Trojaner-Board - CPU-Auslastung permanent zu hoch

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - CPU-Auslastung permanent zu hoch (https://www.trojaner-board.de/130874-cpu-auslastung-permanent-hoch.html)

CPU-Auslastung permanent zu hoch

Hallo liebes Board,

ich habe folgendes Problem, seit einiger Zeit kann ich mir keine videos etc. mehr im Internet angucken da sie nur am haken sind!

Wenn ich den Taskmanager starte sehe ich das meine Cpu-Auslastung permanent an die 100% geht...nun habe ich aber keine weiteren Programme oder ähnliches im Hintergrund laufen, sondern nur das Internet.

Habe mich im Vorfeld schonmal informiert und es könnte nun gut möglich sein das ich mir einen Trojaner oder ähnliches eingefangen habe.
Avira findet nichts beim suchscan und Avast (was ich vorher hatte) erkannte auch nichts.
Ich hoffe ihr könnt mir weiterhelfen!

zu den wichtigsten Daten (sollte etwas fehlen nur bescheid geben):
-Win7
-Firefox als Browser
-Avira als AntiVir-Programm

Hallo und :hallo:

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

otl-scan:

Code:

OTL Extras logfile created on: 11.02.2013 21:15:15 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Georg\Downloads

 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,21% Memory free

4,00 Gb Paging File | 2,45 Gb Available in Paging File | 61,26% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 189,91 Gb Total Space | 78,43 Gb Free Space | 41,30% Space Free | Partition Type: NTFS

Drive D: | 327,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-65504206-4180296385-2226514737-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{035D7C1E-A5A1-40C8-AAA2-F68F459DF39F}" = lport=57207 | protocol=17 | dir=in | name=pando media booster | 

"{0D9B67B4-A905-432D-9A87-4440488B5466}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{2734ED66-6468-461D-B35A-A4654FD48A44}" = lport=57207 | protocol=6 | dir=in | name=pando media booster | 

"{349CD5D6-EC51-4532-B6B1-22CFE27FE984}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{3665AA15-41D7-4BC1-A4CF-8A3C87DC5AB8}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{3F939087-ADE6-45C4-8EE5-8297EBBB7DDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{45735374-2A5E-4023-B3D0-A99B2A3DF129}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{6B6801ED-4120-4723-BD97-DFF02DD6D0C8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{75CE0198-6CD8-42E8-8DB1-791DCD7C9F30}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{7F935322-EEFE-464E-B6F1-88B2E088146C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{92749F3C-6E68-478B-9954-5D2B800D73D2}" = lport=57207 | protocol=6 | dir=in | name=pando media booster | 

"{AB8BF256-BFF6-4A19-B54D-EC2119EACECC}" = lport=57207 | protocol=17 | dir=in | name=pando media booster | 

"{EB23F873-DBAF-4258-B373-EA76CFB1F1BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{FC153BF0-D2AA-4C3D-9F53-4F727156E701}" = lport=2869 | protocol=6 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{066F8923-EF9B-4C37-B260-9E0FE61B3173}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{1BAA401D-8298-4575-AEF0-B843C8576F2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{2942D4B9-197A-457A-9A47-7A8C247D4801}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{2A7BFB2C-7E01-4D2E-9EFD-54EED3E25704}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{2C0B3E7B-9B77-4094-AB77-C9AEB5620075}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{5BDABA81-518B-4FCF-A8AC-39E765BB5F25}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{5F59C567-8E28-4AD7-8B78-9DAABB1C12ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{763EBB1F-4932-4C68-9D33-E9D3D74D7252}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{7EDE31CA-9B2B-443F-8C59-A74559AB778C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{7FF5188C-3244-4E64-BA78-598AE3A1DCBA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{84428B10-E4E0-47CD-BF57-5FF2ADC3423D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A703BED1-E980-484F-82F9-ACB22C951E50}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{A9C77FBC-A28E-4A69-ACEB-5B402394E002}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{AE413816-1BE0-40CF-B406-67D68169AC6F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{C586AFEC-7C17-4178-9156-25ED1F38EB09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C90E3FCD-E625-4C31-8AD4-13EA3E9445AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{CE4E4DDF-151B-4C94-B953-78272CC37C09}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D7F4AA29-00CD-49CC-A6D0-3BA6B40F0312}" = protocol=6 | dir=out | app=system | 

"{D93E131B-2D21-4CFD-B839-3BBA529AA98D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{DE99C6BB-40F9-4DE4-86B4-2A230EE428EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{F9E86D2C-9BF4-4213-8A42-9819A97FF534}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{FF87DEF6-1962-4B64-A6F0-00AF0D7469C6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"TCP Query User{239ECFAE-777B-4CC8-9386-E9EFC1D3E920}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 

"TCP Query User{34FFBDE5-8780-4FDB-8B3A-66ABA050E12D}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"UDP Query User{056ECC50-D337-49C9-B351-4B159053B245}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 

"UDP Query User{4B57EE4D-E24C-45B4-BB16-0A09F0F9B766}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync

"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3

"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0

"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie

"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0

"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific

"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA

"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"5513-1208-7298-9440" = JDownloader 0.9

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe PageMaker 7.0" = Adobe PageMaker 7.0

"Age of Empires 2.0" = Microsoft Age of Empires II

"Any Video Converter_is1" = Any Video Converter 3.4.0

"Avidemux 2.5" = Avidemux 2.5 (32-bit)

"Avira AntiVir Desktop" = Avira Free Antivirus

"Crossfire Europe" = Crossfire Europe

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50

"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228

"Free Studio_is1" = Free Studio version 5.9.0.1212

"Free YouTube Download_is1" = Free YouTube Download version 3.0.14.908

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908

"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter

"Google Chrome" = Google Chrome

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"PhotoScape" = PhotoScape

"Security Task Manager" = Security Task Manager 1.8d

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.01 (32-Bit)

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 24.01.2013 11:07:24 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire

 europe\Aegis64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 24.01.2013 11:09:41 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot

 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program

 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

Error - 27.01.2013 08:21:32 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire

 europe\Aegis64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 27.01.2013 08:23:57 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot

 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program

 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

Error - 29.01.2013 10:19:59 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire

 europe\Aegis64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 29.01.2013 10:22:42 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot

 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program

 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

Error - 03.02.2013 05:40:49 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire

 europe\Aegis64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 03.02.2013 05:44:02 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot

 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program

 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

Error - 08.02.2013 10:47:04 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire

 europe\Aegis64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 08.02.2013 10:49:30 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot

 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program

 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

[ OSession Events ]

Error - 10.11.2012 11:34:01 | Computer Name = Georg-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 08.02.2013 19:54:51 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Google Update-Dienst (gupdate) erreicht.

 

Error - 08.02.2013 19:54:51 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1053

 

Error - 09.02.2013 07:02:29 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst AntiVirSchedulerService erreicht.

 

Error - 09.02.2013 09:01:02 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Dnscache erreicht.

 

Error - 09.02.2013 11:15:12 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Dnscache erreicht.

 

Error - 09.02.2013 11:15:16 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Google Update-Dienst (gupdate) erreicht.

 

Error - 09.02.2013 11:15:16 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1053

 

Error - 09.02.2013 14:17:56 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Wlansvc erreicht.

 

Error - 10.02.2013 11:29:21 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst ShellHWDetection erreicht.

 

Error - 11.02.2013 14:36:41 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst AntiVirSchedulerService erreicht.

 

 

< End of report >

zweiter logfile ist leider zu groß um ihn so zu posten demnach muss ich leider ne datei uploaden!

Irgendwas ging da schief. Bitte OTL neu machen

otl-log1:

Code:

OTL Extras logfile created on: 12.02.2013 19:29:42 - Run 4

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Georg\Downloads

 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 54,88% Memory free

4,00 Gb Paging File | 2,40 Gb Available in Paging File | 60,01% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 189,91 Gb Total Space | 78,07 Gb Free Space | 41,11% Space Free | Partition Type: NTFS

Drive D: | 327,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-65504206-4180296385-2226514737-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{035D7C1E-A5A1-40C8-AAA2-F68F459DF39F}" = lport=57207 | protocol=17 | dir=in | name=pando media booster | 

"{0D9B67B4-A905-432D-9A87-4440488B5466}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{2734ED66-6468-461D-B35A-A4654FD48A44}" = lport=57207 | protocol=6 | dir=in | name=pando media booster | 

"{349CD5D6-EC51-4532-B6B1-22CFE27FE984}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{3665AA15-41D7-4BC1-A4CF-8A3C87DC5AB8}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{3F939087-ADE6-45C4-8EE5-8297EBBB7DDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{45735374-2A5E-4023-B3D0-A99B2A3DF129}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{6B6801ED-4120-4723-BD97-DFF02DD6D0C8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{75CE0198-6CD8-42E8-8DB1-791DCD7C9F30}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{7F935322-EEFE-464E-B6F1-88B2E088146C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{92749F3C-6E68-478B-9954-5D2B800D73D2}" = lport=57207 | protocol=6 | dir=in | name=pando media booster | 

"{AB8BF256-BFF6-4A19-B54D-EC2119EACECC}" = lport=57207 | protocol=17 | dir=in | name=pando media booster | 

"{EB23F873-DBAF-4258-B373-EA76CFB1F1BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{FC153BF0-D2AA-4C3D-9F53-4F727156E701}" = lport=2869 | protocol=6 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{066F8923-EF9B-4C37-B260-9E0FE61B3173}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{1BAA401D-8298-4575-AEF0-B843C8576F2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{2942D4B9-197A-457A-9A47-7A8C247D4801}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{2A7BFB2C-7E01-4D2E-9EFD-54EED3E25704}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{2C0B3E7B-9B77-4094-AB77-C9AEB5620075}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{5BDABA81-518B-4FCF-A8AC-39E765BB5F25}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{5F59C567-8E28-4AD7-8B78-9DAABB1C12ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{763EBB1F-4932-4C68-9D33-E9D3D74D7252}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{7EDE31CA-9B2B-443F-8C59-A74559AB778C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{7FF5188C-3244-4E64-BA78-598AE3A1DCBA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{84428B10-E4E0-47CD-BF57-5FF2ADC3423D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A703BED1-E980-484F-82F9-ACB22C951E50}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{A9C77FBC-A28E-4A69-ACEB-5B402394E002}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{AE413816-1BE0-40CF-B406-67D68169AC6F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{C586AFEC-7C17-4178-9156-25ED1F38EB09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C90E3FCD-E625-4C31-8AD4-13EA3E9445AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{CE4E4DDF-151B-4C94-B953-78272CC37C09}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D7F4AA29-00CD-49CC-A6D0-3BA6B40F0312}" = protocol=6 | dir=out | app=system | 

"{D93E131B-2D21-4CFD-B839-3BBA529AA98D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{DE99C6BB-40F9-4DE4-86B4-2A230EE428EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{F9E86D2C-9BF4-4213-8A42-9819A97FF534}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{FF87DEF6-1962-4B64-A6F0-00AF0D7469C6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"TCP Query User{239ECFAE-777B-4CC8-9386-E9EFC1D3E920}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 

"TCP Query User{34FFBDE5-8780-4FDB-8B3A-66ABA050E12D}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"UDP Query User{056ECC50-D337-49C9-B351-4B159053B245}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 

"UDP Query User{4B57EE4D-E24C-45B4-BB16-0A09F0F9B766}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync

"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3

"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0

"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie

"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0

"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific

"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA

"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"5513-1208-7298-9440" = JDownloader 0.9

"7-Zip" = 7-Zip 9.20

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe PageMaker 7.0" = Adobe PageMaker 7.0

"Age of Empires 2.0" = Microsoft Age of Empires II

"Any Video Converter_is1" = Any Video Converter 3.4.0

"Avidemux 2.5" = Avidemux 2.5 (32-bit)

"Avira AntiVir Desktop" = Avira Free Antivirus

"Crossfire Europe" = Crossfire Europe

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50

"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228

"Free Studio_is1" = Free Studio version 5.9.0.1212

"Free YouTube Download_is1" = Free YouTube Download version 3.0.14.908

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908

"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter

"Google Chrome" = Google Chrome

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"PhotoScape" = PhotoScape

"Security Task Manager" = Security Task Manager 1.8d

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.01 (32-Bit)

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 24.01.2013 11:07:24 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire

 europe\Aegis64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 24.01.2013 11:09:41 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot

 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program

 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

Error - 27.01.2013 08:21:32 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire

 europe\Aegis64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 27.01.2013 08:23:57 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot

 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program

 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

Error - 29.01.2013 10:19:59 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire

 europe\Aegis64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 29.01.2013 10:22:42 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot

 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program

 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

Error - 03.02.2013 05:40:49 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire

 europe\Aegis64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 03.02.2013 05:44:02 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot

 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program

 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

Error - 08.02.2013 10:47:04 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire

 europe\Aegis64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 08.02.2013 10:49:30 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot

 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program

 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

[ OSession Events ]

Error - 10.11.2012 11:34:01 | Computer Name = Georg-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 09.02.2013 07:02:29 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst AntiVirSchedulerService erreicht.

 

Error - 09.02.2013 09:01:02 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Dnscache erreicht.

 

Error - 09.02.2013 11:15:12 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Dnscache erreicht.

 

Error - 09.02.2013 11:15:16 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Google Update-Dienst (gupdate) erreicht.

 

Error - 09.02.2013 11:15:16 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1053

 

Error - 09.02.2013 14:17:56 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Wlansvc erreicht.

 

Error - 10.02.2013 11:29:21 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst ShellHWDetection erreicht.

 

Error - 11.02.2013 14:36:41 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst AntiVirSchedulerService erreicht.

 

Error - 12.02.2013 14:19:18 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst AntiVirSchedulerService erreicht.

 

Error - 12.02.2013 14:19:49 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Dnscache erreicht.

 

 

< End of report >

So.. Scan nochmal durchgeführt...erste Log im code der zweite ist zu groß zum posten, erneut als Anhang.

Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Code:

Malwarebytes Anti-Rootkit BETA 1.01.0.1020

www.malwarebytes.org
 

Database version: v2013.02.13.07
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Georg :: GEORG-PC [administrator]
 

13.02.2013 19:51:11

mbar-log-2013-02-13 (19-51-11).txt
 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 26304

Time elapsed: 12 minute(s), 41 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

(end)

GMER:

Code:

GMER 2.0.18454 - hxxp://www.gmer.net

Rootkit scan 2013-02-14 20:21:57

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5 Maxtor_6B200M0 rev.BANC1B70 189,92GB

Running: gmer_2.0.18454.exe; Driver: C:\Users\Georg\AppData\Local\Temp\fgloqpob.sys
 
 

---- System - GMER 2.0 ----
 

SSDT   8E516846                                                                                                                                   ZwCreateSection

SSDT   8E516850                                                                                                                                   ZwRequestWaitReplyPort

SSDT   8E51684B                                                                                                                                   ZwSetContextThread

SSDT   8E516855                                                                                                                                   ZwSetSecurityObject

SSDT   8E51685A                                                                                                                                   ZwSystemDebugControl

SSDT   8E5167E7                                                                                                                                   ZwTerminateProcess
 

---- Kernel code sections - GMER 2.0 ----
 

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                   82A3F9E9 1 Byte  [06]

.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                     82A791C2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                        82A8030C 4 Bytes  [46, 68, 51, 8E]

.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                        82A80668 4 Bytes  [50, 68, 51, 8E]

.text  ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                        82A806AC 4 Bytes  [4B, 68, 51, 8E]

.text  ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                                        82A80728 4 Bytes  [55, 68, 51, 8E]

.text  ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                                        82A8077C 4 Bytes  [5A, 68, 51, 8E]

.text  ...                                                                                                                                        

?      System32\Drivers\spwj.sys                                                                                                                  Das System kann den angegebenen Pfad nicht finden. !

PAGE   ataport.SYS!DllUnload + 1                                                                                                                  88CEDAD7 4 Bytes  JMP 84A731D9 

.text  USBPORT.SYS!DllUnload                                                                                                                      8D843DB9 5 Bytes  JMP 85C341D8 

.text  ae980za4.SYS                                                                                                                               8FD7A000 12 Bytes  [44, 98, E1, 82, EE, 96, E1, ...]

.text  ae980za4.SYS                                                                                                                               8FD7A00D 9 Bytes  [77, E1, 82, 48, 9B, E1, 82, ...] {JA 0xffffffe3; OR BYTE [EAX-0x65], 0xe1; ADD BYTE [EAX], 0x0}

.text  ae980za4.SYS                                                                                                                               8FD7A017 170 Bytes  [00, DE, C7, B1, 88, E6, C5, ...]

.text  ae980za4.SYS                                                                                                                               8FD7A0C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}

.text  ae980za4.SYS                                                                                                                               8FD7A0CE 4 Bytes  [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}

.text  ...                                                                                                                                        

.text  ad1ydun9.SYS                                                                                                                               8FDB1000 12 Bytes  [44, 98, E1, 82, EE, 96, E1, ...]

.text  ad1ydun9.SYS                                                                                                                               8FDB100D 9 Bytes  [77, E1, 82, 48, 9B, E1, 82, ...] {JA 0xffffffe3; OR BYTE [EAX-0x65], 0xe1; ADD BYTE [EAX], 0x0}

.text  ad1ydun9.SYS                                                                                                                               8FDB1017 170 Bytes  [00, DE, C7, B1, 88, E6, C5, ...]

.text  ad1ydun9.SYS                                                                                                                               8FDB10C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}

.text  ad1ydun9.SYS                                                                                                                               8FDB10CE 4 Bytes  [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}

.text  ...                                                                                                                                        
 

---- User code sections - GMER 2.0 ----
 

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtCreateFile + 6                                                     774A55CE 4 Bytes  [28, 90, D9, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtCreateFile + B                                                     774A55D3 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtMapViewOfSection + 6                                               774A5C2E 4 Bytes  [28, 93, D9, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtMapViewOfSection + B                                               774A5C33 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenFile + 6                                                       774A5CDE 4 Bytes  [68, 90, D9, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenFile + B                                                       774A5CE3 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcess + 6                                                    774A5D8E 4 Bytes  [A8, 91, D9, 00] {TEST AL, 0x91; FLD DWORD [EAX]}

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcess + B                                                    774A5D93 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcessToken + B                                               774A5DA3 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcessTokenEx + 6                                             774A5DAE 4 Bytes  [A8, 92, D9, 00] {TEST AL, 0x92; FLD DWORD [EAX]}

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcessTokenEx + B                                             774A5DB3 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThread + 6                                                     774A5E0E 4 Bytes  [68, 91, D9, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThread + B                                                     774A5E13 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThreadToken + 6                                                774A5E1E 4 Bytes  [68, 92, D9, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThreadToken + B                                                774A5E23 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThreadTokenEx + B                                              774A5E33 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtQueryAttributesFile + 6                                            774A5F3E 4 Bytes  [A8, 90, D9, 00] {TEST AL, 0x90; FLD DWORD [EAX]}

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtQueryAttributesFile + B                                            774A5F43 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtQueryFullAttributesFile + B                                        774A5FF3 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtSetInformationFile + 6                                             774A663E 4 Bytes  [28, 91, D9, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtSetInformationFile + B                                             774A6643 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtSetInformationThread + 6                                           774A669E 4 Bytes  [28, 92, D9, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtSetInformationThread + B                                           774A66A3 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtUnmapViewOfSection + 6                                             774A69BE 4 Bytes  [68, 93, D9, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtUnmapViewOfSection + B                                             774A69C3 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtCreateFile + 6                                                     774A55CE 4 Bytes  [28, 58, 0F, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtCreateFile + B                                                     774A55D3 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtMapViewOfSection + 6                                               774A5C2E 4 Bytes  [28, 5B, 0F, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtMapViewOfSection + B                                               774A5C33 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenFile + 6                                                       774A5CDE 4 Bytes  [68, 58, 0F, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenFile + B                                                       774A5CE3 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenProcess + 6                                                    774A5D8E 4 Bytes  [A8, 59, 0F, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenProcess + B                                                    774A5D93 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenProcessToken + 6                                               774A5D9E 4 Bytes  CALL 764A6CFC C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenProcessToken + B                                               774A5DA3 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenProcessTokenEx + 6                                             774A5DAE 4 Bytes  [A8, 5A, 0F, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenProcessTokenEx + B                                             774A5DB3 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenThread + 6                                                     774A5E0E 4 Bytes  [68, 59, 0F, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenThread + B                                                     774A5E13 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenThreadToken + 6                                                774A5E1E 4 Bytes  [68, 5A, 0F, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenThreadToken + B                                                774A5E23 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenThreadTokenEx + 6                                              774A5E2E 4 Bytes  CALL 764A6D8D C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenThreadTokenEx + B                                              774A5E33 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtQueryAttributesFile + 6                                            774A5F3E 4 Bytes  [A8, 58, 0F, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtQueryAttributesFile + B                                            774A5F43 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtQueryFullAttributesFile + 6                                        774A5FEE 4 Bytes  CALL 764A6F4B C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtQueryFullAttributesFile + B                                        774A5FF3 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtSetInformationFile + 6                                             774A663E 4 Bytes  [28, 59, 0F, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtSetInformationFile + B                                             774A6643 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtSetInformationThread + 6                                           774A669E 4 Bytes  [28, 5A, 0F, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtSetInformationThread + B                                           774A66A3 1 Byte  [E2]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtUnmapViewOfSection + 6                                             774A69BE 4 Bytes  [68, 5B, 0F, 00]

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtUnmapViewOfSection + B                                             774A69C3 1 Byte  [E2]
 

---- Kernel IAT/EAT - GMER 2.0 ----
 

IAT    \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                                   [88A20042] \SystemRoot\System32\Drivers\spwj.sys

IAT    \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                                  [88A206D6] \SystemRoot\System32\Drivers\spwj.sys

IAT    \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                           [88A20800] \SystemRoot\System32\Drivers\spwj.sys

IAT    \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                            [88A2013E] \SystemRoot\System32\Drivers\spwj.sys

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortNotification]                                                                 000003E3

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortQuerySystemTime]                                                              8B24568B

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortReadPortUchar]                                                                50522046

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortStallExecution]                                                               FFED23E8

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortWritePortUchar]                                                               08C483FF

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortWritePortUlong]                                                               0874FF85

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                                           FF53006A

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                                                08C483D7

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                                         81107D8B

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortGetParentBusType]                                                             0003E5FF

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortRequestCallback]                                                              0F840F00

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                                        81000001

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                                         0003E3FF

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortCompleteRequest]                                                              EC840F00

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortCopyMemory]                                                                   8B000000

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortEtwTraceLog]                                                                  0001F88E

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                                    FC8E0B00

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                                       0F000001

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                                         0000DA84

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                                         ECF2E800

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortInitialize]                                                                   [8E8BFFFF] \SystemRoot\system32\drivers\RTKVAC.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.)

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortGetDeviceBase]                                                                000001F8

IAT    \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortDeviceStateChange]                                                            01E08E01

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortNotification]                                                                 00147880

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortQuerySystemTime]                                                              78800C75

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortReadPortUchar]                                                                06750015

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortStallExecution]                                                               C25DC033

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortWritePortUchar]                                                               458B0008

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortWritePortUlong]                                                               6A006A08

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                                           50056A24

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                                                005AB7E8

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                                         0001B800

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortGetParentBusType]                                                             C25D0000

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortRequestCallback]                                                              CCCC0008

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                                        CCCCCCCC

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                                         CCCCCCCC

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortCompleteRequest]                                                              CCCCCCCC

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortCopyMemory]                                                                   53EC8B55

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortEtwTraceLog]                                                                  800C5D8B

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                                    7500117B

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                                       127B806A

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                                         80647500

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                                         7500137B

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortInitialize]                                                                   157B805E

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortGetDeviceBase]                                                                56587500

IAT    \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortDeviceStateChange]                                                            8008758B
 

---- User IAT/EAT - GMER 2.0 ----
 

IAT    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [754FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [754FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [754FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [754FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2316] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]   [754FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2316] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]   [754FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2316] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress]   [754FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
 

---- Registry - GMER 2.0 ----
 

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                         771343423

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                         285507792

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                         2

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                           

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                        C:\Program Files\Alcohol Soft\Alcohol 120\

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                        1

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                     0xA0 0xC4 0x1E 0xCA ...

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                  

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                               0x20 0x01 0x00 0x00 ...

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                            0x31 0x10 0x99 0x4C ...

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                                           

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                     0xF5 0xEA 0x7D 0x19 ...

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                           

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                        C:\Program Files\DAEMON Tools Lite\

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                        0x00 0x00 0x00 0x00 ...

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                        0

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                     0xA2 0x1F 0xDA 0x94 ...

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                  

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                               0x20 0x01 0x00 0x00 ...

Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                       

Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                            C:\Program Files\Alcohol Soft\Alcohol 120\

Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                            1

Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                         0xA0 0xC4 0x1E 0xCA ...

Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                              

Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                   0x20 0x01 0x00 0x00 ...

Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                0x31 0x10 0x99 0x4C ...

Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)                       

Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                         0xF5 0xEA 0x7D 0x19 ...

Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                       

Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                            C:\Program Files\DAEMON Tools Lite\

Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                            0x00 0x00 0x00 0x00 ...

Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                            0

Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                         0x53 0xF9 0xFB 0xC8 ...

Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                              

Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                   0x20 0x01 0x00 0x00 ...
 

---- EOF - GMER 2.0 ----

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.