Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   PC fährt extrem langsam hoch, Leerlaufprozess bei 98% CPU Auslastung (https://www.trojaner-board.de/103660-pc-faehrt-extrem-langsam-hoch-leerlaufprozess-98-cpu-auslastung.html)

MoThePo 25.09.2011 15:56

PC fährt extrem langsam hoch, Leerlaufprozess bei 98% CPU Auslastung
 
Hallo zusammen,

kann sich jemand mal die log Datei anschauen?
Mein Rechner fährt extrem langsam hoch, der Leerlaufprozess liegt bei 98%.

Malwarebytes kein Fund...

VIELEN DANK im Voraus!

Mfg
Moni

HTML-Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:45:26, on 25.09.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\SUPERAntiSpyware\SASCORE.EXE
C:\Acer\eManager\anbmServ.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Application Updater\ApplicationUpdater.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Acer\eRecovery\Monitor.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Acer\Acer Arcade\PCMService.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
c:\programme\avira\antivir desktop\avcenter.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\Dokumente und Einstellungen\Davide\Eigene Dateien\Downloads\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Programme\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S40.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe (User 'Default user')
O4 - Global Startup: WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2011\mshaktuell.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210758766421
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programme\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programme\Application Updater\ApplicationUpdater.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programme\WinPcap\rpcapd.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9841 bytes


cosinus 26.09.2011 11:58

Zitat:

der Leerlaufprozess liegt bei 98%.
Überleg mal was das heißt => Leerlauf bei 98%
Und nun schau dir mal in dem Zusammenhang die Gesamtauslastung des Systems an. Dann sollte es "klick" bei dir machen. :pfeiff:

Außerdem => http://www.trojaner-board.de/images/icons/icon4.gif Bitte beachten http://www.trojaner-board.de/images/icons/icon4.gif => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html

MoThePo 27.09.2011 18:50

Hallo Arne,

habe Schritt 1 durchgeführt, nach dem Neustart wurde allerdings nicht gefragt...
anbei die log Datei.

HTML-Code:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:45 on 27/09/2011 (Davide)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


MoThePo 27.09.2011 22:04

Hallo Arne,

anbei die 1.OTL-Log-Datei.

OTL Logfile:
Code:

OTL logfile created on: 27.09.2011 20:49:24 - Run 3
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Dokumente und Einstellungen\Davide\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,05 Mb Total Physical Memory | 615,20 Mb Available Physical Memory | 60,67% Memory free
2,38 Gb Paging File | 1,89 Gb Available in Paging File | 79,30% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 44,87 Gb Total Space | 3,76 Gb Free Space | 8,38% Space Free | Partition Type: NTFS
Drive D: | 45,34 Gb Total Space | 13,89 Gb Free Space | 30,64% Space Free | Partition Type: FAT32
 
Computer Name: DAVID | User Name: Davide | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Davide\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Acer\eRecovery\Monitor.exe (acer Inc.)
PRC - C:\Acer\ePM\epm-dm.exe (Acer Inc)
PRC - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe ()
PRC - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Programme\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
PRC - C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe (Cyberlink)
PRC - C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\ICQLite\ICQLiteShell.dll ()
MOD - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe ()
MOD - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe ()
MOD - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) --  File not found
SRV - (HidServ) --  File not found
SRV - (AppMgmt) --  File not found
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (anbmService) -- C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\WINDOWS\system32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- C:\WINDOWS\system32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\WINDOWS\system32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation)
DRV - (SLEE_14_DRIVER) -- C:\WINDOWS\system32\drivers\sleen14.sys (Softwareentwicklung Remus - ArchiCrypt )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider)
DRV - (int15.sys) -- C:\Programme\Acer\eRecovery\int15.sys ()
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)
DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The OpenVPN Project)
DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\WINDOWS\system32\drivers\lvcd.sys (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://de.search.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://de.search.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.07 18:55:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.18 10:14:08 | 000,000,000 | ---D | M]
 
[2010.12.30 19:52:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Mozilla\Extensions
[2011.09.27 19:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Mozilla\Firefox\Profiles\34vhjdd8.default\extensions
[2011.01.02 22:24:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Mozilla\Firefox\Profiles\34vhjdd8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.14 21:36:44 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Mozilla\Firefox\Profiles\34vhjdd8.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2011.08.27 12:51:15 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Mozilla\Firefox\Profiles\34vhjdd8.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.12.30 16:45:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Mozilla\Firefox\Profiles\34vhjdd8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.27 19:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Mozilla\Firefox\Profiles\34vhjdd8.default\extensions\staged
[2011.08.31 18:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.15 21:54:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.08.31 18:15:43 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM
[2008.12.13 11:59:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.08.31 18:15:44 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAMME\PDFFORGE TOOLBAR\FF
[2011.09.07 18:55:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.21 21:35:15 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.21 21:35:15 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.06.21 21:35:15 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.21 21:35:15 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.21 21:35:14 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.21 21:35:14 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.30 21:33:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\ePM\epm-dm.exe (Acer Inc)
O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [eRecoveryService] C:\Programme\Acer\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Programme\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2011\mshaktuell.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210758766421 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B609F86B-10E2-4A5B-942F-9E2400C49712}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.08.24 07:54:32 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {98854BA6-325E-4D6C-F7A3-F1CD88C3DB15} - Viewpoint Media Player
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{B21AAF69-92EC-4995-A522-25789E9E66A9} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat - Schnellstart.lnk -  - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Programme\TomTom HOME\TomTomHOME.exe (TomTom)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.27 19:51:29 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Davide\Desktop\OTL.exe
[2011.09.21 20:40:08 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Davide\Recent
[2011.09.16 18:11:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.09.03 12:17:13 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011.08.31 18:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Search Settings
[2011.08.31 18:15:43 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2011.08.31 18:15:42 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot
[2011.08.31 18:15:42 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar
[50 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[45 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.27 20:04:42 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.09.27 19:51:39 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Davide\Desktop\OTL.exe
[2011.09.27 19:38:22 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Davide\defogger_reenable
[2011.09.27 19:37:29 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Davide\Desktop\Defogger.exe
[2011.09.27 19:16:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011.09.27 19:12:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.09.27 19:11:47 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.27 19:06:10 | 000,033,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Davide\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.27 18:47:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.09.27 18:30:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.09.21 20:36:13 | 000,000,658 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2011.09.16 21:27:02 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.16 19:26:35 | 000,437,178 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.09.16 19:26:35 | 000,069,404 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.09.16 19:26:34 | 000,454,224 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.09.16 19:26:34 | 000,082,620 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.09.16 17:34:43 | 000,001,713 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011.09.09 11:11:59 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[50 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[45 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.27 19:38:22 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Davide\defogger_reenable
[2011.09.27 19:37:28 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Davide\Desktop\Defogger.exe
[2011.04.16 00:51:40 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.02.27 23:49:02 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.02.01 12:38:38 | 000,000,620 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2010.12.30 19:13:43 | 000,001,618 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2010.12.30 18:37:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.12.30 18:37:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.12.30 18:37:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.12.30 18:37:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.12.30 18:37:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.08.17 22:40:10 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010.01.22 20:17:36 | 000,022,075 | ---- | C] () -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR
[2009.11.27 22:39:31 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008.07.29 19:23:02 | 000,000,077 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2008.05.23 08:22:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.05.23 08:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.03.28 18:12:11 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.03.28 18:12:11 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008.03.28 18:12:11 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008.03.28 18:12:10 | 003,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.03.12 14:16:37 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2007.10.21 23:46:23 | 000,021,431 | ---- | C] () -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\mdb.bin
[2007.03.01 16:02:01 | 000,092,240 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007.03.01 16:02:01 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007.03.01 16:02:01 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007.03.01 16:02:01 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007.03.01 16:02:01 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007.03.01 16:02:01 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007.03.01 16:02:01 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007.03.01 16:02:01 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007.03.01 16:02:01 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007.03.01 16:02:01 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007.03.01 16:02:01 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007.03.01 16:02:01 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007.03.01 16:02:01 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007.03.01 16:02:01 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007.03.01 16:02:01 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007.03.01 16:02:01 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007.03.01 16:02:01 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007.03.01 15:43:50 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX3800G.ini
[2006.08.30 15:01:19 | 000,008,802 | R--- | C] () -- C:\WINDOWS\AmvTransform.ini
[2006.08.30 15:01:19 | 000,007,763 | R--- | C] () -- C:\WINDOWS\AmvPlayer.ini
[2006.08.30 14:59:01 | 000,005,870 | R--- | C] () -- C:\WINDOWS\GenAmvTool.INI
[2006.08.30 14:59:00 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006.08.30 14:59:00 | 000,006,565 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006.08.30 14:59:00 | 000,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2006.07.12 16:07:17 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2006.03.05 18:56:38 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006.03.05 18:56:31 | 000,003,287 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006.02.28 11:02:09 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2006.02.28 11:02:09 | 000,017,867 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2006.02.25 18:32:37 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006.02.24 11:50:43 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.02.23 03:25:28 | 000,005,993 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006.02.23 03:14:13 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2006.02.23 03:11:43 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2006.01.30 06:05:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.01.23 23:32:58 | 000,033,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Davide\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.01.22 00:28:24 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.01.21 01:59:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006.01.21 01:57:48 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ALAUNCH.INI
[2006.01.21 01:54:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2005.08.24 12:53:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005.08.24 12:33:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.08.24 12:16:44 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005.08.24 12:16:43 | 000,000,222 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
[2005.08.24 07:54:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005.08.24 07:54:42 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2005.08.24 07:54:00 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005.08.24 07:54:00 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005.08.24 07:54:00 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005.08.24 07:54:00 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005.08.24 07:48:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005.08.24 07:42:15 | 000,114,688 | ---- | C] () -- C:\WINDOWS\PowerOption.exe
[2005.08.24 07:42:15 | 000,000,750 | ---- | C] () -- C:\WINDOWS\PowerOption.ini
[2005.08.24 07:41:50 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2005.08.24 07:40:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.08.24 07:35:49 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005.08.24 07:34:41 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005.08.24 07:30:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.08.24 07:29:50 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.08.24 07:24:43 | 000,454,224 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2005.08.24 07:24:43 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2005.08.24 07:24:43 | 000,082,620 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2005.08.24 07:24:43 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2005.08.24 07:24:26 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005.08.24 07:24:23 | 000,437,178 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005.08.24 07:24:23 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005.08.24 07:24:23 | 000,069,404 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005.08.24 07:24:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005.08.24 07:24:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005.08.24 07:24:20 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005.08.24 07:24:17 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005.08.24 07:24:13 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005.08.24 07:24:12 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005.08.24 07:24:04 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005.08.24 07:23:51 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005.08.09 21:34:56 | 000,002,772 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[2004.08.25 21:48:00 | 000,589,824 | ---- | C] () -- C:\WINDOWS\ANTIV.EXE
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.04.01 19:45:50 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[2001.12.26 17:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.04 00:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001.06.29 03:21:22 | 000,126,976 | ---- | C] () -- C:\WINDOWS\MKICON.EXE
[1999.01.27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997.06.13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.08.06 01:14:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\!SASCORE
[2011.02.01 12:36:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2007.03.03 18:38:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2011.02.02 16:52:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2010.09.29 18:37:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gadu-Gadu 10
[2007.09.23 15:05:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2009.02.08 21:52:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NtiDvdCopy
[2007.03.01 16:08:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2010.05.25 01:49:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.14 20:08:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.08.08 19:32:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011.02.01 12:37:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Buhl Data Service
[2008.03.31 18:18:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\cbuenger
[2010.08.17 21:58:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\CheckPoint
[2007.06.01 09:37:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Design Science
[2010.12.30 16:45:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\DVDVideoSoftIEHelpers
[2007.03.06 19:30:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\EPSON
[2010.09.29 18:39:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Gadu-Gadu 10
[2006.02.24 20:23:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\ICQ
[2006.12.06 15:30:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\ICQ Toolbar
[2006.02.27 17:08:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\ICQLite
[2006.03.14 05:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Leadertech
[2011.04.16 06:47:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\pdfforge
[2011.08.31 18:15:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Search Settings
[2008.11.14 23:28:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2006.01.21 01:51:24 | 000,000,000 | ---D | M] -- C:\Acer
[2005.07.08 11:17:26 | 000,000,000 | ---D | M] -- C:\Book
[2008.05.11 16:01:44 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2010.12.30 21:28:32 | 000,000,000 | ---D | M] -- C:\cofi.exe
[2011.09.16 19:16:17 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.02.28 12:29:50 | 000,000,000 | ---D | M] -- C:\Converted Music
[2008.03.28 18:12:32 | 000,000,000 | ---D | M] -- C:\ConverterOutput
[2005.08.24 07:29:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2004.08.04 06:00:00 | 000,000,000 | ---D | M] -- C:\dotnetfx
[2008.04.06 13:53:36 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2007.09.26 17:52:32 | 000,000,000 | ---D | M] -- C:\FFW
[2008.03.20 13:27:34 | 000,000,000 | ---D | M] -- C:\FOUND.000
[2008.04.08 15:06:32 | 000,000,000 | ---D | M] -- C:\FOUND.001
[2008.09.15 04:18:40 | 000,000,000 | ---D | M] -- C:\FOUND.002
[2008.11.18 18:49:30 | 000,000,000 | ---D | M] -- C:\FOUND.003
[2010.01.08 18:53:38 | 000,000,000 | ---D | M] -- C:\FOUND.004
[2010.03.28 23:02:54 | 000,000,000 | ---D | M] -- C:\FOUND.005
[2011.08.11 23:02:17 | 000,000,000 | ---D | M] -- C:\i386
[2005.08.24 12:54:48 | 000,000,000 | ---D | M] -- C:\My Music
[2005.08.24 12:06:32 | 000,000,000 | ---D | M] -- C:\MyWorks
[2006.02.23 03:11:34 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.08.31 18:15:43 | 000,000,000 | R--D | M] -- C:\Programme
[2010.12.30 18:29:18 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.12.30 23:07:02 | 000,000,000 | -HSD | M] -- C:\Recycled
[2010.12.30 23:24:31 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.12.29 18:35:56 | 000,000,000 | ---D | M] -- C:\rsit
[2005.07.08 11:17:26 | 000,000,000 | ---D | M] -- C:\Sysinfo
[2010.12.30 21:02:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2006.02.28 01:55:48 | 000,000,000 | ---D | M] -- C:\Temp
[2006.01.22 00:59:16 | 000,000,000 | ---D | M] -- C:\UnZipper
[2007.02.21 15:51:50 | 000,000,000 | ---D | M] -- C:\USB_DR
[2007.02.21 15:38:52 | 000,000,000 | ---D | M] -- C:\USB_DRV
[2004.08.04 06:00:00 | 000,000,000 | ---D | M] -- C:\VALUEADD
[2011.09.22 20:19:42 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[50 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 06:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 16:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 12:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 12:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 12:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 16:21:46 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2004.08.04 06:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 12:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 12:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 12:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 12:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 12:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 06:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 06:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 12:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 12:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 12:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-16 16:12:46

< End of report >

--- --- ---


2.Log Datei
OTL Logfile:
Code:

OTL Extras logfile created on: 27.09.2011 20:49:24 - Run 3
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Dokumente und Einstellungen\Davide\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,05 Mb Total Physical Memory | 615,20 Mb Available Physical Memory | 60,67% Memory free
2,38 Gb Paging File | 1,89 Gb Available in Paging File | 79,30% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 44,87 Gb Total Space | 3,76 Gb Free Space | 8,38% Space Free | Partition Type: NTFS
Drive D: | 45,34 Gb Total Space | 13,89 Gb Free Space | 30,64% Space Free | Partition Type: FAT32
 
Computer Name: DAVID | User Name: Davide | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Acer\Acer Arcade\PCMService.exe" = C:\Programme\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\WINDOWS\System32\dpvsetup.exe" = C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- (ICQ Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer 2011
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{43DDC07F-2867-4407-B4FF-28EB7BA6A846}" = Steganos Live Encryption Engine 14
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePowerManagement
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Project Professional 2002
"{90AB0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1
"{90AC0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 2
"{90AD0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNetManagement
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE325D55-FCAF-4273-BB79-069BB8747270}" = TomTom HOME
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3D7915D-6B42-49FA-9FC8-5020479A6A57}" = Nero Reloaded PlugIn Pack 2.0.4 by GEAR
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025008F" = HDAUDIO Soft Voice Modem with SmartCP
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305
"Gadu-Gadu 10" = Gadu-Gadu 10
"ICQLite" = ICQ 5.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"LIDL Fotoservice_is1" = LIDL Fotoservice
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel(R) PROSet/Wireless Software
"QcDrv" = Logitech® Camera-Treiber
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.09.2011 13:01:31 | Computer Name = DAVID | Source = COM+ | ID = 135894
Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen
instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr)

Serveranwendungs-ID:
 {02D4B3F1-FD88-11D1-960D-00805FC79235}  Serveranwendungsinstanz-ID:  {5C2D9081-6668-4BF6-84AA-A5FE2BAA19B4}
Serveranwendungsname:
 System Application  Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet.
Fehlercode
 = 0x8000ffff: Schwerwiegender Fehler  COM+-Dienste - interne Informationen:  Datei:
 f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000  Dateiversion
 von 'Comsvcs.dll': ENU 2001.12.4414.702 s
 
Error - 27.09.2011 13:02:32 | Computer Name = DAVID | Source = COM+ | ID = 135894
Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen
instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr)

Serveranwendungs-ID:
 {02D4B3F1-FD88-11D1-960D-00805FC79235}  Serveranwendungsinstanz-ID:  {BECFC279-B095-4C3D-A264-A68ACAA9C159}
Serveranwendungsname:
 System Application  Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet.
Fehlercode
 = 0x8000ffff: Schwerwiegender Fehler  COM+-Dienste - interne Informationen:  Datei:
 f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000  Dateiversion
 von 'Comsvcs.dll': ENU 2001.12.4414.702 s
 
Error - 27.09.2011 13:03:51 | Computer Name = DAVID | Source = COM+ | ID = 135894
Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen
instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr)

Serveranwendungs-ID:
 {02D4B3F1-FD88-11D1-960D-00805FC79235}  Serveranwendungsinstanz-ID:  {ADA321A5-4009-4B25-918A-C1D1F73B61C4}
Serveranwendungsname:
 System Application  Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet.
Fehlercode
 = 0x8000ffff: Schwerwiegender Fehler  COM+-Dienste - interne Informationen:  Datei:
 f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000  Dateiversion
 von 'Comsvcs.dll': ENU 2001.12.4414.702 s
 
Error - 27.09.2011 13:04:07 | Computer Name = DAVID | Source = COM+ | ID = 135894
Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen
instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr)

Serveranwendungs-ID:
 {02D4B3F1-FD88-11D1-960D-00805FC79235}  Serveranwendungsinstanz-ID:  {1AC3E509-0BEB-41AD-93CC-A593EE92B61D}
Serveranwendungsname:
 System Application  Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet.
Fehlercode
 = 0x8000ffff: Schwerwiegender Fehler  COM+-Dienste - interne Informationen:  Datei:
 f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000  Dateiversion
 von 'Comsvcs.dll': ENU 2001.12.4414.702 s
 
Error - 27.09.2011 13:10:17 | Computer Name = DAVID | Source = COM+ | ID = 135894
Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen
instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr)

Serveranwendungs-ID:
 {02D4B3F1-FD88-11D1-960D-00805FC79235}  Serveranwendungsinstanz-ID:  {6EA5BA95-E962-4A0A-977A-21746B256CDB}
Serveranwendungsname:
 System Application  Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet.
Fehlercode
 = 0x8000ffff: Schwerwiegender Fehler  COM+-Dienste - interne Informationen:  Datei:
 f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000  Dateiversion
 von 'Comsvcs.dll': ENU 2001.12.4414.702 s
 
Error - 27.09.2011 13:10:17 | Computer Name = DAVID | Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
 Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
 wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
 die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
 in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80080005: InitEventCollector
 fail
 
Error - 27.09.2011 13:10:17 | Computer Name = DAVID | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005] ist ein Fehler aufgetreten.
 
Error - 27.09.2011 13:10:22 | Computer Name = DAVID | Source = COM+ | ID = 135894
Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen
instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr)

Serveranwendungs-ID:
 {02D4B3F1-FD88-11D1-960D-00805FC79235}  Serveranwendungsinstanz-ID:  {A53C2499-4166-4391-A4C3-E423363AFC84}
Serveranwendungsname:
 System Application  Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet.
Fehlercode
 = 0x8000ffff: Schwerwiegender Fehler  COM+-Dienste - interne Informationen:  Datei:
 f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000  Dateiversion
 von 'Comsvcs.dll': ENU 2001.12.4414.702 s
 
Error - 27.09.2011 13:18:26 | Computer Name = DAVID | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 27.09.2011 13:29:35 | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 6.0.2.4262, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 27.09.2011 13:03:52 | Computer Name = DAVID | Source = Service Control Manager | ID = 7031
Description = Der Dienst "COM+-Systemanwendung" wurde unerwartet beendet. Dies ist
 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 27.09.2011 13:04:08 | Computer Name = DAVID | Source = Service Control Manager | ID = 7034
Description = Dienst "COM+-Systemanwendung" wurde unerwartet beendet. Dies ist bereits
 3 Mal passiert.
 
Error - 27.09.2011 13:10:21 | Computer Name = DAVID | Source = Service Control Manager | ID = 7031
Description = Der Dienst "COM+-Systemanwendung" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 27.09.2011 13:10:22 | Computer Name = DAVID | Source = Service Control Manager | ID = 7034
Description = Dienst "MS Software Shadow Copy Provider" wurde unerwartet beendet.
 Dies ist bereits 2 Mal passiert.
 
Error - 27.09.2011 13:10:23 | Computer Name = DAVID | Source = Service Control Manager | ID = 7031
Description = Der Dienst "COM+-Systemanwendung" wurde unerwartet beendet. Dies ist
 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 27.09.2011 13:15:12 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
Error - 27.09.2011 13:17:47 | Computer Name = DAVID | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
 
Error - 27.09.2011 13:17:47 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 27.09.2011 13:18:26 | Computer Name = DAVID | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
 
Error - 27.09.2011 13:18:26 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
 
< End of report >

--- --- ---


GMER
GMER Logfile:
Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-27 22:50:10
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 TOSHIBA_MK1031GAS rev.AA204A
Running: wm9rglxs.exe; Driver: C:\DOKUME~1\Davide\LOKALE~1\Temp\pgldapod.sys


---- System - GMER 1.0.15 ----

SSDT            F7B0E376                                                                                                  ZwCreateKey
SSDT            F7B0E36C                                                                                                  ZwCreateThread
SSDT            F7B0E37B                                                                                                  ZwDeleteKey
SSDT            F7B0E385                                                                                                  ZwDeleteValueKey
SSDT            F7B0E38A                                                                                                  ZwLoadKey
SSDT            F7B0E358                                                                                                  ZwOpenProcess
SSDT            F7B0E35D                                                                                                  ZwOpenThread
SSDT            F7B0E394                                                                                                  ZwReplaceKey
SSDT            F7B0E38F                                                                                                  ZwRestoreKey
SSDT            F7B0E380                                                                                                  ZwSetValueKey
SSDT            \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)  ZwTerminateProcess [0xAA006640]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                    SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                    SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                  fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

--- --- ---


Was kann ich als nächstes tun?

DANKE!!!

Gruß
Moni

cosinus 27.09.2011 22:34

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


MoThePo 29.09.2011 06:05

Hallo Arne,

anbei die neuste LOG Datei von Malware sowie 2 ältere.

HTML-Code:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7818

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

28.09.2011 23:47:04
mbam-log-2011-09-28 (23-47-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 246323
Laufzeit: 5 Stunde(n), 17 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


HTML-Code:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7729

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

16.09.2011 22:29:49
mbam-log-2011-09-16 (22-29-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 245137
Laufzeit: 1 Stunde(n), 1 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

HTML-Code:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7621

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

31.08.2011 21:36:12
mbam-log-2011-08-31 (21-36-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 252708
Laufzeit: 1 Stunde(n), 21 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\programme\gemeinsame dateien\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programme\gemeinsame dateien\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.
c:\programme\pdfforge toolbar\IE\4.6\pdfforgetoolbarie.dll (PUP.Dealio.TB) -> Quarantined and deleted successfully.
c:\programme\gemeinsame dateien\Spigot\wtxpcom\components\widgitoolbarff.dll.5 (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\programme\gemeinsame dateien\Spigot\wtxpcom\components\widgitoolbarff.dll.6 (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8aeb2247-8163-4a3e-8912-821f95b85c3a}\RP965\A0185396.rbf (PUP.Dealio.TB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8aeb2247-8163-4a3e-8912-821f95b85c3a}\RP987\A0187264.rbf (PUP.Dealio.TB) -> Quarantined and deleted successfully.

Eset lasse ich später laufe...

Gruß
Moni

MoThePo 30.09.2011 06:13

Hallo Arne,

anbei die Log Datei von ESET.

HTML-Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=e7211f8245d65341bf1c892d9361b559
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-30 02:07:54
# local_time=2011-09-30 04:07:54 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 106906126 106906126 0 0
# compatibility_mode=1797 16775129 100 100 185418 92219404 177737 0
# compatibility_mode=8192 67108863 100 0 2252 2252 0 0
# scanned=81756
# found=3
# cleaned=0
# scan_time=22041
C:\Programme\Application Updater\ApplicationUpdater.exe        probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
${Memory}        a variant of Win32/Adware.Toolbar.Dealio application        00000000000000000000000000000000        I

Wie gehts nun weiter?
Danke für deine Hilfe.

Gruß
Moni

cosinus 30.09.2011 08:59

Zitat:

Leerlaufprozess bei 98% CPU Auslastung
Was das bedeutet weiß du mittlerweile?
Leerlauf bei x% => Auslastung des Systems wäre dann (100-x)%

In deinem Fall wäre die Gesamtauslastung bei mikirgen 2%, da der Recher zu 98% ist Leerlauf ist.




Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:

:OTL
PRC - C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://de.search.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://de.search.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
[2011.08.27 12:51:15 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Mozilla\Firefox\Profiles\34vhjdd8.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.12.30 16:45:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Mozilla\Firefox\Profiles\34vhjdd8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.31 18:15:44 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAMME\PDFFORGE TOOLBAR\FF
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
[2011.08.31 18:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Search Settings
[2011.08.31 18:15:43 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2011.08.31 18:15:42 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot
[2011.08.31 18:15:42 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar
[2008.03.20 13:27:34 | 000,000,000 | ---D | M] -- C:\FOUND.000
[2008.04.08 15:06:32 | 000,000,000 | ---D | M] -- C:\FOUND.001
[2008.09.15 04:18:40 | 000,000,000 | ---D | M] -- C:\FOUND.002
[2008.11.18 18:49:30 | 000,000,000 | ---D | M] -- C:\FOUND.003
[2010.01.08 18:53:38 | 000,000,000 | ---D | M] -- C:\FOUND.004
[2010.03.28 23:02:54 | 000,000,000 | ---D | M] -- C:\FOUND.005
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

MoThePo 30.09.2011 17:11

Hallo Arne,

so ungefähr habe ich das mit der Auslastung gemeint ;-)

Anbei die Log Datei

HTML-Code:

All processes killed
========== OTL ==========
No active process named SearchSettings.exe was found!
No active process named ApplicationUpdater.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Programme\DVDVideoSoftTB\tbDVDV.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Prefs.js: "chr-greentree_ff&type=827316" removed from browser.search.param.yahoo-fr
Prefs.js: "www.google.de" removed from browser.startup.homepage
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: "chrome://browser-region/locale/region.properties" removed from keyword.URL
Folder C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Mozilla\Firefox\Profiles\34vhjdd8.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Mozilla\Firefox\Profiles\34vhjdd8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Mozilla\Firefox\Profiles\34vhjdd8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\PROGRAMME\PDFFORGE TOOLBAR\FF\chrome\skin folder moved successfully.
C:\PROGRAMME\PDFFORGE TOOLBAR\FF\chrome\locale\EN-US folder moved successfully.
C:\PROGRAMME\PDFFORGE TOOLBAR\FF\chrome\locale folder moved successfully.
C:\PROGRAMME\PDFFORGE TOOLBAR\FF\chrome\content folder moved successfully.
C:\PROGRAMME\PDFFORGE TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAMME\PDFFORGE TOOLBAR\FF folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Search Settings\temp folder moved successfully.
C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Search Settings\res folder moved successfully.
C:\Dokumente und Einstellungen\Davide\Anwendungsdaten\Search Settings folder moved successfully.
C:\Programme\Application Updater folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Res folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot folder moved successfully.
C:\Programme\pdfforge Toolbar\Res folder moved successfully.
C:\Programme\pdfforge Toolbar\IE\4.6 folder moved successfully.
C:\Programme\pdfforge Toolbar\IE folder moved successfully.
C:\Programme\pdfforge Toolbar folder moved successfully.
C:\FOUND.000 folder moved successfully.
C:\FOUND.001 folder moved successfully.
C:\FOUND.002 folder moved successfully.
C:\FOUND.003 folder moved successfully.
C:\FOUND.004 folder moved successfully.
C:\FOUND.005 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Moni
->Temp folder emptied: 4085911 bytes
->Temporary Internet Files folder emptied: 12406414 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 186196510 bytes
->Flash cache emptied: 2466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8220317 bytes
->Flash cache emptied: 1692 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112094 bytes
->Flash cache emptied: 819 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 21350314 bytes
%systemroot%\System32\dllcache .tmp files removed: 18800640 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 240,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.29.1 log created on 09302011_174847

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Was muss ich nun machen?

Vielen DANK ARNE!

Gruß
Moni

cosinus 30.09.2011 18:22

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

MoThePo 30.09.2011 23:07

Hallo Arne,

habe das Programm laufen lassen. Nach dem Durchlauf habe ich allerdings zuvor-eilig die 14 gefundenen threats als "delete" markiert. Den Rechner habe ich nochmals neu starten lassen. Jetzt kann ich nur noch die log file mit 0 threats posten...sorry!!!

HTML-Code:

23:58:04.0453 1936        TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
23:58:05.0468 1936        ============================================================
23:58:05.0468 1936        Current date / time: 2011/09/30 23:58:05.0468
23:58:05.0468 1936        SystemInfo:
23:58:05.0468 1936       
23:58:05.0468 1936        OS Version: 5.1.2600 ServicePack: 3.0
23:58:05.0468 1936        Product type: Workstation
23:58:05.0468 1936        ComputerName: DAVID
23:58:05.0468 1936        UserName: Davide
23:58:05.0468 1936        Windows directory: C:\WINDOWS
23:58:05.0468 1936        System windows directory: C:\WINDOWS
23:58:05.0468 1936        Processor architecture: Intel x86
23:58:05.0468 1936        Number of processors: 1
23:58:05.0468 1936        Page size: 0x1000
23:58:05.0468 1936        Boot type: Normal boot
23:58:05.0468 1936        ============================================================
23:58:08.0781 1936        Initialize success
23:58:22.0031 0204        ============================================================
23:58:22.0031 0204        Scan started
23:58:22.0031 0204        Mode: Manual;
23:58:22.0031 0204        ============================================================
23:58:23.0593 0204        Abiosdsk - ok
23:58:24.0140 0204        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:58:24.0171 0204        abp480n5 - ok
23:58:25.0156 0204        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:58:25.0500 0204        ACPI - ok
23:58:25.0937 0204        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:58:25.0953 0204        ACPIEC - ok
23:58:26.0750 0204        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:58:26.0812 0204        adpu160m - ok
23:58:27.0890 0204        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:58:28.0296 0204        aec - ok
23:58:31.0093 0204        AFD            (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
23:58:31.0250 0204        AFD - ok
23:58:33.0437 0204        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:58:33.0937 0204        agp440 - ok
23:58:36.0171 0204        agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:58:37.0234 0204        agpCPQ - ok
23:58:39.0921 0204        Aha154x        (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:58:40.0671 0204        Aha154x - ok
23:58:42.0968 0204        aic78u2        (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:58:43.0687 0204        aic78u2 - ok
23:58:45.0734 0204        aic78xx        (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:58:46.0265 0204        aic78xx - ok
23:58:47.0843 0204        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:58:48.0343 0204        AliIde - ok
23:58:49.0812 0204        alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:58:50.0390 0204        alim1541 - ok
23:58:51.0093 0204        amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:58:51.0390 0204        amdagp - ok
23:58:51.0921 0204        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
23:58:51.0937 0204        amsint - ok
23:58:52.0968 0204        asc            (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
23:58:53.0046 0204        asc - ok
23:58:54.0203 0204        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:58:54.0250 0204        asc3350p - ok
23:58:54.0906 0204        asc3550        (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:58:54.0921 0204        asc3550 - ok
23:58:55.0625 0204        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:58:55.0625 0204        AsyncMac - ok
23:58:56.0140 0204        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:58:56.0140 0204        atapi - ok
23:58:56.0859 0204        Atdisk - ok
23:58:57.0328 0204        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:58:57.0765 0204        Atmarpc - ok
23:58:58.0343 0204        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:58:58.0390 0204        audstub - ok
23:58:59.0171 0204        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
23:58:59.0187 0204        avgio - ok
23:59:00.0281 0204        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:59:00.0390 0204        avgntflt - ok
23:59:01.0234 0204        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:59:01.0328 0204        avipbb - ok
23:59:02.0062 0204        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:59:02.0078 0204        Beep - ok
23:59:02.0093 0204        catchme - ok
23:59:02.0890 0204        cbidf          (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:59:02.0906 0204        cbidf - ok
23:59:03.0328 0204        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:59:03.0328 0204        cbidf2k - ok
23:59:04.0093 0204        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:59:04.0140 0204        CCDECODE - ok
23:59:05.0078 0204        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:59:05.0156 0204        cd20xrnt - ok
23:59:06.0078 0204        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:59:06.0093 0204        Cdaudio - ok
23:59:06.0578 0204        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:59:06.0609 0204        Cdfs - ok
23:59:07.0343 0204        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:59:07.0390 0204        Cdrom - ok
23:59:08.0046 0204        Changer - ok
23:59:08.0500 0204        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:59:08.0515 0204        CmBatt - ok
23:59:09.0234 0204        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:59:09.0250 0204        CmdIde - ok
23:59:09.0703 0204        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:59:09.0718 0204        Compbatt - ok
23:59:10.0437 0204        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:59:10.0453 0204        Cpqarray - ok
23:59:11.0015 0204        dac2w2k        (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:59:11.0140 0204        dac2w2k - ok
23:59:11.0828 0204        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:59:11.0843 0204        dac960nt - ok
23:59:12.0515 0204        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:59:12.0562 0204        Disk - ok
23:59:13.0796 0204        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
23:59:14.0281 0204        dmboot - ok
23:59:15.0062 0204        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
23:59:15.0156 0204        dmio - ok
23:59:15.0843 0204        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:59:15.0843 0204        dmload - ok
23:59:16.0312 0204        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:59:16.0359 0204        DMusic - ok
23:59:17.0125 0204        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:59:17.0140 0204        dpti2o - ok
23:59:17.0812 0204        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:59:17.0828 0204        drmkaud - ok
23:59:18.0406 0204        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:59:18.0500 0204        Fastfat - ok
23:59:19.0203 0204        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:59:19.0250 0204        Fdc - ok
23:59:19.0968 0204        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
23:59:20.0000 0204        Fips - ok
23:59:20.0453 0204        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:59:20.0468 0204        Flpydisk - ok
23:59:21.0218 0204        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:59:21.0312 0204        FltMgr - ok
23:59:22.0234 0204        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:59:22.0312 0204        Fs_Rec - ok
23:59:24.0046 0204        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:59:24.0375 0204        Ftdisk - ok
23:59:25.0859 0204        GEARAspiWDM    (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:59:26.0265 0204        GEARAspiWDM - ok
23:59:27.0718 0204        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:59:27.0875 0204        Gpc - ok
23:59:30.0265 0204        HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
23:59:30.0531 0204        HdAudAddService - ok
23:59:32.0093 0204        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:59:32.0406 0204        HDAudBus - ok
23:59:34.0437 0204        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:59:34.0703 0204        HidUsb - ok
23:59:36.0218 0204        hpn            (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
23:59:36.0406 0204        hpn - ok
23:59:38.0546 0204        HSFHWAZL        (aedb219413121f3aefce69e564239a53) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
23:59:38.0671 0204        HSFHWAZL - ok
23:59:41.0093 0204        HSF_DPV        (5e49b0dbe883f3473bc9916b5551859a) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:59:42.0000 0204        HSF_DPV - ok
23:59:42.0921 0204        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:59:43.0078 0204        HTTP - ok
23:59:43.0750 0204        i2omgmt        (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
23:59:43.0750 0204        i2omgmt - ok
23:59:44.0187 0204        i2omp          (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:59:44.0218 0204        i2omp - ok
23:59:44.0921 0204        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:59:44.0953 0204        i8042prt - ok
23:59:46.0328 0204        ialm            (4007984827e19e6a5b6faf8532eaefba) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:59:47.0203 0204        ialm - ok
23:59:48.0015 0204        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:59:48.0046 0204        Imapi - ok
23:59:48.0453 0204        InCDFs - ok
23:59:49.0109 0204        InCDPass - ok
23:59:49.0515 0204        InCDRm - ok
23:59:50.0265 0204        ini910u        (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:59:50.0343 0204        ini910u - ok
23:59:50.0531 0204        int15.sys      (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Programme\Acer\eRecovery\int15.sys
23:59:50.0578 0204        int15.sys - ok
23:59:56.0031 0204        IntcAzAudAddService (8443479648f804445e9dafef0f219231) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:59:59.0500 0204        IntcAzAudAddService - ok
00:00:00.0437 0204        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:00:00.0437 0204        IntelIde - ok
00:00:00.0890 0204        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:00:00.0921 0204        intelppm - ok
00:00:01.0625 0204        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:00:01.0656 0204        Ip6Fw - ok
00:00:02.0093 0204        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:00:02.0359 0204        IpFilterDriver - ok
00:00:02.0812 0204        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:00:02.0828 0204        IpInIp - ok
00:00:03.0609 0204        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:00:03.0703 0204        IpNat - ok
00:00:04.0328 0204        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:00:04.0375 0204        IPSec - ok
00:00:05.0187 0204        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:00:05.0203 0204        IRENUM - ok
00:00:05.0921 0204        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:00:05.0953 0204        isapnp - ok
00:00:06.0421 0204        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:00:06.0453 0204        Kbdclass - ok
00:00:07.0281 0204        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:00:07.0406 0204        kmixer - ok
00:00:08.0203 0204        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:00:08.0265 0204        KSecDD - ok
00:00:08.0765 0204        Lbd            (713cd5267abfb86fe90a72e384e82a38) C:\WINDOWS\system32\DRIVERS\Lbd.sys
00:00:09.0156 0204        Lbd - ok
00:00:09.0562 0204        lbrtfdc - ok
00:00:10.0281 0204        LVUSBSta        (a730fc8671a60666d6e877c544dd7cd4) C:\WINDOWS\system32\drivers\lvusbsta.sys
00:00:10.0312 0204        LVUSBSta - ok
00:00:10.0781 0204        mdmxsdk        (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:00:10.0796 0204        mdmxsdk - ok
00:00:11.0562 0204        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:00:11.0562 0204        mnmdd - ok
00:00:12.0343 0204        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
00:00:12.0468 0204        Modem - ok
00:00:13.0921 0204        MODEMCSA        (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
00:00:14.0046 0204        MODEMCSA - ok
00:00:15.0796 0204        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:00:15.0875 0204        Mouclass - ok
00:00:17.0984 0204        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:00:18.0171 0204        mouhid - ok
00:00:20.0234 0204        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:00:20.0687 0204        MountMgr - ok
00:00:22.0281 0204        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:00:22.0734 0204        mraid35x - ok
00:00:24.0515 0204        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:00:25.0000 0204        MRxDAV - ok
00:00:27.0250 0204        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:00:28.0937 0204        MRxSmb - ok
00:00:30.0406 0204        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:00:30.0468 0204        Msfs - ok
00:00:32.0062 0204        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:00:32.0062 0204        MSKSSRV - ok
00:00:32.0515 0204        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:00:32.0515 0204        MSPCLOCK - ok
00:00:33.0171 0204        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:00:33.0187 0204        MSPQM - ok
00:00:33.0656 0204        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:00:33.0656 0204        mssmbios - ok
00:00:34.0328 0204        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:00:34.0343 0204        MSTEE - ok
00:00:34.0875 0204        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:00:34.0953 0204        Mup - ok
00:00:35.0687 0204        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:00:35.0750 0204        NABTSFEC - ok
00:00:36.0546 0204        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:00:36.0671 0204        NDIS - ok
00:00:37.0125 0204        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:00:37.0125 0204        NdisIP - ok
00:00:37.0984 0204        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:00:38.0000 0204        NdisTapi - ok
00:00:38.0656 0204        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:00:38.0671 0204        Ndisuio - ok
00:00:39.0171 0204        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:00:39.0234 0204        NdisWan - ok
00:00:39.0953 0204        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:00:39.0984 0204        NDProxy - ok
00:00:40.0703 0204        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:00:40.0734 0204        NetBIOS - ok
00:00:41.0234 0204        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:00:41.0343 0204        NetBT - ok
00:00:42.0046 0204        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:00:42.0062 0204        Npfs - ok
00:00:43.0156 0204        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:00:43.0515 0204        Ntfs - ok
00:00:43.0578 0204        NTIDrvr - ok
00:00:44.0343 0204        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:00:44.0359 0204        Null - ok
00:00:45.0046 0204        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:00:45.0062 0204        NwlnkFlt - ok
00:00:45.0531 0204        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:00:45.0562 0204        NwlnkFwd - ok
00:00:46.0296 0204        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
00:00:46.0359 0204        Parport - ok
00:00:46.0828 0204        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:00:46.0843 0204        PartMgr - ok
00:00:47.0593 0204        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
00:00:47.0609 0204        ParVdm - ok
00:00:48.0328 0204        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
00:00:48.0390 0204        PCI - ok
00:00:49.0046 0204        PCIDump - ok
00:00:49.0734 0204        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:00:49.0734 0204        PCIIde - ok
00:00:50.0500 0204        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
00:00:50.0609 0204        Pcmcia - ok
00:00:51.0468 0204        PDCOMP - ok
00:00:52.0062 0204        PDFRAME - ok
00:00:52.0843 0204        PDRELI - ok
00:00:53.0343 0204        PDRFRAME - ok
00:00:54.0156 0204        perc2          (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
00:00:54.0171 0204        perc2 - ok
00:00:54.0656 0204        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:00:54.0671 0204        perc2hib - ok
00:00:55.0531 0204        PID_0928        (5bd2c6d982481d548107c602e7ccfbbc) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
00:00:55.0671 0204        PID_0928 - ok
00:00:56.0421 0204        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:00:56.0468 0204        PptpMiniport - ok
00:00:57.0203 0204        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:00:57.0250 0204        PSched - ok
00:00:57.0687 0204        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:00:57.0703 0204        Ptilink - ok
00:00:58.0484 0204        PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:00:58.0531 0204        PxHelp20 - ok
00:00:59.0625 0204        QCDonner        (5e272eaad04e80354e0c484cc3cfd3cc) C:\WINDOWS\system32\DRIVERS\LVCD.sys
00:00:59.0906 0204        QCDonner - ok
00:01:00.0625 0204        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:01:00.0687 0204        ql1080 - ok
00:01:01.0156 0204        Ql10wnt        (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:01:01.0171 0204        Ql10wnt - ok
00:01:01.0890 0204        ql12160        (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:01:01.0921 0204        ql12160 - ok
00:01:02.0687 0204        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:01:02.0718 0204        ql1240 - ok
00:01:03.0187 0204        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:01:03.0234 0204        ql1280 - ok
00:01:03.0937 0204        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:01:03.0953 0204        RasAcd - ok
00:01:04.0406 0204        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:01:04.0437 0204        Rasl2tp - ok
00:01:05.0140 0204        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:01:05.0171 0204        RasPppoe - ok
00:01:05.0625 0204        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:01:05.0734 0204        Raspti - ok
00:01:07.0078 0204        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:01:07.0203 0204        Rdbss - ok
00:01:08.0875 0204        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:01:08.0921 0204        RDPCDD - ok
00:01:10.0750 0204        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:01:11.0078 0204        rdpdr - ok
00:01:13.0562 0204        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:01:13.0656 0204        RDPWD - ok
00:01:15.0312 0204        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:01:15.0781 0204        redbook - ok
00:01:15.0796 0204        rpcapd - ok
00:01:17.0515 0204        RTL8023xp      (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
00:01:17.0843 0204        RTL8023xp - ok
00:01:19.0734 0204        s116bus        (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys
00:01:20.0156 0204        s116bus - ok
00:01:22.0015 0204        s116mdfl        (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
00:01:22.0187 0204        s116mdfl - ok
00:01:24.0156 0204        s116mdm        (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys
00:01:24.0453 0204        s116mdm - ok
00:01:25.0453 0204        s116mgmt        (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
00:01:25.0515 0204        s116mgmt - ok
00:01:26.0187 0204        s116nd5        (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys
00:01:26.0203 0204        s116nd5 - ok
00:01:26.0687 0204        s116obex        (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys
00:01:26.0750 0204        s116obex - ok
00:01:27.0484 0204        s116unic        (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys
00:01:27.0546 0204        s116unic - ok
00:01:27.0671 0204        SASDIFSV        (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
00:01:27.0671 0204        SASDIFSV - ok
00:01:27.0796 0204        SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
00:01:27.0796 0204        SASKUTIL - ok
00:01:28.0578 0204        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:01:28.0593 0204        Secdrv - ok
00:01:29.0312 0204        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
00:01:29.0359 0204        Serial - ok
00:01:29.0796 0204        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
00:01:29.0812 0204        Sfloppy - ok
00:01:30.0437 0204        Simbad - ok
00:01:30.0921 0204        sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:01:30.0953 0204        sisagp - ok
00:01:31.0703 0204        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:01:31.0703 0204        SLIP - ok
00:01:32.0140 0204        sonypvs1 - ok
00:01:32.0843 0204        SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
00:01:32.0843 0204        SONYPVU1 - ok
00:01:33.0546 0204        Sparrow        (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:01:33.0562 0204        Sparrow - ok
00:01:34.0000 0204        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:01:34.0015 0204        splitter - ok
00:01:34.0750 0204        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
00:01:34.0796 0204        sr - ok
00:01:35.0750 0204        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:01:35.0968 0204        Srv - ok
00:01:36.0796 0204        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
00:01:36.0812 0204        ssmdrv - ok
00:01:37.0250 0204        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:01:37.0265 0204        streamip - ok
00:01:37.0921 0204        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:01:37.0937 0204        swenum - ok
00:01:38.0375 0204        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:01:38.0421 0204        swmidi - ok
00:01:39.0093 0204        symc810        (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
00:01:39.0109 0204        symc810 - ok
00:01:39.0796 0204        symc8xx        (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:01:39.0828 0204        symc8xx - ok
00:01:40.0359 0204        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:01:40.0390 0204        sym_hi - ok
00:01:41.0062 0204        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:01:41.0093 0204        sym_u3 - ok
00:01:41.0859 0204        SynTP          (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
00:01:41.0968 0204        SynTP - ok
00:01:42.0437 0204        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:01:42.0484 0204        sysaudio - ok
00:01:43.0359 0204        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:01:43.0578 0204        Tcpip - ok
00:01:44.0406 0204        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:01:44.0421 0204        TDPIPE - ok
00:01:45.0093 0204        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:01:45.0109 0204        TDTCP - ok
00:01:45.0562 0204        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:01:45.0593 0204        TermDD - ok
00:01:46.0281 0204        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
00:01:46.0281 0204        TosIde - ok
00:01:46.0750 0204        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:01:46.0796 0204        Udfs - ok
00:01:47.0578 0204        ultra          (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
00:01:47.0609 0204        ultra - ok
00:01:48.0500 0204        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:01:48.0750 0204        Update - ok
00:01:49.0453 0204        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:01:49.0500 0204        usbaudio - ok
00:01:49.0953 0204        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:01:49.0968 0204        usbccgp - ok
00:01:50.0656 0204        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:01:50.0671 0204        usbehci - ok
00:01:51.0218 0204        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:01:51.0265 0204        usbhub - ok
00:01:51.0937 0204        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:01:51.0968 0204        usbprint - ok
00:01:52.0656 0204        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:01:52.0671 0204        usbscan - ok
00:01:53.0109 0204        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:01:53.0125 0204        USBSTOR - ok
00:01:53.0812 0204        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:01:53.0828 0204        usbuhci - ok
00:01:54.0343 0204        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:01:54.0359 0204        VgaSave - ok
00:01:55.0078 0204        viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:01:55.0093 0204        viaagp - ok
00:01:55.0765 0204        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
00:01:55.0781 0204        ViaIde - ok
00:01:56.0234 0204        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
00:01:56.0281 0204        VolSnap - ok
00:02:01.0046 0204        w29n51          (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
00:02:06.0671 0204        w29n51 - ok
00:02:08.0546 0204        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:02:08.0703 0204        Wanarp - ok
00:02:10.0125 0204        wanatw - ok
00:02:11.0078 0204        WDICA - ok
00:02:12.0234 0204        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:02:12.0671 0204        wdmaud - ok
00:02:15.0109 0204        winachsf        (5134064dbd9156f2ae4a2090344bb418) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
00:02:16.0890 0204        winachsf - ok
00:02:18.0375 0204        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
00:02:18.0406 0204        WpdUsb - ok
00:02:19.0171 0204        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:02:19.0187 0204        WS2IFSL - ok
00:02:19.0640 0204        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:02:19.0656 0204        WSTCODEC - ok
00:02:20.0421 0204        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:02:20.0484 0204        WudfPf - ok
00:02:21.0250 0204        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:02:21.0296 0204        WudfRd - ok
00:02:21.0406 0204        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:02:21.0703 0204        \Device\Harddisk0\DR0 - ok
00:02:21.0703 0204        Boot (0x1200)  (71684aee975a3f5529ab353627503c17) \Device\Harddisk0\DR0\Partition0
00:02:21.0703 0204        \Device\Harddisk0\DR0\Partition0 - ok
00:02:21.0734 0204        Boot (0x1200)  (346192453dc3fbbff41895146134cdd7) \Device\Harddisk0\DR0\Partition1
00:02:21.0734 0204        \Device\Harddisk0\DR0\Partition1 - ok
00:02:21.0750 0204        ============================================================
00:02:21.0750 0204        Scan finished
00:02:21.0750 0204        ============================================================
00:02:21.0765 0516        Detected object count: 0
00:02:21.0765 0516        Actual detected object count: 0

Nun lasse ich malware nochmals durchlaufen.

Gruß
Moni

cosinus 30.09.2011 23:15

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

MoThePo 01.10.2011 00:22

Hallo Arne,
anbei die log datei...

was soll ich nun machen...?

Gruß
Moni

cosinus 01.10.2011 20:51

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).


MoThePo 02.10.2011 00:41

Hallo Arne,

wie beschrieben, anbei die log Datei von asw...

HTML-Code:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-02 01:03:40
-----------------------------
01:03:40.125    OS Version: Windows 5.1.2600 Service Pack 3
01:03:40.125    Number of processors: 1 586 0xD08
01:03:40.125    ComputerName: MONI UserName:
01:03:44.843    Initialize success
01:17:17.671    AVAST engine defs: 11100101
01:35:37.687    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Moni\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-02 01:03:40
-----------------------------
01:03:40.125    OS Version: Windows 5.1.2600 Service Pack 3
01:03:40.125    Number of processors: 1 586 0xD08
01:03:40.125    ComputerName: MONI  UserName:
01:03:44.843    Initialize success
01:17:17.671    AVAST engine defs: 11100101
01:35:37.687    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Moni\Desktop\aswMBR.txt"
01:35:46.265    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Moni\Desktop\aswMBR.txt"

Gruß
Moni


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:09 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131