PC plötzlich verlangsamt
 

Hallo Trojaner-Board-Forum-Leute =),

Problem
seit gestern habe ich ein Problem mit dem PC.
Ich habe Windows XP und schon der Anfangsbildschirm, wo "Windows XP" steht wird deutlich länger (~2 Minuten) angezeigt.
Beim online Video gucken ruckelt es und auch der Ton ist irgendwie verzerrt.
Aber auch wenn ich Audiodateien offline anhöre, klingen sie so seltsam.

Ursache?
Gestern hat eine Freundin grooveshark installiert (wollte was hören). Das habe ich aber mittlerweile mithilfe von "Mozilla -> Extras -> Add-ons -> Erweiterungen" entfernt.
Vor einer Weile, hatte ich einen Trojaner. Ich erinner mich nicht genau, habe ihn aber mit dem "Trojan Remover" irgendwie "beseitigt" (oder zum Stillschweigen gebracht :stirn: )
Meine "Sicherheitsprogramme" sind

• AVG Anti-Virus Free Edition 2012
• Ad-Aware

Ich hoffe, ihr habt ein paar Tipps für mich, da ich mich leider nur sehr wenig mit solchen Sachen auskenne,

Gruß,
ratsuchend

Hast du da ncoh irgendwelche Logs über gefundene Schädlinge?

Hey,
hab die letzten Tage viel gearbeitet, daher die Verzögerung.
Ich hab nach etwas Suchen folgendes gefunden- "Trojan Remover Logfile"- das müsste es ja sein, oder?
Freundliche Grüße

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.3.2601. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 20:16:33 16 Jun 2012
Using Database v7899
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Simply Super Software\Trojan Remover\
Database directory: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Dokumente und Einstellungen\***\Eigene Dateien\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Programme\Trojan Remover\
Running with Administrator privileges

************************************************************
20:16:33: ----- CHECKING DEFAULT FILE ASSOCIATIONS -----
No modified default file associations detected

************************************************************
20:16:33: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
20:16:35: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1036800 bytes
Created: 25.04.2008 11:45
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 25.04.2008 11:46
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515072 bytes
Created: 25.04.2008 11:45
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Apoint
Value Data: C:\Programme\DellTPad\Apoint.exe
C:\Programme\DellTPad\Apoint.exe
159744 bytes
Created: 22.10.2008 11:14
Modified: 21.02.2008 23:24
Company: Alps Electric Co., Ltd.
--------------------
Value Name: DELL Webcam Manager
Value Data: "C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe" /s
C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe
118784 bytes
Created: 22.10.2008 02:31
Modified: 27.07.2007 17:43
Company: Creative Technology Ltd.
--------------------
Value Name: dellsupportcenter
Value Data: "C:\Programme\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
C:\Programme\Dell Support Center\bin\sprtcmd.exe
206064 bytes
Created: 21.05.2009 11:13
Modified: 21.05.2009 11:13
Company: SupportSoft, Inc.
--------------------
Value Name: AVG_TRAY
Value Data: "C:\Programme\AVG\AVG2012\avgtray.exe"
C:\Programme\AVG\AVG2012\avgtray.exe
2587008 bytes
Created: 05.04.2012 05:12
Modified: 05.04.2012 05:12
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: vProt
Value Data: "C:\Programme\AVG Secure Search\vprot.exe"
C:\Programme\AVG Secure Search\vprot.exe
1104440 bytes
Created: 06.06.2012 21:43
Modified: 13.06.2012 16:59
Company:
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
37296 bytes
Created: 27.03.2012 14:41
Modified: 27.03.2012 14:41
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe ARM
Value Data: "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
-R- 843712 bytes
Created: 02.01.2012 11:07
Modified: 02.01.2012 11:07
Company: Adobe Systems Incorporated
--------------------
Value Name: ROC_roc_dec12
Value Data: "C:\Programme\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
C:\Programme\AVG Secure Search\ROC_roc_dec12.exe - [file not found to scan]
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
254696 bytes
Created: 18.01.2012 14:02
Modified: 18.01.2012 14:02
Company: Sun Microsystems, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Programme\Trojan Remover\Trjscan.exe /boot
C:\Programme\Trojan Remover\Trjscan.exe
1238800 bytes
Created: 05.06.2012 10:00
Modified: 23.01.2012 14:12
Company: Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 25.04.2008 11:46
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
--------------------
Value Name: ISUSPM
Value Data: "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
205480 bytes
Created: 30.08.2007 11:50
Modified: 30.08.2007 11:50
Company: Macrovision Corporation
--------------------
Value Name: MSMSGS
Value Data: "C:\Programme\Messenger\msmsgs.exe" /background
C:\Programme\Messenger\msmsgs.exe
1695232 bytes
Created: 25.04.2008 16:57
Modified: 14.04.2008 21:52
Company: Microsoft Corporation
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
20:16:43: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
20:16:43: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
20:16:45: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\ssstars.scr
C:\WINDOWS\system32\ssstars.scr
14848 bytes
Created: 25.04.2008 11:46
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
--------------------

************************************************************
20:16:46: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
20:16:47: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************************
20:16:49: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AdobeFlashPlayerUpdateSvc
ImagePath: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
257224 bytes
Created: 01.04.2012 11:50
Modified: 16.06.2012 14:25
Company: Adobe Systems Incorporated
----------
Key: AegisP
ImagePath: system32\DRIVERS\AegisP.sys
C:\WINDOWS\system32\DRIVERS\AegisP.sys
21393 bytes
Created: 22.10.2008 02:29
Modified: 22.10.2008 02:29
Company: Cisco Systems, Inc.
----------
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 14.04.2008 02:10
Modified: 14.04.2008 14:10
Company: Microsoft Corporation
----------
Key: AVGIDSAgent
ImagePath: C:\Programme\AVG\AVG2012\AVGIDSAgent.exe
C:\Programme\AVG\AVG2012\AVGIDSAgent.exe
5106744 bytes
Created: 30.04.2012 09:44
Modified: 30.04.2012 09:44
Company: AVG Technologies CZ, s.r.o.
----------
Key: AVGIDSDriver
ImagePath: system32\DRIVERS\avgidsdriverx.sys
C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
139856 bytes
Created: 23.12.2011 13:32
Modified: 23.12.2011 13:32
Company: AVG Technologies CZ, s.r.o.
----------
Key: AVGIDSFilter
ImagePath: system32\DRIVERS\avgidsfilterx.sys
C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
24144 bytes
Created: 23.12.2011 13:32
Modified: 23.12.2011 13:32
Company: AVG Technologies CZ, s.r.o.
----------
Key: AVGIDSHX
ImagePath: system32\DRIVERS\avgidshx.sys
C:\WINDOWS\system32\DRIVERS\avgidshx.sys
24896 bytes
Created: 19.04.2012 04:50
Modified: 19.04.2012 04:50
Company: AVG Technologies CZ, s.r.o.
----------
Key: AVGIDSShim
ImagePath: system32\DRIVERS\avgidsshimx.sys
C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
17232 bytes
Created: 23.12.2011 13:32
Modified: 23.12.2011 13:32
Company: AVG Technologies CZ, s.r.o.
----------
Key: Avgldx86
ImagePath: system32\DRIVERS\avgldx86.sys
C:\WINDOWS\system32\DRIVERS\avgldx86.sys
235216 bytes
Created: 07.10.2011 07:23
Modified: 22.02.2012 05:25
Company: AVG Technologies CZ, s.r.o.
----------
Key: Avgmfx86
ImagePath: system32\DRIVERS\avgmfx86.sys
C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
41040 bytes
Created: 08.08.2011 07:08
Modified: 23.12.2011 13:32
Company: AVG Technologies CZ, s.r.o.
----------
Key: Avgrkx86
ImagePath: system32\DRIVERS\avgrkx86.sys
C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
31952 bytes
Created: 13.09.2011 07:30
Modified: 31.01.2012 04:46
Company: AVG Technologies CZ, s.r.o.
----------
Key: Avgtdix
ImagePath: system32\DRIVERS\avgtdix.sys
C:\WINDOWS\system32\DRIVERS\avgtdix.sys
301248 bytes
Created: 11.07.2011 02:14
Modified: 19.03.2012 05:17
Company: AVG Technologies CZ, s.r.o.
----------
Key: avgwd
ImagePath: C:\Programme\AVG\AVG2012\avgwdsvc.exe
C:\Programme\AVG\AVG2012\avgwdsvc.exe
193288 bytes
Created: 14.02.2012 04:53
Modified: 14.02.2012 04:53
Company: AVG Technologies CZ, s.r.o.
----------
Key: CVirtA
ImagePath: system32\DRIVERS\CVirtA.sys
C:\WINDOWS\system32\DRIVERS\CVirtA.sys
5275 bytes
Created: 18.01.2007 17:28
Modified: 18.01.2007 17:28
Company: Cisco Systems, Inc.
----------
Key: DLABMFSM
ImagePath: System32\Drivers\DLABMFSM.SYS
C:\WINDOWS\System32\Drivers\DLABMFSM.SYS
37360 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 16:04
Company: Roxio
----------
Key: DLABOIOM
ImagePath: System32\Drivers\DLABOIOM.SYS
C:\WINDOWS\System32\Drivers\DLABOIOM.SYS
32848 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 16:04
Company: Roxio
----------
Key: DLADResM
ImagePath: System32\Drivers\DLADResM.SYS
C:\WINDOWS\System32\Drivers\DLADResM.SYS
9104 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 16:05
Company: Roxio
----------
Key: DLAIFS_M
ImagePath: System32\Drivers\DLAIFS_M.SYS
C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS
108752 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 16:04
Company: Roxio
----------
Key: DLAOPIOM
ImagePath: System32\Drivers\DLAOPIOM.SYS
C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS
27216 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 16:04
Company: Roxio
----------
Key: DLAPoolM
ImagePath: System32\Drivers\DLAPoolM.SYS
C:\WINDOWS\System32\Drivers\DLAPoolM.SYS
16304 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 16:04
Company: Roxio
----------
Key: DLARTL_M
ImagePath: System32\Drivers\DLARTL_M.SYS
C:\WINDOWS\System32\Drivers\DLARTL_M.SYS
30064 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 15:49
Company: Roxio
----------
Key: DLAUDFAM
ImagePath: System32\Drivers\DLAUDFAM.SYS
C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS
93552 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 16:04
Company: Roxio
----------
Key: DLAUDF_M
ImagePath: System32\Drivers\DLAUDF_M.SYS
C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS
98448 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 16:04
Company: Roxio
----------
Key: DRVNDDM
ImagePath: System32\Drivers\DRVNDDM.SYS
C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
52000 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 15:43
Company: Roxio
----------
Key: EvtEng
ImagePath: C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
647168 bytes
Created: 25.07.2007 17:41
Modified: 25.07.2007 17:41
Company: Intel Corporation
----------
Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5776928 bytes
Created: 22.10.2008 11:14
Modified: 22.02.2008 02:06
Company: Intel Corporation
----------
Key: iaStor
ImagePath: system32\drivers\iaStor.sys
C:\WINDOWS\system32\drivers\iaStor.sys
305176 bytes
Created: 22.10.2008 11:14
Modified: 17.03.2008 23:59
Company: Intel Corporation
----------
Key: Lavasoft Ad-Aware Service
ImagePath: C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
2152720 bytes
Created: 28.10.2011 20:35
Modified: 07.06.2012 13:30
Company: Lavasoft Limited
----------
Key: Lavasoft Kernexplorer
ImagePath: \??\C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys
C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys
15232 bytes
Created: 28.10.2011 20:35
Modified: 28.10.2011 20:35
Company: [no info]
----------
Key: MozillaMaintenance
ImagePath: C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
129976 bytes
Created: 04.05.2012 23:23
Modified: 04.05.2012 23:23
Company: Mozilla Foundation
----------
Key: NETw4x32
ImagePath: system32\DRIVERS\NETw4x32.sys
C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2211456 bytes
Created: 22.10.2008 11:13
Modified: 13.08.2007 03:05
Company: Intel Corporation
----------
Key: NETw5x32
ImagePath: system32\DRIVERS\NETw5x32.sys
C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
4221952 bytes
Created: 17.12.2009 21:12
Modified: 26.10.2009 06:47
Company: Intel Corporation
----------
Key: npggsvc
ImagePath: C:\WINDOWS\system32\GameMon.des -service
C:\WINDOWS\system32\GameMon.des
2784285 bytes
Created: 30.04.2009 22:36
Modified: 06.04.2009 05:07
Company: INCA Internet Co., Ltd.
----------
Key: O2FLASH
ImagePath: %SystemRoot%\system32\DRIVERS\o2flash.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
71512 bytes
Created: 22.10.2008 11:13
Modified: 27.08.2008 02:39
Company: O2Micro International
----------
Key: O2MDRDR
ImagePath: system32\DRIVERS\o2media.sys
C:\WINDOWS\system32\DRIVERS\o2media.sys
51288 bytes
Created: 22.10.2008 11:13
Modified: 27.08.2008 02:39
Company: O2Micro
----------
Key: O2SDRDR
ImagePath: system32\DRIVERS\o2sd.sys
C:\WINDOWS\system32\DRIVERS\o2sd.sys
43608 bytes
Created: 22.10.2008 11:13
Modified: 27.08.2008 02:39
Company: O2Micro
----------
Key: OEM13Afx
ImagePath: \??\C:\WINDOWS\system32\Drivers\OEM13Afx.sys
C:\WINDOWS\system32\Drivers\OEM13Afx.sys
141376 bytes
Created: 22.10.2008 11:14
Modified: 16.07.2008 23:32
Company: Creative Technology Ltd.
----------
Key: OEM13Vfx
ImagePath: system32\DRIVERS\OEM13Vfx.sys
C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys
7424 bytes
Created: 22.10.2008 11:14
Modified: 16.07.2008 23:32
Company: EyePower Games Pte. Ltd.
----------
Key: OEM13Vid
ImagePath: system32\DRIVERS\OEM13Vid.sys
C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys
235840 bytes
Created: 22.10.2008 11:14
Modified: 16.07.2008 23:32
Company: Creative Technology Ltd.
----------
Key: ose
ImagePath: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE"
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
149352 bytes
Created: 09.01.2010 22:18
Modified: 09.01.2010 22:18
Company: Microsoft Corporation
----------
Key: osppsvc
ImagePath: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
4640000 bytes
Created: 09.01.2010 22:37
Modified: 09.01.2010 22:37
Company: Microsoft Corporation
----------
Key: RegSrvc
ImagePath: C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
327680 bytes
Created: 25.07.2007 17:22
Modified: 25.07.2007 17:22
Company: Intel Corporation
----------
Key: S24EventMonitor
ImagePath: C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
987136 bytes
Created: 25.07.2007 17:29
Modified: 25.07.2007 17:29
Company: Intel Corporation
----------
Key: sprtsvc_dellsupportcenter
ImagePath: C:\Programme\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter
C:\Programme\Dell Support Center\bin\sprtsvc.exe
201968 bytes
Created: 14.08.2008 01:04
Modified: 14.08.2008 01:04
Company: SupportSoft, Inc.
----------
Key: stllssvr
ImagePath: "C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe"
C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe
-R- 69632 bytes
Created: 11.07.2007 09:33
Modified: 11.07.2007 09:33
Company: MicroVision Development, Inc.
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{CD5BB325-1698-4C3A-8782-0923E72A4E6B}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 25.04.2008 11:45
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
----------
Key: tosporte
ImagePath: system32\DRIVERS\tosporte.sys
C:\WINDOWS\system32\DRIVERS\tosporte.sys
41600 bytes
Created: 22.10.2008 02:29
Modified: 26.04.2007 23:29
Company: TOSHIBA Corporation
----------
Key: tosrfbd
ImagePath: system32\DRIVERS\tosrfbd.sys
C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
113920 bytes
Created: 22.10.2008 02:29
Modified: 26.04.2007 23:29
Company: TOSHIBA CORPORATION
----------
Key: tosrfbnp
ImagePath: System32\Drivers\tosrfbnp.sys
C:\WINDOWS\System32\Drivers\tosrfbnp.sys
36480 bytes
Created: 22.10.2008 02:29
Modified: 26.04.2007 23:29
Company: TOSHIBA Corporation
----------
Key: Tosrfcom
ImagePath: System32\Drivers\tosrfcom.sys
C:\WINDOWS\System32\Drivers\tosrfcom.sys
64896 bytes
Created: 22.10.2008 02:29
Modified: 26.04.2007 23:29
Company: TOSHIBA Corporation
----------
Key: Tosrfhid
ImagePath: system32\DRIVERS\Tosrfhid.sys
C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
73600 bytes
Created: 22.10.2008 02:29
Modified: 26.04.2007 23:29
Company: TOSHIBA Corporation.
----------
Key: tosrfnds
ImagePath: system32\DRIVERS\tosrfnds.sys
C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
18612 bytes
Created: 22.10.2008 02:29
Modified: 26.04.2007 23:29
Company: TOSHIBA Corporation.
----------
Key: Tosrfusb
ImagePath: system32\DRIVERS\tosrfusb.sys
C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
41856 bytes
Created: 22.10.2008 02:29
Modified: 26.04.2007 23:29
Company: TOSHIBA CORPORATION
----------
Key: usbvideo
ImagePath: System32\Drivers\usbvideo.sys
C:\WINDOWS\System32\Drivers\usbvideo.sys
121984 bytes
Created: 22.10.2008 15:18
Modified: 14.04.2008 14:16
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Programme\Windows Live\Messenger\usnsvc.exe"
C:\Programme\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18.10.2007 12:31
Modified: 18.10.2007 12:31
Company: Microsoft Corporation
----------
Key: vsdatant
ImagePath: \??\C:\WINDOWS\system32\vsdatant.sys
C:\WINDOWS\system32\vsdatant.sys - [file not found to scan]
----------
Key: vToolbarUpdater11.1.0
ImagePath: C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
935480 bytes
Created: 13.06.2012 16:59
Modified: 13.06.2012 16:59
Company:
----------
Key: WLANKEEPER
ImagePath: C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
294912 bytes
Created: 25.07.2007 17:32
Modified: 25.07.2007 17:32
Company: Intel(R) Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Programme\Windows Live\installer\WLSetupSvc.exe"
C:\Programme\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25.10.2007 16:27
Modified: 25.10.2007 16:27
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: System32\Drivers\wpdusb.sys
C:\WINDOWS\System32\Drivers\wpdusb.sys
18944 bytes
Created: 28.01.2005 14:44
Modified: 28.01.2005 02:36
Company: Microsoft Corporation
----------

************************************************************
20:17:32: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

************************************************************
20:17:32: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
20:17:32: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Programme\AVG\AVG2012\avgse.dll
C:\Programme\AVG\AVG2012\avgse.dll
158560 bytes
Created: 14.02.2012 04:53
Modified: 14.02.2012 04:53
Company: AVG Technologies CZ, s.r.o.
----------
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll
C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll
493344 bytes
Created: 28.10.2011 20:35
Modified: 07.06.2012 13:30
Company: Lavasoft Limited
----------
Key: Notepad++
CLSID: {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593}
File: [CLSID does not appear to reference a file]
----------

************************************************************
20:17:34: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
420864 bytes
Created: 17.01.2011 17:19
Modified: 17.01.2011 17:19
Company: OpenOffice.org
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
378264 bytes
Created: 26.03.2012 17:52
Modified: 26.03.2012 17:52
Company: Adobe Systems, Inc.
----------

************************************************************
20:17:34: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
BHO: C:\Programme\AVG\AVG2012\avgdtiex.dll
C:\Programme\AVG\AVG2012\avgdtiex.dll
936528 bytes
Created: 20.04.2012 19:56
Modified: 20.04.2012 19:56
Company: AVG Technologies CZ, s.r.o.
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Programme\AVG\AVG2012\avgssie.dll
C:\Programme\AVG\AVG2012\avgssie.dll
1390672 bytes
Created: 13.04.2012 17:40
Modified: 13.04.2012 17:40
Company: AVG Technologies CZ, s.r.o.
----------
Key: {95B7759C-8C7F-4BF1-B163-73684A933233}
BHO: C:\Programme\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
C:\Programme\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
2068536 bytes
Created: 13.06.2012 16:59
Modified: 13.06.2012 16:59
Company:
----------
Key: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
BHO: C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
3834016 bytes
Created: 10.10.2011 12:09
Modified: 10.10.2011 12:09
Company: Skype Technologies S.A.
----------
Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}
BHO: C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
561552 bytes
Created: 21.12.2010 02:05
Modified: 21.12.2010 02:05
Company: Microsoft Corporation
----------

************************************************************
20:17:36: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
20:17:36: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
20:17:37: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
20:17:37: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
20:17:38: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
20:17:38: Scanning ------ COMMON STARTUP GROUP ------
[C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
The Common Startup Group attempts to load the following file(s) at boot time:
Bluetooth Manager.lnk - links to C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe
2150400 bytes
Created: 11.01.2007 21:43
Modified: 11.01.2007 21:43
Company: TOSHIBA CORPORATION.
--------------------
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-HS- 84 bytes
Created: 25.04.2008 03:52
Modified: 25.04.2008 17:00
Company: [no info]
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
20:17:38: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Weekly)
File: C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
1744312 bytes
Created: 28.10.2011 20:35
Modified: 07.06.2012 13:30
Company: Lavasoft Limited
Parameters: update all silent repair
Schedule: Um 13:18 wöchentlich jeden Mo, Do, ab dem 12.03.2012
Next Run Time: 18.06.2012 13:18:00
Status: Has not run
Creator: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
----------
Taskname: Adobe Flash Player Updater
File: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
257224 bytes
Created: 01.04.2012 11:50
Modified: 16.06.2012 14:25
Company: Adobe Systems Incorporated
Schedule: Alle 1 Stunde(n) ab 00:26. Dauer: 24 Stunde(n) täglich, ab dem 01.01.2000
Next Run Time: 16.06.2012 20:26:00
Status: Ready
Creator: Adobe Systems Incorporated
Comments: Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern.
----------

************************************************************
20:17:40: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
20:17:40: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.voxacm160
File: vct3216.acm
C:\WINDOWS\system32\vct3216.acm
82944 bytes
Created: 26.10.2008 17:32
Modified: 22.05.2003 01:50
Company: Voxware, Inc.
----------
Value: msacm.alf2cd
File: alf2cd.acm
C:\WINDOWS\system32\alf2cd.acm
38912 bytes
Created: 26.10.2008 17:32
Modified: 22.05.2003 01:50
Company: NCT Company
----------
Value: msacm.ac3acm
File: AC3ACM.acm
C:\WINDOWS\system32\AC3ACM.acm
81920 bytes
Created: 26.10.2008 17:32
Modified: 04.02.2004 23:11
Company: fccHandler
----------
Value: vidc.dvsd
File: mcdvd_32.dll
C:\WINDOWS\system32\mcdvd_32.dll
261632 bytes
Created: 26.10.2008 17:32
Modified: 27.09.2007 16:22
Company: MainConcept
----------
Value: vidc.VP60
File: C:\WINDOWS\system32\vp6vfw.dll
C:\WINDOWS\system32\vp6vfw.dll
-R- 442368 bytes
Created: 14.12.2010 21:30
Modified: 26.02.2005 07:34
Company: On2.com
----------
Value: vidc.VP61
File: C:\WINDOWS\system32\vp6vfw.dll
C:\WINDOWS\system32\vp6vfw.dll - file already scanned
----------

************************************************************
20:17:44: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper entry is blank
----------
Web Desktop Wallpaper entry is blank
----------
DNS Server information:
Interface:
NameServers: 192.168.1.10 192.168.1.130
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
20:17:46: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 25.04.2008 11:45
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 25.04.2008 11:45
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
513024 bytes
Created: 25.04.2008 11:46
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
111104 bytes
Created: 25.04.2008 11:45
Modified: 09.02.2009 13:21
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 25.04.2008 11:45
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 25.04.2008 11:46
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\spoolsv.exe
58880 bytes
Created: 25.04.2008 11:45
Modified: 17.08.2010 15:17
Company: Microsoft Corporation
--------------------
C:\Programme\Java\jre6\bin\jqs.exe
153376 bytes
Created: 04.06.2012 09:07
Modified: 04.06.2012 09:07
Company: Sun Microsystems, Inc.
--------------------
C:\Programme\Dell Support Center\bin\sprtsvc.exe
201968 bytes
Created: 14.08.2008 01:04
Modified: 14.08.2008 01:04
Company: SupportSoft, Inc.
--------------------
C:\Programme\AVG\AVG2012\avgnsx.exe
1254992 bytes
Created: 19.04.2012 04:51
Modified: 19.04.2012 04:51
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Programme\AVG\AVG2012\avgemcx.exe
979840 bytes
Created: 19.03.2012 05:18
Modified: 19.03.2012 05:18
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\WINDOWS\system32\wdfmgr.exe
38912 bytes
Created: 28.01.2005 14:44
Modified: 28.01.2005 02:36
Company: Microsoft Corporation
--------------------
C:\Programme\AVG\AVG2012\avgrsx.exe
758112 bytes
Created: 14.02.2012 04:53
Modified: 14.02.2012 04:53
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Programme\AVG\AVG2012\avgcsrvx.exe
338784 bytes
Created: 14.02.2012 04:52
Modified: 14.02.2012 04:52
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Programme\DellTPad\ApMsgFwd.exe
50736 bytes
Created: 22.10.2008 11:14
Modified: 21.02.2008 23:24
Company: Alps Electric Co., Ltd.
--------------------
C:\Programme\DellTPad\HidFind.exe
40960 bytes
Created: 22.10.2008 11:14
Modified: 21.02.2008 23:25
Company: Alps Electric Co., Ltd.
--------------------
C:\Programme\DellTPad\Apntex.exe
49152 bytes
Created: 22.10.2008 11:14
Modified: 21.02.2008 23:24
Company: Alps Electric Co., Ltd.
--------------------
C:\WINDOWS\system32\wbem\unsecapp.exe
16896 bytes
Created: 25.04.2008 16:57
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
227840 bytes
Created: 25.04.2008 16:56
Modified: 06.02.2009 12:10
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\wbem\wmiapsrv.exe
126464 bytes
Created: 25.04.2008 16:56
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
--------------------
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
2150400 bytes
Created: 11.01.2007 21:43
Modified: 11.01.2007 21:43
Company: TOSHIBA CORPORATION.
--------------------
C:\Programme\OpenOffice.org 3\program\soffice.exe
11322880 bytes
Created: 17.01.2011 19:50
Modified: 17.01.2011 19:50
Company: OpenOffice.org
--------------------
C:\Programme\OpenOffice.org 3\program\soffice.bin
11314688 bytes
Created: 17.01.2011 19:50
Modified: 17.01.2011 19:50
Company: OpenOffice.org
--------------------
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
1187072 bytes
Created: 28.10.2011 20:35
Modified: 07.06.2012 13:30
Company: Lavasoft Limited
--------------------
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
278528 bytes
Created: 18.12.2006 16:22
Modified: 18.12.2006 16:22
Company: TOSHIBA CORPORATION.
--------------------
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
69632 bytes
Created: 24.01.2006 00:14
Modified: 24.01.2006 00:14
Company: TOSHIBA CORPORATION.
--------------------
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
270336 bytes
Created: 27.10.2006 21:13
Modified: 27.10.2006 21:13
Company: TOSHIBA CORPORATION.
--------------------
C:\Programme\Mozilla Firefox\firefox.exe
924600 bytes
Created: 07.01.2012 13:17
Modified: 04.05.2012 23:23
Company: Mozilla Corporation
--------------------
C:\Programme\Mozilla Firefox\plugin-container.exe
16824 bytes
Created: 07.01.2012 13:17
Modified: 04.05.2012 23:23
Company: Mozilla Corporation
--------------------
C:\Programme\AVG\AVG2012\avgui.exe
4361296 bytes
Created: 13.04.2012 17:40
Modified: 13.04.2012 17:40
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Simply Super Software\Trojan Remover\due82.exe
FileSize: 4746488
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
20:17:57: Checking HOSTS file
No HOSTS file found to check

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
Dell Offizielle Seite | Dell Deutschland
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
Dell Offizielle Seite | Dell Deutschland
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
Dell-Suchseite
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
Personalisierte Startseite
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
Dell-Suchseite
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
Personalisierte Startseite

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 20:17:57 16 Jun 2012
Total Scan time: 00:01:23
************************************************************


***** THE SYSTEM HAS BEEN RESTARTED *****
05.06.2012 10:24:33: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DLACDBHM.SYS - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DLACDBHM.SYS - already removed (or did not exist)
=======================================================
=======================================================
Deleting the following registry value(s):
HKLM\SYSTEM\CurrentControlSet\Services\DLACDBHM\[ImagePath] - already deleted
=======================================================
05.06.2012 10:24:33: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.3.2601. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 10:01:33 05 Jun 2012
Using Database v7899
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Simply Super Software\Trojan Remover\
Database directory: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Dokumente und Einstellungen\***\Eigene Dateien\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Programme\Trojan Remover\
Running with Administrator privileges

************************************************************
10:01:33: ----- CHECKING DEFAULT FILE ASSOCIATIONS -----
StartMenuInternet\IEXPLORE.EXE entry: ["C:\Programme\Internet Explorer\iexplore.exe"]
This entry loads the following file:
C:\Programme\Internet Explorer\iexplore.exe
638816 bytes
Created: 25.04.2008 16:58
Modified: 08.03.2009 15:09
Company: Microsoft Corporation
C:\Programme\Internet Explorer\iexplore.exe - process is either not running or could not be terminated
C:\Programme\Internet Explorer\iexplore.exe - file renamed to: C:\Programme\Internet Explorer\iexplore.exe.vir
The SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command registry entry has been reset to its default

************************************************************
10:02:09: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
10:02:10: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1036800 bytes
Created: 25.04.2008 11:45
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 25.04.2008 11:46
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515072 bytes
Created: 25.04.2008 11:45
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Apoint
Value Data: C:\Programme\DellTPad\Apoint.exe
C:\Programme\DellTPad\Apoint.exe
159744 bytes
Created: 22.10.2008 11:14
Modified: 21.02.2008 23:24
Company: Alps Electric Co., Ltd.
--------------------
Value Name: DELL Webcam Manager
Value Data: "C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe" /s
C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe
118784 bytes
Created: 22.10.2008 02:31
Modified: 27.07.2007 17:43
Company: Creative Technology Ltd.
--------------------
Value Name: dellsupportcenter
Value Data: "C:\Programme\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
C:\Programme\Dell Support Center\bin\sprtcmd.exe
206064 bytes
Created: 21.05.2009 11:13
Modified: 21.05.2009 11:13
Company: SupportSoft, Inc.
--------------------
Value Name: AVG_TRAY
Value Data: "C:\Programme\AVG\AVG2012\avgtray.exe"
C:\Programme\AVG\AVG2012\avgtray.exe
2416480 bytes
Created: 24.01.2012 18:24
Modified: 24.01.2012 18:24
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: vProt
Value Data: "C:\Programme\AVG Secure Search\vprot.exe"
C:\Programme\AVG Secure Search\vprot.exe
982880 bytes
Created: 07.01.2012 15:51
Modified: 31.03.2012 18:17
Company:
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
37296 bytes
Created: 27.03.2012 14:41
Modified: 27.03.2012 14:41
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe ARM
Value Data: "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
-R- 843712 bytes
Created: 02.01.2012 11:07
Modified: 02.01.2012 11:07
Company: Adobe Systems Incorporated
--------------------
Value Name: ROC_roc_dec12
Value Data: "C:\Programme\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
C:\Programme\AVG Secure Search\ROC_roc_dec12.exe
928096 bytes
Created: 19.01.2012 17:27
Modified: 19.01.2012 17:27
Company:
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
254696 bytes
Created: 18.01.2012 14:02
Modified: 18.01.2012 14:02
Company: Sun Microsystems, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Programme\Trojan Remover\Trjscan.exe /boot
C:\Programme\Trojan Remover\Trjscan.exe
1238800 bytes
Created: 05.06.2012 10:00
Modified: 23.01.2012 14:12
Company: Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 25.04.2008 11:46
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
--------------------
Value Name: ISUSPM
Value Data: "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
205480 bytes
Created: 30.08.2007 11:50
Modified: 30.08.2007 11:50
Company: Macrovision Corporation
--------------------
Value Name: MSMSGS
Value Data: "C:\Programme\Messenger\msmsgs.exe" /background
C:\Programme\Messenger\msmsgs.exe
1695232 bytes
Created: 25.04.2008 16:57
Modified: 14.04.2008 21:52
Company: Microsoft Corporation
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
10:02:16: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
10:02:16: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
10:02:17: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\ssstars.scr
C:\WINDOWS\system32\ssstars.scr
14848 bytes
Created: 25.04.2008 11:46
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
--------------------

************************************************************
10:02:17: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
10:02:18: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************************
10:02:20: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AdobeFlashPlayerUpdateSvc
ImagePath: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
257696 bytes
Created: 01.04.2012 11:50
Modified: 05.05.2012 11:35
Company: Adobe Systems Incorporated
----------
Key: AegisP
ImagePath: system32\DRIVERS\AegisP.sys
C:\WINDOWS\system32\DRIVERS\AegisP.sys
21393 bytes
Created: 22.10.2008 02:29
Modified: 22.10.2008 02:29
Company: Cisco Systems, Inc.
----------
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 14.04.2008 02:10
Modified: 14.04.2008 14:10
Company: Microsoft Corporation
----------
Key: AVGIDSAgent
ImagePath: C:\Programme\AVG\AVG2012\AVGIDSAgent.exe
C:\Programme\AVG\AVG2012\AVGIDSAgent.exe
4433248 bytes
Created: 12.10.2011 07:25
Modified: 12.10.2011 07:25
Company: AVG Technologies CZ, s.r.o.
----------
Key: AVGIDSDriver
ImagePath: system32\DRIVERS\AVGIDSDriver.Sys
C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
134608 bytes
Created: 11.07.2011 02:14
Modified: 11.07.2011 02:14
Company: AVG Technologies CZ, s.r.o.
----------
Key: AVGIDSEH
ImagePath: system32\DRIVERS\AVGIDSEH.Sys
C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
23120 bytes
Created: 11.07.2011 02:14
Modified: 11.07.2011 02:14
Company: AVG Technologies CZ, s.r.o.
----------
Key: AVGIDSFilter
ImagePath: system32\DRIVERS\AVGIDSFilter.Sys
C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
24272 bytes
Created: 11.07.2011 02:14
Modified: 11.07.2011 02:14
Company: AVG Technologies CZ, s.r.o.
----------
Key: AVGIDSShim
ImagePath: system32\DRIVERS\AVGIDSShim.Sys
C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
16720 bytes
Created: 04.10.2011 07:21
Modified: 04.10.2011 07:21
Company: AVG Technologies CZ, s.r.o.
----------
Key: Avgldx86
ImagePath: system32\DRIVERS\avgldx86.sys
C:\WINDOWS\system32\DRIVERS\avgldx86.sys
230608 bytes
Created: 07.10.2011 07:23
Modified: 07.10.2011 07:23
Company: AVG Technologies CZ, s.r.o.
----------
Key: Avgmfx86
ImagePath: system32\DRIVERS\avgmfx86.sys
C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
40016 bytes
Created: 08.08.2011 07:08
Modified: 08.08.2011 07:08
Company: AVG Technologies CZ, s.r.o.
----------
Key: Avgrkx86
ImagePath: system32\DRIVERS\avgrkx86.sys
C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
32592 bytes
Created: 13.09.2011 07:30
Modified: 13.09.2011 07:30
Company: AVG Technologies CZ, s.r.o.
----------
Key: Avgtdix
ImagePath: system32\DRIVERS\avgtdix.sys
C:\WINDOWS\system32\DRIVERS\avgtdix.sys
295248 bytes
Created: 11.07.2011 02:14
Modified: 11.07.2011 02:14
Company: AVG Technologies CZ, s.r.o.
----------
Key: avgwd
ImagePath: C:\Programme\AVG\AVG2012\avgwdsvc.exe
C:\Programme\AVG\AVG2012\avgwdsvc.exe
192776 bytes
Created: 02.08.2011 07:09
Modified: 02.08.2011 07:09
Company: AVG Technologies CZ, s.r.o.
----------
Key: CVirtA
ImagePath: system32\DRIVERS\CVirtA.sys
C:\WINDOWS\system32\DRIVERS\CVirtA.sys
5275 bytes
Created: 18.01.2007 17:28
Modified: 18.01.2007 17:28
Company: Cisco Systems, Inc.
----------
Key: DLABMFSM
ImagePath: System32\Drivers\DLABMFSM.SYS
C:\WINDOWS\System32\Drivers\DLABMFSM.SYS
37360 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 16:04
Company: Roxio
----------
Key: DLABOIOM
ImagePath: System32\Drivers\DLABOIOM.SYS
C:\WINDOWS\System32\Drivers\DLABOIOM.SYS
32848 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 16:04
Company: Roxio
----------
Key: DLACDBHM
ImagePath: System32\Drivers\DLACDBHM.SYS
C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
14576 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 15:49
Company: Roxio
C:\WINDOWS\System32\Drivers\DLACDBHM.SYS appears to contain: TROJAN.TDSS
C:\WINDOWS\System32\Drivers\DLACDBHM.SYS - this registry value has been removed
C:\WINDOWS\System32\Drivers\DLACDBHM.SYS - file renamed to: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS.vir
----------
Key: DLADResM
ImagePath: System32\Drivers\DLADResM.SYS
C:\WINDOWS\System32\Drivers\DLADResM.SYS
9104 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 16:05
Company: Roxio
----------
Key: DLAIFS_M
ImagePath: System32\Drivers\DLAIFS_M.SYS
C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS
108752 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 16:04
Company: Roxio
----------
Key: DLAOPIOM
ImagePath: System32\Drivers\DLAOPIOM.SYS
C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS
27216 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 16:04
Company: Roxio
----------
Key: DLAPoolM
ImagePath: System32\Drivers\DLAPoolM.SYS
C:\WINDOWS\System32\Drivers\DLAPoolM.SYS
16304 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 16:04
Company: Roxio
----------
Key: DLARTL_M
ImagePath: System32\Drivers\DLARTL_M.SYS
C:\WINDOWS\System32\Drivers\DLARTL_M.SYS
30064 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 15:49
Company: Roxio
----------
Key: DLAUDFAM
ImagePath: System32\Drivers\DLAUDFAM.SYS
C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS
93552 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 16:04
Company: Roxio
----------
Key: DLAUDF_M
ImagePath: System32\Drivers\DLAUDF_M.SYS
C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS
98448 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 16:04
Company: Roxio
----------
Key: DRVNDDM
ImagePath: System32\Drivers\DRVNDDM.SYS
C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
52000 bytes
Created: 22.10.2008 02:34
Modified: 23.07.2007 15:43
Company: Roxio
----------
Key: EvtEng
ImagePath: C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
647168 bytes
Created: 25.07.2007 17:41
Modified: 25.07.2007 17:41
Company: Intel Corporation
----------
Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5776928 bytes
Created: 22.10.2008 11:14
Modified: 22.02.2008 02:06
Company: Intel Corporation
----------
Key: iaStor
ImagePath: system32\drivers\iaStor.sys
C:\WINDOWS\system32\drivers\iaStor.sys
305176 bytes
Created: 22.10.2008 11:14
Modified: 17.03.2008 23:59
Company: Intel Corporation
----------
Key: Lavasoft Ad-Aware Service
ImagePath: C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
2152688 bytes
Created: 28.10.2011 20:35
Modified: 14.05.2012 18:12
Company: Lavasoft Limited
----------
Key: Lavasoft Kernexplorer
ImagePath: \??\C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys
C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys
15232 bytes
Created: 28.10.2011 20:35
Modified: 28.10.2011 20:35
Company: [no info]
----------
Key: MozillaMaintenance
ImagePath: C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
129976 bytes
Created: 04.05.2012 23:23
Modified: 04.05.2012 23:23
Company: Mozilla Foundation
----------
Key: NETw4x32
ImagePath: system32\DRIVERS\NETw4x32.sys
C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2211456 bytes
Created: 22.10.2008 11:13
Modified: 13.08.2007 03:05
Company: Intel Corporation
----------
Key: NETw5x32
ImagePath: system32\DRIVERS\NETw5x32.sys
C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
4221952 bytes
Created: 17.12.2009 21:12
Modified: 26.10.2009 06:47
Company: Intel Corporation
----------
Key: npggsvc
ImagePath: C:\WINDOWS\system32\GameMon.des -service
C:\WINDOWS\system32\GameMon.des
2784285 bytes
Created: 30.04.2009 22:36
Modified: 06.04.2009 05:07
Company: INCA Internet Co., Ltd.
----------
Key: O2FLASH
ImagePath: %SystemRoot%\system32\DRIVERS\o2flash.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
71512 bytes
Created: 22.10.2008 11:13
Modified: 27.08.2008 02:39
Company: O2Micro International
----------
Key: O2MDRDR
ImagePath: system32\DRIVERS\o2media.sys
C:\WINDOWS\system32\DRIVERS\o2media.sys
51288 bytes
Created: 22.10.2008 11:13
Modified: 27.08.2008 02:39
Company: O2Micro
----------
Key: O2SDRDR
ImagePath: system32\DRIVERS\o2sd.sys
C:\WINDOWS\system32\DRIVERS\o2sd.sys
43608 bytes
Created: 22.10.2008 11:13
Modified: 27.08.2008 02:39
Company: O2Micro
----------
Key: OEM13Afx
ImagePath: \??\C:\WINDOWS\system32\Drivers\OEM13Afx.sys
C:\WINDOWS\system32\Drivers\OEM13Afx.sys
141376 bytes
Created: 22.10.2008 11:14
Modified: 16.07.2008 23:32
Company: Creative Technology Ltd.
----------
Key: OEM13Vfx
ImagePath: system32\DRIVERS\OEM13Vfx.sys
C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys
7424 bytes
Created: 22.10.2008 11:14
Modified: 16.07.2008 23:32
Company: EyePower Games Pte. Ltd.
----------
Key: OEM13Vid
ImagePath: system32\DRIVERS\OEM13Vid.sys
C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys
235840 bytes
Created: 22.10.2008 11:14
Modified: 16.07.2008 23:32
Company: Creative Technology Ltd.
----------
Key: ose
ImagePath: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE"
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
149352 bytes
Created: 09.01.2010 22:18
Modified: 09.01.2010 22:18
Company: Microsoft Corporation
----------
Key: osppsvc
ImagePath: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
4640000 bytes
Created: 09.01.2010 22:37
Modified: 09.01.2010 22:37
Company: Microsoft Corporation
----------
Key: RegSrvc
ImagePath: C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
327680 bytes
Created: 25.07.2007 17:22
Modified: 25.07.2007 17:22
Company: Intel Corporation
----------
Key: S24EventMonitor
ImagePath: C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
987136 bytes
Created: 25.07.2007 17:29
Modified: 25.07.2007 17:29
Company: Intel Corporation
----------
Key: sprtsvc_dellsupportcenter
ImagePath: C:\Programme\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter
C:\Programme\Dell Support Center\bin\sprtsvc.exe
201968 bytes
Created: 14.08.2008 01:04
Modified: 14.08.2008 01:04
Company: SupportSoft, Inc.
----------
Key: stllssvr
ImagePath: "C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe"
C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe
-R- 69632 bytes
Created: 11.07.2007 09:33
Modified: 11.07.2007 09:33
Company: MicroVision Development, Inc.
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{CD5BB325-1698-4C3A-8782-0923E72A4E6B}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 25.04.2008 11:45
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
----------
Key: tosporte
ImagePath: system32\DRIVERS\tosporte.sys
C:\WINDOWS\system32\DRIVERS\tosporte.sys
41600 bytes
Created: 22.10.2008 02:29
Modified: 26.04.2007 23:29
Company: TOSHIBA Corporation
----------
Key: tosrfbd
ImagePath: system32\DRIVERS\tosrfbd.sys
C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
113920 bytes
Created: 22.10.2008 02:29
Modified: 26.04.2007 23:29
Company: TOSHIBA CORPORATION
----------
Key: tosrfbnp
ImagePath: System32\Drivers\tosrfbnp.sys
C:\WINDOWS\System32\Drivers\tosrfbnp.sys
36480 bytes
Created: 22.10.2008 02:29
Modified: 26.04.2007 23:29
Company: TOSHIBA Corporation
----------
Key: Tosrfcom
ImagePath: System32\Drivers\tosrfcom.sys
C:\WINDOWS\System32\Drivers\tosrfcom.sys
64896 bytes
Created: 22.10.2008 02:29
Modified: 26.04.2007 23:29
Company: TOSHIBA Corporation
----------
Key: Tosrfhid
ImagePath: system32\DRIVERS\Tosrfhid.sys
C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
73600 bytes
Created: 22.10.2008 02:29
Modified: 26.04.2007 23:29
Company: TOSHIBA Corporation.
----------
Key: tosrfnds
ImagePath: system32\DRIVERS\tosrfnds.sys
C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
18612 bytes
Created: 22.10.2008 02:29
Modified: 26.04.2007 23:29
Company: TOSHIBA Corporation.
----------
Key: Tosrfusb
ImagePath: system32\DRIVERS\tosrfusb.sys
C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
41856 bytes
Created: 22.10.2008 02:29
Modified: 26.04.2007 23:29
Company: TOSHIBA CORPORATION
----------
Key: usbvideo
ImagePath: System32\Drivers\usbvideo.sys
C:\WINDOWS\System32\Drivers\usbvideo.sys
121984 bytes
Created: 22.10.2008 15:18
Modified: 14.04.2008 14:16
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Programme\Windows Live\Messenger\usnsvc.exe"
C:\Programme\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18.10.2007 12:31
Modified: 18.10.2007 12:31
Company: Microsoft Corporation
----------
Key: vsdatant
ImagePath: \??\C:\WINDOWS\system32\vsdatant.sys
C:\WINDOWS\system32\vsdatant.sys - [file not found to scan]
----------
Key: vToolbarUpdater10.2.0
ImagePath: C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
918880 bytes
Created: 31.03.2012 18:17
Modified: 31.03.2012 18:17
Company:
----------
Key: WLANKEEPER
ImagePath: C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
294912 bytes
Created: 25.07.2007 17:32
Modified: 25.07.2007 17:32
Company: Intel(R) Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Programme\Windows Live\installer\WLSetupSvc.exe"
C:\Programme\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25.10.2007 16:27
Modified: 25.10.2007 16:27
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: System32\Drivers\wpdusb.sys
C:\WINDOWS\System32\Drivers\wpdusb.sys
18944 bytes
Created: 28.01.2005 14:44
Modified: 28.01.2005 02:36
Company: Microsoft Corporation
----------

************************************************************
10:05:50: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

************************************************************
10:05:50: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
10:05:51: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Programme\AVG\AVG2012\avgse.dll
C:\Programme\AVG\AVG2012\avgse.dll
156512 bytes
Created: 02.08.2011 07:08
Modified: 02.08.2011 07:08
Company: AVG Technologies CZ, s.r.o.
----------
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll
C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll
493344 bytes
Created: 28.10.2011 20:35
Modified: 14.05.2012 18:12
Company: Lavasoft Limited
----------
Key: Notepad++
CLSID: {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593}
File: [CLSID does not appear to reference a file]
----------

************************************************************
10:05:52: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
420864 bytes
Created: 17.01.2011 17:19
Modified: 17.01.2011 17:19
Company: OpenOffice.org
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
378264 bytes
Created: 26.03.2012 17:52
Modified: 26.03.2012 17:52
Company: Adobe Systems, Inc.
----------

************************************************************
10:05:53: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Programme\AVG\AVG2012\avgssie.dll
C:\Programme\AVG\AVG2012\avgssie.dll
1378144 bytes
Created: 11.11.2011 03:29
Modified: 11.11.2011 03:29
Company: AVG Technologies CZ, s.r.o.
----------
Key: {95B7759C-8C7F-4BF1-B163-73684A933233}
BHO: C:\Programme\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
C:\Programme\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
1869152 bytes
Created: 31.03.2012 18:17
Modified: 31.03.2012 18:17
Company:
----------
Key: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
BHO: C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
3834016 bytes
Created: 10.10.2011 12:09
Modified: 10.10.2011 12:09
Company: Skype Technologies S.A.
----------
Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}
BHO: C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
561552 bytes
Created: 21.12.2010 02:05
Modified: 21.12.2010 02:05
Company: Microsoft Corporation
----------

************************************************************
10:05:55: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
10:05:55: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
10:05:55: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
10:05:55: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
10:05:55: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
10:05:56: Scanning ------ COMMON STARTUP GROUP ------
[C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
The Common Startup Group attempts to load the following file(s) at boot time:
Bluetooth Manager.lnk - links to C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe
2150400 bytes
Created: 11.01.2007 21:43
Modified: 11.01.2007 21:43
Company: TOSHIBA CORPORATION.
--------------------
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-HS- 84 bytes
Created: 25.04.2008 03:52
Modified: 25.04.2008 17:00
Company: [no info]
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
10:05:57: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Weekly)
File: C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
1743288 bytes
Created: 28.10.2011 20:35
Modified: 14.05.2012 18:12
Company: Lavasoft Limited
Parameters: update all silent repair
Schedule: Um 13:18 wöchentlich jeden Mo, Do, ab dem 12.03.2012
Next Run Time: 07.06.2012 13:18:00
Status: Has not run
Creator: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
----------
Taskname: Adobe Flash Player Updater
File: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
257696 bytes
Created: 01.04.2012 11:50
Modified: 05.05.2012 11:35
Company: Adobe Systems Incorporated
Schedule: Alle 1 Stunde(n) ab 01:35. Dauer: 24 Stunde(n) täglich, ab dem 01.01.2000
Next Run Time: 05.06.2012 10:35:00
Status: Ready
Creator: Adobe Systems Incorporated
Comments: Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern.
----------

************************************************************
10:05:58: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
10:05:58: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.voxacm160
File: vct3216.acm
C:\WINDOWS\system32\vct3216.acm
82944 bytes
Created: 26.10.2008 17:32
Modified: 22.05.2003 01:50
Company: Voxware, Inc.
----------
Value: msacm.alf2cd
File: alf2cd.acm
C:\WINDOWS\system32\alf2cd.acm
38912 bytes
Created: 26.10.2008 17:32
Modified: 22.05.2003 01:50
Company: NCT Company
----------
Value: msacm.ac3acm
File: AC3ACM.acm
C:\WINDOWS\system32\AC3ACM.acm
81920 bytes
Created: 26.10.2008 17:32
Modified: 04.02.2004 23:11
Company: fccHandler
----------
Value: vidc.dvsd
File: mcdvd_32.dll
C:\WINDOWS\system32\mcdvd_32.dll
261632 bytes
Created: 26.10.2008 17:32
Modified: 27.09.2007 16:22
Company: MainConcept
----------
Value: vidc.VP60
File: C:\WINDOWS\system32\vp6vfw.dll
C:\WINDOWS\system32\vp6vfw.dll
-R- 442368 bytes
Created: 14.12.2010 21:30
Modified: 26.02.2005 07:34
Company: On2.com
----------
Value: vidc.VP61
File: C:\WINDOWS\system32\vp6vfw.dll
C:\WINDOWS\system32\vp6vfw.dll - file already scanned
----------

************************************************************
10:06:00: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper entry is blank
----------
Web Desktop Wallpaper entry is blank
----------
DNS Server information:
Interface:
NameServers: 192.168.1.10 192.168.1.130
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
10:06:01: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 25.04.2008 11:45
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
[1 loaded module]
--------------------
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
743264 bytes
Created: 08.09.2011 21:53
Modified: 08.09.2011 21:53
Company: AVG Technologies CZ, s.r.o.
[8 loaded modules in total]
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 25.04.2008 11:45
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
[13 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
513024 bytes
Created: 25.04.2008 11:46
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
[69 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
111104 bytes
Created: 25.04.2008 11:45
Modified: 09.02.2009 13:21
Company: Microsoft Corporation
[25 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 25.04.2008 11:45
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
[56 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 25.04.2008 11:46
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
[47 loaded modules in total]
--------------------
[37 loaded modules in total]
[163 loaded modules in total]
[59 loaded modules in total]
[39 loaded modules in total]
[36 loaded modules in total]
[94 loaded modules in total]
C:\WINDOWS\system32\spoolsv.exe
58880 bytes
Created: 25.04.2008 11:45
Modified: 17.08.2010 15:17
Company: Microsoft Corporation
[60 loaded modules in total]
--------------------
[69 loaded modules in total]
C:\Programme\Java\jre6\bin\jqs.exe
153376 bytes
Created: 04.06.2012 09:07
Modified: 04.06.2012 09:07
Company: Sun Microsystems, Inc.
[75 loaded modules in total]
--------------------
[22 loaded modules in total]
C:\Programme\Dell Support Center\bin\sprtsvc.exe
201968 bytes
Created: 14.08.2008 01:04
Modified: 14.08.2008 01:04
Company: SupportSoft, Inc.
[52 loaded modules in total]
--------------------
[39 loaded modules in total]
C:\WINDOWS\system32\wdfmgr.exe
38912 bytes
Created: 28.01.2005 14:44
Modified: 28.01.2005 02:36
Company: Microsoft Corporation
[13 loaded modules in total]
--------------------
[23 loaded modules in total]
[79 loaded modules in total]
C:\Programme\AVG\AVG2012\avgnsx.exe
1229664 bytes
Created: 28.11.2011 02:19
Modified: 28.11.2011 02:19
Company: AVG Technologies CZ, s.r.o.
[30 loaded modules in total]
--------------------
C:\Programme\AVG\AVG2012\avgemcx.exe
973664 bytes
Created: 10.10.2011 07:23
Modified: 10.10.2011 07:23
Company: AVG Technologies CZ, s.r.o.
[22 loaded modules in total]
--------------------
C:\WINDOWS\system32\wbem\unsecapp.exe
16896 bytes
Created: 25.04.2008 16:57
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
[34 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 25.04.2008 11:45
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
[31 loaded modules in total]
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
227840 bytes
Created: 25.04.2008 16:56
Modified: 06.02.2009 12:10
Company: Microsoft Corporation
[40 loaded modules in total]
--------------------
C:\WINDOWS\system32\wbem\wmiapsrv.exe
126464 bytes
Created: 25.04.2008 16:56
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
[43 loaded modules in total]
--------------------
[112 loaded modules in total]
[29 loaded modules in total]
[55 loaded modules in total]
C:\Programme\DellTPad\ApMsgFwd.exe
50736 bytes
Created: 22.10.2008 11:14
Modified: 21.02.2008 23:24
Company: Alps Electric Co., Ltd.
[12 loaded modules in total]
--------------------
C:\Programme\DellTPad\HidFind.exe
40960 bytes
Created: 22.10.2008 11:14
Modified: 21.02.2008 23:25
Company: Alps Electric Co., Ltd.
[16 loaded modules in total]
--------------------
C:\Programme\DellTPad\Apntex.exe
49152 bytes
Created: 22.10.2008 11:14
Modified: 21.02.2008 23:24
Company: Alps Electric Co., Ltd.
[17 loaded modules in total]
--------------------
[30 loaded modules in total]
[19 loaded modules in total]
[22 loaded modules in total]
[21 loaded modules in total]
[41 loaded modules in total]
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
1191728 bytes
Created: 28.10.2011 20:35
Modified: 14.05.2012 18:12
Company: Lavasoft Limited
[19 loaded modules in total]
--------------------
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
2150400 bytes
Created: 11.01.2007 21:43
Modified: 11.01.2007 21:43
Company: TOSHIBA CORPORATION.
[41 loaded modules in total]
--------------------
C:\Programme\OpenOffice.org 3\program\soffice.exe
11322880 bytes
Created: 17.01.2011 19:50
Modified: 17.01.2011 19:50
Company: OpenOffice.org
[14 loaded modules in total]
--------------------
C:\Programme\OpenOffice.org 3\program\soffice.bin
11314688 bytes
Created: 17.01.2011 19:50
Modified: 17.01.2011 19:50
Company: OpenOffice.org
[79 loaded modules in total]
--------------------
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
278528 bytes
Created: 18.12.2006 16:22
Modified: 18.12.2006 16:22
Company: TOSHIBA CORPORATION.
[21 loaded modules in total]
--------------------
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
69632 bytes
Created: 24.01.2006 00:14
Modified: 24.01.2006 00:14
Company: TOSHIBA CORPORATION.
[10 loaded modules in total]
--------------------
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
270336 bytes
Created: 27.10.2006 21:13
Modified: 27.10.2006 21:13
Company: TOSHIBA CORPORATION.
[27 loaded modules in total]
--------------------
C:\Programme\Outlook Express\msimn.exe
60416 bytes
Created: 25.04.2008 16:58
Modified: 14.04.2008 14:00
Company: Microsoft Corporation
[91 loaded modules in total]
--------------------
C:\Programme\AVG\AVG2012\avgcsrvx.exe
337760 bytes
Created: 15.08.2011 07:21
Modified: 15.08.2011 07:21
Company: AVG Technologies CZ, s.r.o.
[7 loaded modules in total]
--------------------
[7 loaded modules in total]
C:\WINDOWS\system32\wuauclt.exe
53472 bytes
Created: 25.04.2008 16:58
Modified: 06.08.2009 20:24
Company: Microsoft Corporation
[34 loaded modules in total]
--------------------
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Simply Super Software\Trojan Remover\syrE7.exe
FileSize: 4746488
[This is a Trojan Remover component]
[23 loaded modules in total]
--------------------

************************************************************
10:08:08: Checking HOSTS file
No HOSTS file found to check

************************************************************
10:08:08: Scanning ------ %TEMP% DIRECTORY ------
************************************************************
10:08:25: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
************************************************************
10:08:29: Scanning ------ ROOT DIRECTORY ------

************************************************************
10:08:30: ------ Scan for other files to remove ------
No malware-related files found to remove

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
Dell Offizielle Seite | Dell Deutschland
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
Dell Offizielle Seite | Dell Deutschland
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
Dell-Suchseite
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
Personalisierte Startseite
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
Dell-Suchseite
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
Personalisierte Startseite

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 10:08:30 05 Jun 2012
Total Scan time: 00:06:57
-------------------------------------------------------------------------
Trojan Remover needs to restart the system to complete operations
05.06.2012 10:08:38: restart commenced
************************************************************

Bitte erstmal routinemäßig einen neuen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Ok danke erstmal für die schnelle Antwort und ausführliche Beschreibung der Schritte, die ich noch machen muss.
Hier der Log vom Malwarebyte:

Und hier der Eset Online Scan Logbericht:

Freundliche Grüße

Alle Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Bin mir nicht sicher, ob ich das richtig verstehe.

Also ich hab bei Malwarebytes in der Quarantäne 2 mal "Trojan.Banker" und 3 mal "Stolen.Data". Ich dachte, in der Quarantäne soll ich erstmal nichts löschen oder doch?

Von aus der Quarantäne also endültig löschen war auch garnicht die Rede!
Es geht darum, dass man in deinem Malwarebytes Logfile sieht, dass manche Einträge in die Quarantäne verschoben worden und manche nicht!

ok, mein PC ist zur Zeit super langsam (ja einer der Gründe, warum ich hier schreibe) und daher musst ich Malwarebites über 6 Stunden laufen lassen.
Hier der Log, jetzt ist wohl alles Gefundene in Quarantäne. Ich hatte anscheinend letztes mal einige Häkchen vergessen.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Setze oben mittig den Haken bei Scanne alle Benutzer
• Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
• Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

hier ist OTL.txt. Brauchst du auch noch Extras.Txt? (ist auch erschienen)

Ja die Extras.txt wäre auch gut

ok hier noch das extras.txt (zum otl.txt)

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Report vom TDSS-Killer: