll
0x76D00000 \Windows\System32\ws2_32.dll
0x76CB0000 \Windows\System32\Wldap32.dll
0x76C10000 \Windows\System32\advapi32.dll
0x76B00000 \Windows\System32\urlmon.dll
0x76AA0000 \Windows\System32\shlwapi.dll
0x769D0000 \Windows\System32\msctf.dll
0x768F0000 \Windows\System32\kernel32.dll
0x768E0000 \Windows\System32\psapi.dll
0x76880000 \Windows\System32\difxapi.dll
0x76800000 \Windows\System32\comdlg32.dll
0x767E0000 \Windows\System32\sechost.dll
0x76790000 \Windows\System32\gdi32.dll
0x76700000 \Windows\System32\oleaut32.dll
0x766F0000 \Windows\System32\nsi.dll
0x76660000 \Windows\System32\clbcatq.dll
0x76650000 \Windows\System32\normaliz.dll
0x76640000 \Windows\System32\lpk.dll
0x76590000 \Windows\System32\rpcrt4.dll
0x764F0000 \Windows\System32\usp10.dll
0x763D0000 \Windows\System32\wininet.dll
0x76320000 \Windows\System32\msvcrt.dll
0x756D0000 \Windows\System32\shell32.dll
0x75530000 \Windows\System32\setupapi.dll
0x753D0000 \Windows\System32\ole32.dll
0x753A0000 \Windows\System32\imagehlp.dll
0x75370000 \Windows\System32\xmllite.dll
0x75250000 \Windows\System32\crypt32.dll
0x75220000 \Windows\System32\wintrust.dll
0x751F0000 \Windows\System32\cfgmgr32.dll
0x75160000 \Windows\System32\comctl32.dll
0x75140000 \Windows\System32\devobj.dll
0x750F0000 \Windows\System32\KernelBase.dll
0x750E0000 \Windows\System32\msasn1.dll

Processes (total 60):
0 System Idle Process
4 System
304 C:\Windows\System32\smss.exe
448 csrss.exe
508 C:\Windows\System32\wininit.exe
520 csrss.exe
564 C:\Windows\System32\services.exe
580 C:\Windows\System32\lsass.exe
588 C:\Windows\System32\lsm.exe
680 C:\Windows\System32\svchost.exe
768 C:\Windows\System32\nvvsvc.exe
808 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\audiodg.exe
1040 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\winlogon.exe
1192 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\nvvsvc.exe
1420 C:\Windows\System32\spoolsv.exe
1428 C:\Windows\System32\taskeng.exe
1512 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1536 C:\Windows\System32\svchost.exe
1664 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1692 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1756 C:\Windows\System32\taskhost.exe
1812 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1820 C:\Windows\System32\conhost.exe
1840 C:\Windows\System32\dwm.exe
1876 C:\Windows\System32\taskeng.exe
1904 C:\Windows\explorer.exe
1960 C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
1988 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
2024 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
2032 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
924 C:\Program Files\Bonjour\mDNSResponder.exe
524 C:\Windows\System32\svchost.exe
1580 C:\Program Files\CDBurnerXP\NMSAccessU.exe
1888 C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
2168 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
2248 C:\Program Files\iTunes\iTunesHelper.exe
2264 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2272 C:\Program Files\Windows Sidebar\sidebar.exe
2348 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2412 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2500 C:\Windows\System32\svchost.exe
2652 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2772 C:\Program Files\XSManager\WTGService.exe
2848 C:\Windows\service4g.exe
3004 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3012 WmiPrvSE.exe
3392 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3532 C:\Program Files\iPod\bin\iPodService.exe
3580 C:\Windows\System32\SearchIndexer.exe
2080 C:\Windows\servicing\TrustedInstaller.exe
3364 dllhost.exe
4076 dllhost.exe
452 C:\Users\elle\Desktop\MBRCheck.exe
4004 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000010`82500000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545032B9A300, Rev: PB3OC66G

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Vor dem Neustart hatte ich beim ersten öffnen eine falsche Eingabe gemacht, sodass ich es nochmal machen musste. Deshalb hatte ich vor dem Neustart 4 .txt-Dateien. Brauchst du die auch?

cosinus · 21.11.2010, 20:29

Hat leider nicht geklappt. Der MBR ist wieder vorher

Hast du eine normale Win7-DVD zur Hand? Wenn nicht wirds schwierig...evtl. könnte eine Recovery-DVD helfen, aber die haben nicht immer das was wir brauchen.

chak · 21.11.2010, 20:31

ne ich hab keine W7 oder Recovery CD. Das W7 war auf dem notebook schon vorinstaliert.

cosinus · 21.11.2010, 20:39

Ja aber du musst dir doch dann Recoverymedien für den Notfall brennen!
Was machs du denn wenn die Platte defekt ist und durch den Tausch Windows neu rauf muss? Oder allgemein warum auch immer Windows neu installiert werden muss? Ich weiß, dass es nicht gerade toll ist, dass die Hersteller keine Medien mehr mitliefern, aber in den Handbüchern sollte doch dick und fett stehen, dass man sich Recovery-Medien unbedingt brennen muss!

21.11.2010, 20:29	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Knacken, Rauschen, Zerren bei Audiowiedergabe Hat leider nicht geklappt. Der MBR ist wieder vorher Hast du eine normale Win7-DVD zur Hand? Wenn nicht wirds schwierig...evtl. könnte eine Recovery-DVD helfen, aber die haben nicht immer das was wir brauchen. __________________ Logfiles bitte immer in CODE-Tags posten

Knacken, Rauschen, Zerren bei Audiowiedergabe

Log-Analyse und Auswertung: Knacken, Rauschen, Zerren bei Audiowiedergabe