Problem mit Vista Darstellungseinstellung (Design)

chenju · 09.03.2011, 18:22

Habe ein großes problem mit meinen Fensterdarstellungen! Ich kann das aero und vista-basis nicht mehr aktivieren..sogar bei der vorschau ist nur ein schwarzes feld zu sehen, ging bis jetz die ganze zeit aber gestern hat sich mein system selber neu gestartet nach einen update und seitdem geht das nicht mehr.. zudem steht bei anpassung / fensterfarben und darstellung--- das aero und das vista-basis 2mal hintereinander da?? auswählen kann ich sie aber nicht sondern nur im nicht so schönen windows standart! BItte helft mir was kann ich tun?

eine grafik füg ich auch noch bei... Danke im vorraus ich hoffe jemand kann mir helfen

cosinus · 10.03.2011, 13:38

Downloade Dir bitte WVCheck von Artellos.com

Speichere die Datei auf dem Desktop. ( solltest Du dir die .zip Datei herunter geladen haben musst Du diese zuerst entpacken )
Starte die .exe mit Doppelklick
Vista und Win7 User: mit Rechtsklick "als Admin ausführen" starten
Wie beschrieben, kann das Tool eine Weile brauchen.
Wenn es erledigt ist, kopiere den Inhalt des Textdokumentes hier in deinen Thread

chenju · 11.03.2011, 16:11

Hallo cosinus. Und Danke für deine Hilfe.

Hier ist das Ergebnis:

Windows Validation Check
Version: 1.9.11.5
Log Created On: 1608_11-03-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows Vista Service Pack 2
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2011-03-10 18:47:38
Last Success Time for Update Download: 2011-03-08 23:05:13
Last Success Time for Update Installation: 2011-03-08 23:15:36

WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------

WVCheck's File Dump
-----------------------
WVCheck found no known bad files.

WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.

WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.

WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.

WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.

WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 75510147b94598407666f4802797c75a

-------- End of File, program close at 1608_11-03-2011 --------

Ich hoffe du kannst damit was anfangen =)

cosinus · 11.03.2011, 16:15

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

chenju · 11.03.2011, 18:28

So ich bin jetzt endlich fertig mit den scans.. danke für deine schnelle hilfe!
eine ältere malewarebyte log-datei konnte ich nicht finden..
hier ist die aktuelle

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6019

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8080.16413

11.03.2011 18:12:34
mbam-log-2011-03-11 (18-12-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 370665
Laufzeit: 1 Stunde(n), 43 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

und hier die 2 von OTL.exe

Extras.Txt :OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 11.03.2011 18:18:51 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\HP\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,53 Gb Total Space | 43,62 Gb Free Space | 30,82% Space Free | Partition Type: NTFS
Drive D: | 7,51 Gb Total Space | 2,51 Gb Free Space | 33,47% Space Free | Partition Type: NTFS
 
Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0075C272-4A11-440F-BF2B-AE83A61BC6C4}" = lport=4665 | protocol=17 | dir=in | name=remote | 
"{1E6CED5D-80BF-4839-B323-883882F6DF37}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{2E47E519-51A1-40D0-A3F2-F3C45319739E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3D87D1CB-BF0C-4858-9DEC-C85A9B2C3B58}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{4A5F4AC2-891A-4509-A082-F2851F2AD1C6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{4B0314C1-CDFE-4078-9B59-3EB58FD5D890}" = rport=2178 | protocol=6 | dir=out | app=system | 
"{656EB274-94C0-4BAA-A974-7F6A6B3ACB90}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8C4E59D2-D55C-408D-8BBA-7AC293936023}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | 
"{93BE7600-D377-40D5-AD16-62268FDF46AE}" = lport=4661 | protocol=6 | dir=in | name=remote | 
"{95C46567-6A68-4E97-921D-4180CC8860DA}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe | 
"{99BDA328-3A4E-44BE-BAD6-23F6BC524DDE}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{A91743B2-B5C8-44FB-8CBA-3582F3EC3F19}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{BDF957A8-A744-488B-8763-BD2ECA4C6314}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{BE1FCB4E-5080-450B-8BEC-50492ABB20C5}" = lport=2178 | protocol=6 | dir=in | app=system | 
"{FCC71F21-695F-4181-AC38-2C08FF73C9E1}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | 
"{FF34B61F-D486-45A3-A27E-7E7B20B6F5BF}" = lport=5357 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CD43E70-A66C-4215-8D70-76E006F9CC75}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{21362C17-93BD-4342-8EDE-B2D46F7F65AC}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{2DC3740F-7100-4517-9E38-98A19092700D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4787C8CB-F8D2-4C64-945D-A8488CD4187D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4B56601D-5FA3-4278-9672-C044803F793D}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe | 
"{5EDAE8AB-00A4-4287-B89C-3A3456311A48}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{67771231-3508-4CDF-9B6C-D236BFE57E88}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{9617D626-829E-47E8-903A-2608464F6C87}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{B688A089-7CB5-4D1D-B9A6-FFD359BEAEF9}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{B8E55134-BBCA-4C03-9B43-62FCAC00D559}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{D71EA193-6FA3-4D1F-8E25-787966C777D2}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{DBE9244B-5F68-4E52-BC1D-D6151905CD86}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{EFBF4F7D-3279-4A59-8575-0058E028E516}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe | 
"TCP Query User{01AE6933-9CC7-4C31-80EF-2E68BBDDB3E1}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe | 
"TCP Query User{07EE0797-76C7-4221-8CEB-F846EAD2EB3A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{177E6943-272D-485A-8088-6BFBEFD94C20}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"TCP Query User{2FB8B96F-4C9A-4694-95C3-F8A13F6CCD16}C:\program files\steam\steamapps\chrizi85\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\chrizi85\counter-strike source\hl2.exe | 
"TCP Query User{4C5B48EC-4566-40F5-A6A1-373B445FC790}C:\program files\mirandame\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\mirandame\miranda32.exe | 
"TCP Query User{9D89A8DC-5697-41EB-A78F-FF0C6ED507A6}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{A134D9B5-9EA7-4F27-B7D4-5B7972D7876D}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{B75C2BBE-8EED-4223-B213-247BD2F427D2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{DFE8731B-86EC-4811-9232-748CF1B98E84}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{EBC6FD5D-7616-41B8-8438-E496C2B5EF87}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe | 
"UDP Query User{2DDA06B3-5DC1-4C98-8487-BA0C7DF10CED}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"UDP Query User{3D4F952F-4822-4194-83E4-F5EA5C332E11}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{4A6FE90F-B7AD-4C38-A2A1-71A6F427F7C5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{5EA9419D-B5E3-4A6F-B5C8-23691DD69EE7}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe | 
"UDP Query User{82F837FB-6C24-45FD-B7BC-646CBC043F37}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{83F2DE60-2A84-4B1C-918C-B77A6C0EC8E6}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe | 
"UDP Query User{913464D4-B456-4E08-BBC2-490D3D404BF8}C:\program files\mirandame\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\mirandame\miranda32.exe | 
"UDP Query User{BB4D27FA-5C04-49BF-A53D-FF724A1CDFCA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{CC1FCD24-74F9-418E-A6C2-288948E57275}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{F7FB4CB3-A266-4428-BB7D-1C39982E0457}C:\program files\steam\steamapps\chrizi85\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\chrizi85\counter-strike source\hl2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0ABA40AF-288D-41F1-B735-C5155692CD7D}" = VeriSoft Access Manager
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7968EB30-5580-4955-8925-4A17CD625118}" = ESU for Microsoft Vista
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BAF043B-82FC-43E2-96EA-5F68015F4FA2}" = AuthenTec Fingerprint Sensor Minimum Install
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B61B6668-A674-4A06-8405-51944D5CCDDD}" = AuthenTec Fingerprint Sensor Minimum Install
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Camfrog 5.5" = Camfrog Video Chat 5.5
"Canon Camera TWAIN Driver EOS-1D" = Canon EOS-1D TWAIN Driver
"CCleaner" = CCleaner
"eMule" = eMule
"eMule Plus_is1" = eMule Plus 1.2e
"Everest Poker" = Everest Poker (Remove Only)
"Everest Poker.net" = Everest Poker.net (Remove Only)
"HijackThis" = HijackThis 2.0.2
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Privoxy" = Privoxy 3.0.6
"SimpleScreenshot" = SimpleScreenshot 1.40
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tor" = Tor 0.1.2.19
"Vidalia" = Vidalia 0.0.16
"VistaGlazz_is1" = VistaGlazz 1.2
"VLC media player" = VLC media player 0.9.8a
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

und OTL.TxtOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11.03.2011 18:18:51 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\HP\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,53 Gb Total Space | 43,62 Gb Free Space | 30,82% Space Free | Partition Type: NTFS
Drive D: | 7,51 Gb Total Space | 2,51 Gb Free Space | 33,47% Space Free | Partition Type: NTFS
 
Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\HP\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Vidalia Bundle\Tor\tor.exe ()
PRC - C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe (Cognizance Corporation)
PRC - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - Privoxy - Home Page)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\HP\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (ASBroker) -- C:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ASChannel) -- C:\Program Files\Bioscrypt\VeriSoft\Bin\ASChnl.dll (Cognizance Corporation)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (dtscsi) -- C:\Windows\System32\Drivers\dtscsi.sys (DT Soft Ltd.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Bing [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 45 9C 33 87 92 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[2011.02.10 18:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.03 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.02.08 16:52:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.05.19 10:39:58 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.01.21 22:28:47 | 000,002,158 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - HKCU..\RunOnce: [Shockwave Updater]  File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{712a6547-9414-11df-8ee6-001b24c8f5d8}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.11 18:15:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2011.03.11 17:59:20 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Fat32FormatterEN
[2011.03.11 16:53:37 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Ps3
[2011.03.11 16:02:12 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\ice02.2011
[2011.03.09 17:55:11 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\SimpleScreenshot
[2011.03.09 17:55:05 | 000,330,336 | ---- | C] (Mirko Böer) -- C:\Windows\SSSUn.EXE
[2011.03.09 17:55:05 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimpleScreenshot
[2011.03.09 17:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\SSS
[2011.03.09 17:54:08 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\simpleScreenshot
[2011.03.09 00:05:12 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 00:05:12 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 00:05:12 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 00:05:12 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.03.06 00:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2011.03.01 00:48:53 | 000,000,000 | ---D | C] -- C:\Users\HP\Tracing
[2011.02.28 16:43:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.02.28 16:43:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.02.28 16:43:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.02.25 16:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.02.24 03:06:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.02.24 03:01:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.02.24 03:01:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.02.24 03:01:26 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.02.24 03:01:26 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.02.24 03:01:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.02.24 03:01:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.02.24 03:01:20 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.02.24 03:01:19 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.02.24 03:01:19 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.02.24 03:01:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.02.24 03:01:13 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.02.24 03:00:59 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.02.24 03:00:59 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.02.24 03:00:59 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.02.24 03:00:58 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.02.24 03:00:58 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011.02.21 19:00:11 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\BewerbungsMaster
[2011.02.21 18:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\BEWERBUNGSMASTER
[2011.02.20 15:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedBit Video Downloader
[2011.02.20 15:42:27 | 000,172,032 | ---- | C] (Jin Hui    E-mail: jinhui@jcomsoft.com   Web: JComSoft : J Component Software : ActiveX & OCX Shareware and Freeware) -- C:\Windows\System32\AniGIF.ocx
[2011.02.20 15:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2011.02.20 15:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\SearchPredict
[2011.02.20 15:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Downloader
[2011.02.20 15:29:56 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.02.20 15:19:42 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.02.20 15:19:41 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.02.20 15:19:41 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.02.20 15:19:41 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.02.20 15:19:40 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.02.20 15:19:40 | 001,426,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.02.20 15:19:40 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.02.20 15:19:40 | 000,356,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.20 15:19:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.02.20 15:19:40 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.02.20 15:19:40 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.02.20 15:19:40 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.02.20 15:19:40 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.02.20 15:19:40 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.20 15:19:39 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.20 15:19:39 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.02.20 15:19:39 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.02.20 15:19:39 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.02.20 15:19:35 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.20 15:19:35 | 001,791,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.02.20 15:19:35 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.02.20 15:19:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.02.20 15:19:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.02.20 15:19:35 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.02.20 15:19:35 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.02.20 15:19:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.02.20 15:19:34 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.02.20 15:19:34 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.20 15:19:34 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.02.20 15:19:34 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.20 15:19:34 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.02.20 15:19:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.02.20 15:19:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.02.20 15:19:33 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.02.20 15:19:33 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.02.20 15:19:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.02.20 15:19:32 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.20 15:19:32 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.02.20 15:19:32 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.02.20 15:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2011.02.10 17:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2011
[2011.02.10 17:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.02.10 17:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011.02.10 17:46:31 | 000,488,536 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.02.10 17:02:28 | 000,282,624 | ---- | C] (Sub Systems, Inc. ) -- C:\Windows\System32\PDC32.DLL
[2011.02.10 00:10:08 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.02.10 00:10:03 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.10 00:10:02 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.10 00:09:46 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.02.10 00:09:46 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.02.10 00:09:45 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.02.10 00:09:45 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.02.10 00:09:45 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.02.10 00:09:45 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.02.10 00:09:44 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.02.10 00:09:44 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.02.10 00:09:44 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.02.10 00:09:44 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.02.10 00:09:43 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.02.10 00:09:43 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.02.10 00:09:42 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.02.10 00:09:41 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.02.10 00:09:41 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.02.10 00:09:41 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.02.10 00:09:41 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.02.10 00:09:40 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.02.10 00:09:40 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.02.10 00:09:39 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.02.10 00:09:39 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.02.10 00:09:38 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.02.10 00:09:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.02.10 00:09:37 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.02.10 00:09:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.10 00:09:22 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.02.10 00:09:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\HP\AppData\Local\CDRip.dll
[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\HP\AppData\Local\No23 Recorder.exe
[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\HP\AppData\Local\basscd.dll
[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\HP\AppData\Local\bass.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.11 18:21:46 | 000,004,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.11 18:21:46 | 000,004,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.11 18:15:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2011.03.11 17:38:55 | 000,173,056 | ---- | M] () -- C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.11 16:58:09 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.11 16:58:09 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.11 16:58:09 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.11 16:58:09 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.11 16:25:53 | 000,000,148 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011.03.11 16:25:43 | 000,031,586 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.03.11 16:25:17 | 000,031,586 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.03.11 16:21:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.11 16:21:40 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.11 15:59:21 | 000,000,680 | ---- | M] () -- C:\Users\HP\AppData\Local\d3d9caps.dat
[2011.03.09 18:01:07 | 000,010,558 | ---- | M] () -- C:\Users\HP\Documents\Femsterdarstellung!.gif
[2011.03.09 18:00:25 | 000,016,386 | ---- | M] () -- C:\Users\HP\Documents\Fensterdarstellung.gif
[2011.03.09 17:55:06 | 000,001,346 | R--- | M] () -- C:\Windows\SimpleScreenshot_Uninstall.in
[2011.03.09 17:55:05 | 000,000,721 | ---- | M] () -- C:\Users\HP\Desktop\SimpleScreenshot.lnk
[2011.03.08 20:12:05 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.03.06 01:28:45 | 000,293,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.27 01:41:58 | 000,001,607 | ---- | M] () -- C:\Users\HP\Documents\KündigungTestabo.rtf
[2011.02.25 16:35:24 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.02.24 18:27:39 | 000,920,206 | ---- | M] () -- C:\Users\HP\AppData\Roaming\UserTile.png
[2011.02.21 20:40:48 | 000,001,722 | ---- | M] () -- C:\Users\HP\Documents\Ausbildung Anschreiben Encinar.rtf
[2011.02.21 19:37:57 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011.02.21 19:37:55 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011.02.21 19:36:39 | 000,000,127 | ---- | M] () -- C:\Notizen.rtf
[2011.02.20 15:19:56 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.02.20 15:19:56 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.02.20 15:19:42 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.02.20 15:19:41 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.02.20 15:19:41 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.02.20 15:19:41 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.02.20 15:19:40 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.02.20 15:19:40 | 001,426,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.02.20 15:19:40 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.02.20 15:19:40 | 000,356,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.20 15:19:40 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.02.20 15:19:40 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.02.20 15:19:40 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.02.20 15:19:40 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.02.20 15:19:40 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.02.20 15:19:40 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.02.20 15:19:40 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.20 15:19:39 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.20 15:19:39 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.02.20 15:19:39 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.02.20 15:19:39 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.02.20 15:19:36 | 002,382,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.20 15:19:35 | 001,791,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.02.20 15:19:35 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.02.20 15:19:35 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.02.20 15:19:35 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.02.20 15:19:35 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.02.20 15:19:35 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.02.20 15:19:34 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.02.20 15:19:34 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.02.20 15:19:34 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.20 15:19:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.02.20 15:19:34 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.20 15:19:34 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.02.20 15:19:34 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.02.20 15:19:33 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.02.20 15:19:33 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.02.20 15:19:33 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.02.20 15:19:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.02.20 15:19:32 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.20 15:19:32 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.02.20 15:19:32 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.02.20 12:52:15 | 000,000,264 | ---- | M] () -- C:\Users\HP\Documents\mdhpw.rtf
[2011.02.10 18:17:17 | 000,114,243 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011.02.10 18:17:16 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011.02.10 17:46:31 | 000,488,536 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.02.10 17:03:25 | 000,004,403 | ---- | M] () -- C:\Windows\ST6UNST.002
[2011.02.10 17:02:29 | 000,004,653 | ---- | M] () -- C:\Windows\ST6UNST.001
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.09 18:01:07 | 000,010,558 | ---- | C] () -- C:\Users\HP\Documents\Femsterdarstellung!.gif
[2011.03.09 18:00:25 | 000,016,386 | ---- | C] () -- C:\Users\HP\Documents\Fensterdarstellung.gif
[2011.03.09 17:55:06 | 000,001,346 | R--- | C] () -- C:\Windows\SimpleScreenshot_Uninstall.in
[2011.03.09 17:55:05 | 000,000,751 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimpleScreenshot.lnk
[2011.03.09 17:55:05 | 000,000,721 | ---- | C] () -- C:\Users\HP\Desktop\SimpleScreenshot.lnk
[2011.03.08 20:12:05 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.02.27 01:40:27 | 000,001,607 | ---- | C] () -- C:\Users\HP\Documents\KündigungTestabo.rtf
[2011.02.25 16:34:27 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.02.25 16:34:27 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.02.24 18:27:38 | 000,920,206 | ---- | C] () -- C:\Users\HP\AppData\Roaming\UserTile.png
[2011.02.24 18:16:51 | 001,516,201 | -H-- | C] () -- C:\Users\HP\Desktop\DSCF1001.JPG
[2011.02.24 18:16:51 | 001,442,673 | -H-- | C] () -- C:\Users\HP\Desktop\DSCF0968.JPG
[2011.02.24 18:16:51 | 001,125,170 | -H-- | C] () -- C:\Users\HP\Desktop\DSCF1000.JPG
[2011.02.24 18:16:51 | 001,094,729 | -H-- | C] () -- C:\Users\HP\Desktop\DSCF0999.JPG
[2011.02.24 18:16:51 | 001,091,182 | -H-- | C] () -- C:\Users\HP\Desktop\DSCF0998.JPG
[2011.02.24 18:16:51 | 001,029,962 | -H-- | C] () -- C:\Users\HP\Desktop\DSCF0946.JPG
[2011.02.24 18:16:51 | 000,998,016 | -H-- | C] () -- C:\Users\HP\Desktop\DSCF0947.JPG
[2011.02.24 18:16:51 | 000,966,664 | -H-- | C] () -- C:\Users\HP\Desktop\DSCF0945.JPG
[2011.02.24 03:01:00 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.02.24 03:01:00 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.02.24 03:01:00 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.02.21 20:40:48 | 000,001,722 | ---- | C] () -- C:\Users\HP\Documents\Ausbildung Anschreiben Encinar.rtf
[2011.02.20 15:29:56 | 000,000,909 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.02.20 15:19:40 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.02.10 17:48:56 | 000,114,243 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.02.10 17:48:56 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.02.10 17:03:20 | 000,004,403 | ---- | C] () -- C:\Windows\ST6UNST.002
[2011.02.10 17:02:28 | 000,176,128 | ---- | C] () -- C:\Windows\System32\toc18.ocx
[2011.02.10 17:02:08 | 000,004,653 | ---- | C] () -- C:\Windows\ST6UNST.001
[2010.02.16 00:36:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.10 10:21:07 | 000,031,586 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.12.10 10:21:03 | 000,031,586 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.10.24 15:58:01 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.10.07 16:25:59 | 000,001,466 | ---- | C] () -- C:\Users\HP\AppData\Local\RecConfig.xml
[2009.09.09 18:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009.08.01 02:19:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.01 02:19:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.04.23 20:00:29 | 000,000,024 | ---- | C] () -- C:\Windows\pstudio.ini
[2009.04.23 20:00:29 | 000,000,011 | ---- | C] () -- C:\Windows\album.ini
[2009.02.19 22:35:47 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.02.19 22:25:13 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008.11.01 18:04:22 | 000,941,784 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2008.09.02 14:17:07 | 000,027,050 | ---- | C] () -- C:\Users\HP\AppData\Roaming\nvModes.001
[2008.09.01 17:01:06 | 000,027,050 | ---- | C] () -- C:\Users\HP\AppData\Roaming\nvModes.dat
[2008.08.30 21:37:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.08.29 14:03:42 | 000,173,056 | ---- | C] () -- C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.05 19:04:45 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008.08.05 19:04:45 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008.08.05 17:28:49 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.08.04 16:46:15 | 000,000,680 | ---- | C] () -- C:\Users\HP\AppData\Local\d3d9caps.dat
[2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\HP\AppData\Local\lame_enc.dll
[2007.02.27 21:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.12.13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.12.13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,293,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\HP\AppData\Local\vorbisenc.dll
[2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\HP\AppData\Local\vorbisfile.dll
[2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\HP\AppData\Local\vorbis.dll
[2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\HP\AppData\Local\ogg.dll
[2006.03.10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\HP\AppData\Local\no23xwrapper.dll
[2005.05.08 17:56:44 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2005.04.03 21:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[2005.02.25 05:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL
[1998.05.07 02:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:54997B77
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:30C46519
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E55CE2D1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

--- --- ---

cosinus · 11.03.2011, 19:03

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.

chenju · 11.03.2011, 19:27

Ah ,jetzt hab ich sie gefunden..

hier sind noch 2

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8080.16413

08.03.2011 23:52:50
mbam-log-2011-03-08 (23-52-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 332065
Laufzeit: 2 Stunde(n), 17 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Users\HP\AppData\Roaming\drivers\downld (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Windows\System32\28463 (Keylogger.Ardamax) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\System32\28463\YXLE.001 (Keylogger.Ardamax) -> Quarantined and deleted successfully.
C:\Windows\System32\28463\YXLE.002 (Keylogger.Ardamax) -> Quarantined and deleted successfully.
C:\Windows\System32\28463\YXLE.005 (Keylogger.Ardamax) -> Quarantined and deleted successfully.
C:\Windows\System32\28463\YXLE.009 (Keylogger.Ardamax) -> Quarantined and deleted successfully.

und..

Malwarebytes' Anti-Malware 1.34
Datenbank Version: 1855
Windows 6.0.6002 Service Pack 2

10.02.2011 20:50:24
mbam-log-2011-02-10 (20-50-24).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 128117
Laufzeit: 48 minute(s), 9 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 12.03.2011, 12:18

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:54997B77
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:30C46519
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E55CE2D1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{712a6547-9414-11df-8ee6-001b24c8f5d8}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe
O4 - HKCU..\RunOnce: [Shockwave Updater]  File not found
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

chenju · 12.03.2011, 20:59

Hey cosinus Danke..!

hier ist die logfile vom OTL scan!

All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:54997B77 deleted successfully.
ADS C:\ProgramData\TEMP:30C46519 deleted successfully.
ADS C:\ProgramData\TEMP:E55CE2D1 deleted successfully.
ADS C:\ProgramData\TEMP

FC5A2B2 deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AUTOMODE moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{712a6547-9414-11df-8ee6-001b24c8f5d8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{712a6547-9414-11df-8ee6-001b24c8f5d8}\ not found.
File F:\Get_Started_for_Win.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP
->Temp folder emptied: 11570518 bytes
->Temporary Internet Files folder emptied: 240945295 bytes
->Java cache emptied: 86689325 bytes
->Google Chrome cache emptied: 5878095 bytes
->Flash cache emptied: 1568 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 151255 bytes
RecycleBin emptied: 117973514 bytes

Total Files Cleaned = 442,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 03122011_205224

Files\Folders moved on Reboot...
C:\Users\HP\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KHZTX091\ads[1].htm moved successfully.
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ET65PWMJ\96403-problem-mit-vista-darstellungseinstellung-design[1].htm moved successfully.
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\F25D52F9-6D8B-4D32-BD36-023EC134A413.dat moved successfully.
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

aber das problem ist noch nicht gelöst =(

cosinus · 13.03.2011, 14:04

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

chenju · 13.03.2011, 14:39

Hi cosinus! Danke!

hier das Ergebnis:

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-03-12.01 - HP 13.03.2011  14:15:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.1258 [GMT 1:00]
ausgeführt von:: c:\users\HP\Desktop\cofi.exe
AV: Kaspersky PURE *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky PURE *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky PURE *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HP\AppData\Local\lame_enc.dll
c:\users\HP\AppData\Local\no23xwrapper.dll
c:\users\HP\AppData\Local\ogg.dll
c:\users\HP\AppData\Local\vorbis.dll
c:\users\HP\AppData\Local\vorbisenc.dll
c:\users\HP\AppData\Local\vorbisfile.dll
c:\windows\ST6UNST.000
c:\windows\Tasks\hzvkgpej.job
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-13 bis 2011-03-13  ))))))))))))))))))))))))))))))
.
.
2011-03-13 12:20 . 2011-03-13 12:28	--------	d-----w-	c:\users\HP\AppData\Local\NPE
2011-03-13 10:28 . 2011-03-13 10:46	97859	----a-w-	c:\windows\system32\drivers\klick.dat
2011-03-13 10:28 . 2011-03-13 10:46	114243	----a-w-	c:\windows\system32\drivers\klin.dat
2011-03-13 10:27 . 2009-12-14 11:44	39352	----a-w-	c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-03-13 10:27 . 2009-12-14 11:44	88632	----a-w-	c:\windows\system32\drivers\CSCrySec.sys
2011-03-13 10:26 . 2011-03-13 10:26	--------	d-----w-	c:\program files\Common Files\InfoWatch
2011-03-13 10:26 . 2011-03-13 12:31	--------	d-----w-	c:\programdata\Kaspersky Lab
2011-03-13 10:26 . 2011-03-13 10:26	--------	d-----w-	c:\program files\Kaspersky Lab
2011-03-12 21:57 . 2011-03-12 21:57	--------	d-----w-	c:\program files\SUPERAntiSpyware
2011-03-12 20:05 . 2011-03-12 20:06	--------	d-----w-	c:\program files\TVersity Codec Pack
2011-03-12 20:05 . 2011-03-12 20:05	--------	d-----w-	c:\programdata\TVersity
2011-03-12 19:52 . 2011-03-12 19:52	--------	d-----w-	C:\_OTL
2011-03-11 18:33 . 2011-03-11 18:33	--------	d-----w-	c:\program files\Recuva
2011-03-11 15:11 . 2011-02-11 06:54	5943120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{ECB4E394-97C4-4A76-B2B9-A607A67DE3A5}\mpengine.dll
2011-03-09 16:55 . 2011-03-09 16:55	--------	d-----w-	c:\users\HP\AppData\Roaming\SimpleScreenshot
2011-03-09 16:55 . 2008-01-28 13:51	330336	----a-w-	c:\windows\SSSUn.EXE
2011-03-09 16:54 . 2011-03-09 16:55	--------	d-----w-	c:\program files\SSS
2011-03-08 23:05 . 2010-12-29 18:28	322560	----a-w-	c:\windows\system32\sbe.dll
2011-03-08 23:05 . 2010-12-29 18:28	153088	----a-w-	c:\windows\system32\sbeio.dll
2011-03-08 23:05 . 2010-12-29 18:28	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-03-08 23:05 . 2010-12-29 18:26	177664	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-08 23:05 . 2010-12-17 15:45	2067968	----a-w-	c:\windows\system32\mstscax.dll
2011-03-08 23:05 . 2010-12-17 13:54	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-03-05 23:39 . 2011-03-06 00:17	--------	d-----w-	c:\program files\ElcomSoft
2011-02-28 23:48 . 2011-03-13 13:12	--------	d-----w-	c:\users\HP\Tracing
2011-02-25 15:34 . 2011-02-25 15:34	--------	d-----w-	c:\program files\Common Files\Adobe
2011-02-24 02:00 . 2009-10-09 21:56	214016	----a-w-	c:\windows\system32\WsmWmiPl.dll
2011-02-24 02:00 . 2009-10-09 21:56	241152	----a-w-	c:\windows\system32\winrscmd.dll
2011-02-24 02:00 . 2009-10-09 21:56	145408	----a-w-	c:\windows\system32\WsmAuto.dll
2011-02-24 02:00 . 2009-10-09 21:56	1181696	----a-w-	c:\windows\system32\WsmSvc.dll
2011-02-24 02:00 . 2009-10-09 21:56	246272	----a-w-	c:\windows\system32\WSManHTTPConfig.exe
2011-02-24 02:00 . 2009-10-09 21:55	252416	----a-w-	c:\windows\system32\WSManMigrationPlugin.dll
2011-02-20 14:42 . 2011-02-27 19:01	--------	d-----w-	c:\programdata\SpeedBit
2011-02-20 14:42 . 2011-02-20 14:42	--------	d-----w-	c:\program files\SearchPredict
2011-02-20 14:42 . 1998-12-05 12:18	172032	----a-w-	c:\windows\system32\AniGIF.ocx
2011-02-20 14:42 . 2011-02-20 14:42	--------	d-----w-	c:\program files\SpeedBit Video Downloader
2011-02-20 14:20 . 2011-02-05 06:20	94208	----a-w-	c:\program files\Internet Explorer\de\iediag.resources.dll
2011-02-20 14:17 . 2011-02-20 14:17	--------	d-----w-	c:\program files\Feedback Tool
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-21 18:37 . 2009-04-22 11:49	266240	------w-	c:\windows\Setup1.exe
2011-02-21 18:37 . 2009-04-22 11:49	74752	----a-w-	c:\windows\ST6UNST.EXE
2011-02-02 20:40 . 2010-08-03 21:17	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-06 12:08	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 23:09	638336	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 23:09	478720	----a-w-	c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 23:09	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 23:09	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 23:09	1029120	----a-w-	c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 23:09	189952	----a-w-	c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 23:09	37376	----a-w-	c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 23:09	258048	----a-w-	c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 23:09	586240	----a-w-	c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 23:09	2873344	----a-w-	c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 23:09	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 23:09	209920	----a-w-	c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 23:09	98816	----a-w-	c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 23:09	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 23:09	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 23:09	667648	----a-w-	c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 23:09	847360	----a-w-	c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 23:09	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 23:09	135680	----a-w-	c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 23:09	979456	----a-w-	c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 23:09	357376	----a-w-	c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 23:09	261632	----a-w-	c:\windows\system32\mfreadwrite.dll
2011-01-20 14:14 . 2011-02-09 23:09	302592	----a-w-	c:\windows\system32\mfmp4src.dll
2011-01-20 14:12 . 2011-02-09 23:09	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 23:09	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 23:09	683008	----a-w-	c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-09 23:09	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-09 23:09	797184	----a-w-	c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-09 23:09	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 23:09	292352	----a-w-	c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 23:10	2039808	----a-w-	c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-02-08 16:09	413696	----a-w-	c:\windows\system32\odbc32.dll
2010-12-20 17:09 . 2009-03-16 16:42	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-03-16 16:42	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-14 14:49 . 2011-02-08 16:09	1169408	----a-w-	c:\windows\system32\sdclt.exe
2009-02-24 19:34 . 2009-02-24 19:34	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2011-02-20 14:42	2447360	----a-w-	c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-06-03 16:24	2736736	----a-w-	c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2009-12-25 15:42	129552	----a-w-	c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-22 12889088]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-18 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2009-12-25 340456]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 88632]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 36880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-02 721904]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 39352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ASBroker;Anmeldesitzungsbroker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance	REG_MULTI_SZ   	ASBroker ASChannel
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
MSConfigStartUp-AutoRun - c:\program files\BEWERBUNGSMASTER\UpdateCheck_BEWERBUNGSMASTER.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-13 14:31
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3732)
c:\windows\system32\APSHook.dll
c:\windows\System32\NLSLexicons0007.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-13  14:36:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-03-13 13:36
.
Vor Suchlauf: 14 Verzeichnis(se), 56.968.085.504 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 56.492.412.928 Bytes frei
.
- - End Of File - - E6F83485ADB818BCFDA01182E7781458

--- --- ---

chenju · 13.03.2011, 14:47

Ich habe gestern Abend auch mal das SUPERAntiSpyware durchlaufen lassen...

Hier die Logfile:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 03/13/2011 at 00:03 AM

Application Version : 4.49.1000

Core Rules Database Version : 6584
Trace Rules Database Version: 4396

Scan type : Complete Scan
Total Scan Time : 00:57:29

Memory items scanned : 692
Memory threats detected : 1
Registry items scanned : 8901
Registry threats detected : 23
File items scanned : 42618
File threats detected : 111

Adware.HBHelper
C:\PROGRAM FILES\SPEEDBIT VIDEO DOWNLOADER\TOOLBAR\TBHELPER.DLL
C:\PROGRAM FILES\SPEEDBIT VIDEO DOWNLOADER\TOOLBAR\TBHELPER.DLL
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
HKCR\URLSearchHook.ToolbarURLSearchHook.1
HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID
HKCR\URLSearchHook.ToolbarURLSearchHook
HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR

Adware.Tracking Cookie
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@atdmt[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@atdmt.combing[2].txt
.divx.112.2o7.net [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zanox.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
eas.apm.emediate.eu [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
eas.apm.emediate.eu [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
rotator.adjuggler.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
rotator.adjuggler.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adsrv.admediate.net [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adsrv.admediate.net [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
tracking.mlsat02.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
rotator.adjuggler.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adsrv.admediate.net [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
m1.webstats.motigo.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.euros4click.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
statse.webtrendslive.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.euros4click.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traffictrack.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traffictrack.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tto2.traffictrack.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
Google [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
Google [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserver.yopi.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserver.yopi.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserver.yopi.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ad.adition[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ads.creative-serving[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@content.yieldmanager[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@www.xxxmsncam[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@content.yieldmanager[3].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@www.moviepilot[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ad.ad-srv[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ad.adc-serv[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adfarm1.adition[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ad.yieldmanager[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ad.zanox[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ad2.adfarm1.adition[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ad3.adfarm1.adition[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adbrite[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adecn[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adtech[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adfarm1.adition[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adsrv1.admediate[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@atdmt[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adtech[3].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adviva[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adx.chip[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@apmebf[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@atdmt[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@bs.serving-sys[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@collective-media[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@doubleclick[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@countomat[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@digital-eliteboard[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@doubleclick[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@fastclick[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@eas.apm.emediate[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@im.banner.t-online[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@imrworldwide[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@invitemedia[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@kaspersky.122.2o7[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@media6degrees[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@mediabrandsww[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@mediaplex[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@moviepilot[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@paypal.112.2o7[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@revsci[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ru4[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@sega.missioncontrol.global-media[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@serving-sys[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@tracking.quisma[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@smartadserver[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@specificclick[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@statcounter[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@technoratimedia[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@tradedoubler[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@traffictrack[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@tribalfusion[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@unitymedia[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@vodafonegroup.122.2o7[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@webmasterplan[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ww251.smartadserver[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@www.etracker[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@zedo[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@xxxmsncam[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@zanox-affiliate[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@zanox[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@zbox.zanox[1].txt

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

cosinus · 13.03.2011, 18:45

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur einige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

chenju · 13.03.2011, 20:37

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-13 20:33:00
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1600BEVS-60RST0 rev.04.01G04
Running: l2ec29w6.exe; Driver: C:\Users\HP\AppData\Local\Temp\pxldipoc.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwAdjustPrivilegesToken [0x8D927BDC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwAlpcConnectPort [0x8D929538]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwAlpcCreatePort [0x8D92978E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwAlpcSendWaitReceivePort [0x8D929A08]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwClose [0x8D92845C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwConnectPort [0x8D928B3E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateEvent [0x8D928F48]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateFile [0x8D928604]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateMutant [0x8D928E20]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateNamedPipeFile [0x8D9277E2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreatePort [0x8D928CDC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateSection [0x8D92799E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateSemaphore [0x8D92907A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateSymbolicLinkObject [0x8D92ACBC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateThread [0x8D9280FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateWaitablePort [0x8D928D7E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwDebugActiveProcess [0x8D92A6AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwDuplicateObject [0x8D92B67E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwFsControlFile [0x8D92875E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwLoadDriver [0x8D92A740]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwMapViewOfSection [0x8D92AD70]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwOpenEvent [0x8D928FEA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwOpenFile [0x8D9284DE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwOpenMutant [0x8D928EB8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwOpenProcess [0x8D927DE2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwOpenSection [0x8D92ACE6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwOpenSemaphore [0x8D92911C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwOpenThread [0x8D927D06]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwQueryDirectoryObject [0x8D929C4A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwQuerySection [0x8D92B088]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwQueueApcThread [0x8D92A9D6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwReplyPort [0x8D9294A6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwReplyWaitReceivePort [0x8D92936C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwRequestWaitReplyPort [0x8D92A44E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwResumeThread [0x8D92B560]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwSecureConnectPort [0x8D928878]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwSetContextThread [0x8D928318]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwSetInformationToken [0x8D929CFE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwSetSecurityObject [0x8D92A83A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwSetSystemInformation [0x8D92B1C8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwSuspendProcess [0x8D92B2AC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwSuspendThread [0x8D92B3D4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwSystemDebugControl [0x8D92A5DA]
SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS                                                    ZwTerminateProcess [0x889DD620]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwTerminateThread [0x8D927EB0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwUnmapViewOfSection [0x8D92AF3E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwWriteVirtualMemory [0x8D92803A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateThreadEx [0x8D9281FA]

INT 0x51        ?                                                                                                     86503F00
INT 0x52        ?                                                                                                     86503F00
INT 0x72        ?                                                                                                     86503F00
INT 0x72        ?                                                                                                     86503F00
INT 0x82        ?                                                                                                     84C87BF8
INT 0x82        ?                                                                                                     84C87BF8
INT 0x82        ?                                                                                                     84C87BF8
INT 0x82        ?                                                                                                     86503F00
INT 0x82        ?                                                                                                     84C87BF8
INT 0x92        ?                                                                                                     84C87BF8
INT 0xA2        ?                                                                                                     84C87BF8
INT 0xB3        ?                                                                                                     86503F00

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 119                                                                         828C889C 4 Bytes  [DC, 7B, 92, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 13D                                                                         828C88C0 8 Bytes  [38, 95, 92, 8D, 8E, 97, 92, ...]
.text           ntkrnlpa.exe!KeSetEvent + 181                                                                         828C8904 4 Bytes  [08, 9A, 92, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 1A9                                                                         828C892C 4 Bytes  [5C, 84, 92, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 1C1                                                                         828C8944 4 Bytes  [3E, 8B, 92, 8D]
.text           ...                                                                                                   
?               System32\Drivers\spuw.sys                                                                             Das System kann den angegebenen Pfad nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                 8CDC641B 5 Bytes  JMP 865034E0 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                             [8069A6D6] \SystemRoot\System32\Drivers\spuw.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                              [8069A042] \SystemRoot\System32\Drivers\spuw.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                      [8069A800] \SystemRoot\System32\Drivers\spuw.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                             [8069A0C0] \SystemRoot\System32\Drivers\spuw.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                       [8069A13E] \SystemRoot\System32\Drivers\spuw.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                    [806A9E9C] \SystemRoot\System32\Drivers\spuw.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                 [73D77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                  [73DCA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]              [73D7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]        [73D6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                  [73D775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]               [73D6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]   [73DA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]      [73D7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]              [73D6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]               [73D6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                [73D671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]        [73DFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]           [73D9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]              [73D6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                        [73D66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                       [73D6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]          [73D72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                856201F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                               Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                  84C891F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                      86637460
Device          \Driver\usbuhci \Device\USBPDO-1                                                                      86637460
Device          \Driver\usbehci \Device\USBPDO-2                                                                      857D41F8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                      86637460
Device          \Driver\usbuhci \Device\USBPDO-4                                                                      86637460

AttachedDevice  \Driver\tdx \Device\Tcp                                                                               kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device          \Driver\usbuhci \Device\USBPDO-5                                                                      86637460
Device          \Driver\usbehci \Device\USBPDO-6                                                                      857D41F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                84C891F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{282D793E-70F8-44B9-8057-A70B0178C5BA}                              880F1500
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                84C891F8
Device          \Driver\cdrom \Device\CdRom0                                                                          866841F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                           8561E1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4                                                           8561E1F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                    8561E1F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                    8561E1F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                    8561E1F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                    8561E1F8
Device          \Driver\atapi \Device\Ide\IdePort4                                                                    8561E1F8
Device          \Driver\msahci \Device\Ide\PciIde1Channel0                                                            8561F1F8
Device          \Driver\msahci \Device\Ide\PciIde1Channel1                                                            8561F1F8
Device          \Driver\msahci \Device\Ide\PciIde1Channel2                                                            8561F1F8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                               880F1500
Device          \Driver\Smb \Device\NetbiosSmb                                                                        88148500
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                    8668C1F8

AttachedDevice  \Driver\tdx \Device\Udp                                                                               kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                             kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device          \Driver\usbuhci \Device\USBFDO-0                                                                      86637460
Device          \Driver\usbuhci \Device\USBFDO-1                                                                      86637460
Device          \Driver\usbehci \Device\USBFDO-2                                                                      857D41F8
Device          \Driver\usbuhci \Device\USBFDO-3                                                                      86637460
Device          \Driver\usbuhci \Device\USBFDO-4                                                                      86637460
Device          \Driver\usbuhci \Device\USBFDO-5                                                                      86637460
Device          \Driver\usbehci \Device\USBFDO-6                                                                      857D41F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{00B1434B-7E2A-43E8-8A94-334948CEE41E}                              880F1500
Device          \FileSystem\cdfs \Cdfs                                                                                AAC571F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                    771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                    285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                      
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)  

---- EOF - GMER 1.0.15 ----

--- --- ---

chenju · 13.03.2011, 20:48

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 20:46:00 on 13.03.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8080.16413

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Cognizance Corporation" - C:\Windows\System32\APSHook.dll
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CognizanceWS" - "Cognizance Corporation" - C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\Settings.dll
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"dtscsi" (dtscsi) - "DT Soft Ltd." - C:\Windows\System32\Drivers\dtscsi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kbdqcygg" (kbdqcygg) - ? - C:\Windows\system32\drivers\kbdqcygg.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"pxldipoc" (pxldipoc) - ? - C:\pxldipoc.sys  (Hidden registry entry, rootkit activity | File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{41E300E0-78B6-11ce-849B-444553540000} "Display Effects CPL Extension" - "Microsoft Corporation" - C:\Windows\system32\themeui.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll
<binary data> "SpeedBit Video Downloader" - ? - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
<binary data> "{965B54B0-71E0-4611-8DE7-F73FA0B20E26}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtual Keyboard" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
"PartyPoker.com" - ? - C:\Programs\PartyGaming\PartyPoker\RunApp.exe  (File not found)
"PartyPoker.net" - ? - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe  (File not found)
{CCF151D8-D089-449F-A5A4-D9909053F20F} "URLs c&heck" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll
<binary data> "SpeedBit Video Downloader" - ? - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
{FF7C3CF0-4B15-11D1-ABED-709549C10000} "GrabberObj Class" - "Speedbit Ltd." - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3017FB3E-9A77-4396-88C5-0EC9548FB42F} "SBCONVERT Class" - ? - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
{389943B0-C3A2-4E69-82CB-8596A84CB3DC} "SearchPredictObj Class" - "Speedbit Ltd." - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll
{DF21F1DB-80C6-11D3-9483-B03D0EC10000} "VeriSoft Access Manager" - "Bioscrypt Inc." - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Privoxy.lnk" - "The Privoxy team - www.privoxy.org" - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"MsnMsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"Vidalia" - ? - "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AVP" - "Kaspersky Lab" - "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe"
"CognizanceTS" - "Cognizance Corporation" - rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
"HP Health Check Scheduler" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"VeriSoft Access Manager" - "Cognizance Corporation" - C:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Anmeldesitzungsbroker" (ASBroker) - "Cognizance Corporation" - C:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll
"Com4Qlb" (Com4Qlb) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
"CryptoStorage control service" (CSObjectsSrv) - "Infowatch" - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Kaspersky PURE" (AVP) - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
"Lokaler Verbindungskanal" (ASChannel) - "Cognizance Corporation" - C:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"TVersity Media Server" (TVersityMediaServer) - ? - C:\ProgramData\TVersity\Media Server\MediaServer.exe  (File found, but it contains no detailed information)

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{8F51D94E-8B89-4844-B15C-9C049BA0F49F} "DLLName" - "Cognizance Corporation" - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItVCard.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab" - C:\Windows\system32\klogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

11.03.2011, 19:03	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Problem mit Vista Darstellungseinstellung (Design) Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes. __________________ --> Problem mit Vista Darstellungseinstellung (Design)

Problem mit Vista Darstellungseinstellung (Design)

Plagegeister aller Art und deren Bekämpfung: Problem mit Vista Darstellungseinstellung (Design)