Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Firefox öffnet neue Tabs (https://www.trojaner-board.de/79848-firefox-oeffnet-neue-tabs.html)

Dominic28 29.11.2009 12:18
Firefox öffnet neue Tabs
 
Hallo,
seit gestern habe ich das problem, dass sich ab und zu, wenn ich mit firefox im internet bin, irgendwelche seiten in nem neuen tab öffnen.
anfangs dachte ich das wäre popup-werbung oder sowas aber da dies auch auf seiten wie google passiert denke ich eher an nen virus o.ä.

ich habe nun schon den winoptimizer von ashampoo durchlaufen lassen und auch malwarebytes und nod 32 ausgeführt. trotzdem bleibt das problem.

hier mal ein hijackthis-log:

Zitat:
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Steam\steam.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5627 bytes
ich hoffe ihr könnt mir helfen.


edit: achso noch zur info ich nutze windows 7 ultimate 32 bit falls das ne rolle spielt

Larusso 29.11.2009 12:22
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab.

Poste bitte alle Logfiles in Code-Tags.
Klicke antworten --> #
danach [code]text[/code]
So sollte das dann hier aussehen nach dem antworten:
Code:
deine Logfile

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


schritt 1

Windows-Explorer öffnen (Windows-Taste + E) und unter => Extras => Ordneroptionen => im Reiter "Ansicht"
  • Dateien und Ordner: Erweiterungen bei bekannten Dateitypen ausblenden deaktivieren
  • Dateien und Ordner: Geschützte Systemdateien ausblenden (empfohlen) deaktivieren
  • Dateien und Ordner: Inhalte von Systemordnern anzeigen aktivieren (bei Vista nicht vorhanden)
  • Versteckte Dateien und Ordner: alle Dateien und Ordner anzeigen aktivieren


schritt 2

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
drivers32
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
CREATERESTOREPOINT


schritt 3

Rootkit-Suche

Was sind Rootkits?

Einige Scans auf Dateien, Prozesse u2nd Registryeinträge, die vor den meisten anderen Scannern versteckt werden (durch ein sogenanntes Rootkit). Während dieser Scans soll(en):
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Gmer ist geeignet für => NT/W2K/XP/VISTA.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.
  • Füge das Log aus der Zwischenablage in Deine Antwort hier ein.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.


Manche Logs sind ziemlich lange. Bitte in mehrere Posts aufteilen. Danke

Dominic28 29.11.2009 13:17
hallo,
erstmal danke für deine schnelle antwort =)
habe alles wie nach der anleitung gemacht.

hier die OTL.txt
(rest im post danach)

Code:
OTL logfile created on: 29.11.2009 12:37:56 - Run 2
OTL by OldTimer - Version 3.1.11.2    Folder = C:\Users\Dominic\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,75% Memory free
4,00 Gb Paging File | 2,91 Gb Available in Paging File | 72,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 312,06 Gb Free Space | 67,02% Space Free | Partition Type: NTFS
Drive K: | 465,76 Gb Total Space | 404,90 Gb Free Space | 86,93% Space Free | Partition Type: NTFS
 
Computer Name: *Hier-steht-mein-pc-name*
Current User Name: *mein-name*
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2009.11.29 12:27:23 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\******\Downloads\OTL.exe
PRC - [2009.11.29 11:58:52 | 00,040,960 | ---- | M] (Atribune.org) -- C:\Users\******\DOWNLO~1\Look2Me-Destroyer.exe
PRC - [2009.11.12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Programme\iTunes\iTunesHelper.exe
PRC - [2009.11.12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Programme\iPod\bin\iPodService.exe
PRC - [2009.11.12 12:11:45 | 01,217,808 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\steam.exe
PRC - [2009.11.03 04:27:25 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.09.27 17:47:00 | 00,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009.09.27 17:47:00 | 00,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009.08.28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.08.03 06:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.03.30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.02.13 17:02:30 | 06,814,240 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.02.06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.02.06 14:23:12 | 02,021,400 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mDNSResponder.exe
PRC - [2008.10.25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.09.24 14:32:48 | 00,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.07.11 01:27:52 | 40,999,448 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008.07.10 02:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2009.11.29 12:27:23 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\******\Downloads\OTL.exe
MOD - [2009.07.14 02:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 02:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 02:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 02:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 02:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 02:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 02:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 02:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 02:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 02:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 02:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found --  -- (Boonty Games)
SRV - [2009.11.12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009.11.07 00:40:05 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.09.27 17:47:00 | 00,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009.08.28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.07.16 17:04:16 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.07.14 02:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 02:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 02:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 02:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 02:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 02:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 02:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 02:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 02:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 02:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 02:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 02:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 02:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 02:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 02:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 02:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 02:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 02:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.03.30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.06 14:27:06 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.02.06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008.11.04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.09.24 14:32:48 | 00,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.07.11 01:27:52 | 40,999,448 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008.07.11 01:27:52 | 00,369,688 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS)
SRV - [2008.07.11 01:27:48 | 00,047,128 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2008.07.10 02:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.07.10 02:49:34 | 00,258,072 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006.10.26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 69 F6 8B 73 6C CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.28 20:18:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.19 19:05:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.11.06 21:25:58 | 00,000,000 | ---D | M]
 
[2009.11.06 21:14:16 | 00,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\mozilla\Extensions
[2009.11.06 21:14:16 | 00,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\h2m13fph.default\extensions
[2009.11.06 21:13:36 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.11.03 03:14:39 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.11.03 03:14:39 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.11.03 03:14:39 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.11.03 03:14:39 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.11.03 03:14:39 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: (854 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27 - HKLM IFEO\chrome.exe: Debugger - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\opera.exe: Debugger - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\safari.exe: Debugger - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\userinit.exe: Debugger - xvmt.exe ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

Dominic28 29.11.2009 13:18
rest von der OTL.txt

Code:
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009.07.14 03:37:08 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (-4294967296)
 
========== Files/Folders - Created Within 14 Days ==========
 
[2009.11.29 10:54:01 | 00,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2009.11.24 19:01:43 | 00,000,000 | ---D | C] -- C:\Users\******\Desktop\code28
[2009.11.23 16:17:57 | 00,000,000 | ---D | C] -- C:\Programme\Accessdiver
[2009.11.21 21:12:20 | 00,000,000 | ---D | C] -- C:\Fraps
[2009.11.19 20:40:58 | 00,000,000 | ---D | C] -- C:\Users\******\Documents\DVDVideoSoft
[2009.11.19 20:40:52 | 00,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2009.11.19 20:40:52 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2009.11.19 19:06:43 | 00,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Apple Computer
[2009.11.19 19:06:43 | 00,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Apple Computer
[2009.11.19 19:05:52 | 00,000,000 | ---D | C] -- C:\Programme\iPod
[2009.11.19 19:05:51 | 00,000,000 | ---D | C] -- C:\Programme\iTunes
[2009.11.19 19:05:51 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.11.19 19:05:16 | 00,000,000 | ---D | C] -- C:\Programme\Bonjour
[2009.11.19 19:04:45 | 00,000,000 | ---D | C] -- C:\Programme\QuickTime
[2009.11.19 19:04:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009.11.15 13:12:25 | 00,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\ProtectDisc
[2009.11.15 13:10:13 | 00,000,000 | ---D | C] -- C:\Programme\ProtectDisc Driver Installer
[2009.11.15 13:07:19 | 00,000,000 | ---D | C] -- C:\Users\******\Documents\18 WoS Extreme Trucker
[2009.11.15 13:07:08 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2009.11.15 13:05:43 | 00,000,000 | ---D | C] -- C:\Programme\Cobra 11 - Highway Nights Demo
[2009.11.15 13:05:16 | 00,000,000 | ---D | C] -- C:\Programme\18 Wheels of Steel Extreme Trucker
 
========== Files - Modified Within 14 Days ==========
 
[2009.11.29 12:39:07 | 04,980,736 | -HS- | M] () -- C:\Users\******\NTUSER.DAT
[2009.11.29 12:01:00 | 00,000,396 | ---- | M] () -- C:\Windows\tasks\At2.job
[2009.11.29 11:59:18 | 00,000,396 | ---- | M] () -- C:\Windows\tasks\At1.job
[2009.11.29 10:42:40 | 00,712,450 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009.11.29 10:42:40 | 00,675,208 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.11.29 10:42:40 | 00,151,600 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009.11.29 10:42:40 | 00,128,616 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.11.29 10:42:39 | 01,663,872 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.11.29 10:42:16 | 00,016,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009.11.29 10:42:16 | 00,016,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009.11.29 10:37:13 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.11.29 10:37:08 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.11.29 10:36:41 | 16,100,63872 | -HS- | M] () -- C:\hiberfil.sys
[2009.11.29 01:04:37 | 02,444,173 | -H-- | M] () -- C:\Users\******\AppData\Local\IconCache.db
[2009.11.25 14:11:51 | 02,337,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.11.24 19:26:59 | 00,109,216 | ---- | M] () -- C:\Users\******\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.11.23 20:17:56 | 00,027,136 | ---- | M] () -- C:\Users\******\Documents\deutsch.doc
[2009.11.23 20:17:34 | 00,011,112 | ---- | M] () -- C:\Users\******\Documents\deutsch.docx
[2009.11.23 07:40:22 | 00,029,184 | ---- | M] () -- C:\Users\******\Documents\boomtownrats.doc
[2009.11.22 12:17:58 | 00,011,649 | ---- | M] () -- C:\Users\******\Documents\Mein Film.wlmp
[2009.11.21 21:12:20 | 00,000,562 | ---- | M] () -- C:\Users\******\Desktop\Fraps.lnk
[2009.11.20 14:12:18 | 00,001,213 | ---- | M] () -- C:\Users\******\Desktop\DVDVideoSoft Free Studio.lnk
[2009.11.20 14:11:24 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009.11.15 19:00:49 | 13,369,86112 | ---- | M] () -- C:\Users\******\Documents\hammer.avi
[2009.11.15 18:54:04 | 13,060,90496 | ---- | M] () -- C:\Users\******\Documents\blondi.avi
[2009.11.15 18:31:16 | 95,733,4016 | ---- | M] () -- C:\Users\******\Documents\andere.avi
[2009.11.15 18:14:14 | 10,368,68608 | ---- | M] () -- C:\Users\******\Documents\geil.avi
[2009.11.15 18:09:26 | 32,954,5216 | ---- | M] () -- C:\Users\******\Documents\nice.avi
[2009.11.15 13:12:44 | 00,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001199.LCS
[2009.11.15 13:10:31 | 00,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Cobra 11 - Highway Nights Demo spielen.lnk
[2009.11.15 13:07:52 | 00,002,359 | ---- | M] () -- C:\Users\Public\Desktop\18 Wheels of Steel Extreme Trucker.lnk
 
========== Files Created - No Company Name ==========
 
[2009.11.29 12:00:37 | 00,000,396 | ---- | C] () -- C:\Windows\tasks\At2.job
[2009.11.29 11:59:17 | 00,000,396 | ---- | C] () -- C:\Windows\tasks\At1.job
[2009.11.23 20:17:55 | 00,027,136 | ---- | C] () -- C:\Users\******\Documents\deutsch.doc
[2009.11.23 20:17:34 | 00,011,112 | ---- | C] () -- C:\Users\******\Documents\deutsch.docx
[2009.11.22 13:14:30 | 00,029,184 | ---- | C] () -- C:\Users\******\Documents\boomtownrats.doc
[2009.11.22 12:03:52 | 00,011,649 | ---- | C] () -- C:\Users\******\Documents\Mein Film.wlmp
[2009.11.21 21:12:20 | 00,000,562 | ---- | C] () -- C:\Users\******\Desktop\Fraps.lnk
[2009.11.20 14:11:24 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009.11.19 20:40:58 | 00,001,213 | ---- | C] () -- C:\Users\******\Desktop\DVDVideoSoft Free Studio.lnk
[2009.11.15 19:00:54 | 13,369,86112 | ---- | C] () -- C:\Users\******\Documents\hammer.avi
[2009.11.15 18:54:10 | 13,060,90496 | ---- | C] () -- C:\Users\******\Documents\blondi.avi
[2009.11.15 18:31:21 | 95,733,4016 | ---- | C] () -- C:\Users\******\Documents\andere.avi
[2009.11.15 18:14:20 | 10,368,68608 | ---- | C] () -- C:\Users\******\Documents\geil.avi
[2009.11.15 18:09:31 | 32,954,5216 | ---- | C] () -- C:\Users\******\Documents\nice.avi
[2009.11.15 13:12:44 | 00,004,096 | ---- | C] () -- C:\Users\Public\Documents\00001199.LCS
[2009.11.15 13:10:31 | 00,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Cobra 11 - Highway Nights Demo spielen.lnk
[2009.11.15 13:07:52 | 00,002,359 | ---- | C] () -- C:\Users\Public\Desktop\18 Wheels of Steel Extreme Trucker.lnk
[2009.11.07 19:12:43 | 00,000,000 | ---- | C] () -- C:\Users\******\AppData\Roaming\FileOut.cns
[2009.11.07 19:12:43 | 00,000,000 | ---- | C] () -- C:\Users\******\AppData\Roaming\FileIn.cns
[2009.11.07 00:49:41 | 00,000,141 | ---- | C] () -- C:\Users\******\AppData\Roaming\default.rss
[2009.11.07 00:49:30 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.11.06 21:15:43 | 00,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.11.06 21:06:27 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.11.06 21:06:27 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.11.06 20:31:58 | 00,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.11.06 20:21:58 | 00,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.11.06 03:18:24 | 00,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009.07.14 00:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
 
========== LOP Check ==========
 
[2009.11.07 01:01:01 | 00,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Blender Foundation
[2009.11.08 14:19:51 | 00,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Lite
[2009.11.07 01:03:49 | 00,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\FileZilla
[2009.11.08 18:06:02 | 00,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\GrabIt
[2009.11.28 22:28:14 | 00,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ICQ
[2009.11.07 22:56:41 | 00,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Notepad++
[2009.11.15 13:12:25 | 00,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ProtectDisc
[2009.11.29 11:59:18 | 00,000,396 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2009.11.29 12:01:00 | 00,000,396 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2009.07.14 05:53:46 | 00,009,952 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
 
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009.07.14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009.07.14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2009.07.14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
 
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
 
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
 
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
 
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2009.07.14 02:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 02:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009.07.14 02:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
 
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
 
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2009.07.14 02:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
 
< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
< End of report >

Dominic28 29.11.2009 13:20
hier der erste teil der extras.txt

Code:
OTL Extras logfile created on: 29.11.2009 12:27:36 - Run 1
OTL by OldTimer - Version 3.1.11.2    Folder = C:\Users\Dominic\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,42% Memory free
4,00 Gb Paging File | 2,91 Gb Available in Paging File | 72,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 312,21 Gb Free Space | 67,05% Space Free | Partition Type: NTFS
Drive K: | 465,76 Gb Total Space | 404,90 Gb Free Space | 86,93% Space Free | Partition Type: NTFS
 
Computer Name: DOMINIC-PC
Current User Name: *mein-name*
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20bf9172-2840-4638-9a84-c724d673b7ef}" = Nero 9
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{30ED44CB-7314-4C6E-800C-C4BADDE67D8A}" = 18 Wheels of Steel Extreme Trucker
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44DA603D-4C14-A278-2E53-28F2FA301C20}" = Wildlife Park 2 Familien Edition
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5EAF86CC-D797-41D1-B22E-A8A5FB40C103}" = Sun VirtualBox
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express

Dominic28 29.11.2009 13:21
und der 2. teil der extras.txt

Code:
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B07BBB6E-6753-41B0-B4B9-1E9FE4AF5C18}" = Lavasoft Privacy Toolbox
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D2592F05-6715-4454-B37C-088EA1F9E20A}" = ESET NOD32 Antivirus
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"AccessDiver v4.402_is1" = AccessDiver v4.402
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Ashampoo UnInstaller 3_is1" = Ashampoo UnInstaller 3.12
"Ashampoo WinOptimizer 5_is1" = Ashampoo WinOptimizer 5.00
"Blender" = Blender (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.2.8.1
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 4.2
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"HighwayNights Demo" = Cobra 11 - Highway Nights Demo (remove only)
"HijackThis" = HijackThis 2.0.2
"Lavasoft Privacy Toolbox" = Lavasoft Privacy Toolbox
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Extractor_is1" = Universal Extractor 1.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.11.2009 12:43:59 | Computer Name = Dominic-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 14.11.2009 12:21:58 | Computer Name = Dominic-PC | Source = Application Hang | ID = 1002
Description = Programm iw4sp.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ac    Startzeit: 01ca654426ae4d04

Endzeit:
 73    Anwendungspfad: c:\program files\steam\steamapps\common\call of duty modern warfare
 2\iw4sp.exe    Berichts-ID: 
 
Error - 14.11.2009 15:29:24 | Computer Name = Dominic-PC | Source = Application Hang | ID = 1002
Description = Programm iw4sp.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f70    Startzeit:
01ca655daf8b8240    Endzeit: 236    Anwendungspfad: c:\program files\steam\steamapps\common\call
 of duty modern warfare 2\iw4sp.exe    Berichts-ID: 
 
Error - 21.11.2009 15:32:02 | Computer Name = Dominic-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 23.11.2009 11:49:42 | Computer Name = Dominic-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AthenaII.exe, Version: 1.0.0.0, Zeitstempel:
 0x4953b751  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
 0x4a5bdadb  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051ffe  ID des fehlerhaften Prozesses:
 0xecc  Startzeit der fehlerhaften Anwendung: 0x01ca6c5468c152b3  Pfad der fehlerhaften
 Anwendung: C:\Users\******\Desktop\AthenaII\AthenaII.exe  Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: d069c765-d847-11de-ae35-00192147d724
 
Error - 23.11.2009 14:07:43 | Computer Name = Dominic-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cuqi.tmp, Version: 0.0.0.0, Zeitstempel:
 0x4b0aaef3  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0x9ac  Startzeit der fehlerhaften Anwendung: 0x01ca6c67d6e944ad  Pfad der fehlerhaften
 Anwendung: C:\Windows\TEMP\cuqi.tmp  Pfad des fehlerhaften Moduls: unknown  Berichtskennung:
 17c855d9-d85b-11de-ae35-00192147d724
 
Error - 23.11.2009 14:57:30 | Computer Name = Dominic-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ.exe, Version: 7.0.0.1040, Zeitstempel:
 0x4928c007  Name des fehlerhaften Moduls: MKernel.dll, Version: 7.0.0.1040, Zeitstempel:
 0x4928bc68  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000125fb  ID des fehlerhaften Prozesses:
 0x1324  Startzeit der fehlerhaften Anwendung: 0x01ca6c6e78da19cb  Pfad der fehlerhaften
 Anwendung: C:\Program Files\ICQ7_Lite\ICQ Lite\ICQ.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files\ICQ7_Lite\ICQ Lite\MKernel.dll  Berichtskennung: 0ca10a6e-d862-11de-ae35-00192147d724
 
Error - 24.11.2009 14:45:49 | Computer Name = Dominic-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 26.11.2009 02:38:04 | Computer Name = Dominic-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 26.11.2009 10:11:01 | Computer Name = Dominic-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr7.exe, Version: 1.0.0.0, Zeitstempel:
 0x4a9f87c3  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00011746  ID des fehlerhaften Prozesses:
 0xd0c  Startzeit der fehlerhaften Anwendung: 0x01ca6ea2470a3fd4  Pfad der fehlerhaften
 Anwendung: C:\Users\******\msnmsgr7.exe  Pfad des fehlerhaften Moduls: unknown  Berichtskennung:
 8606f740-da95-11de-b5a0-00192147d724
 
[ System Events ]
Error - 21.11.2009 20:00:34 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 22.11.2009 16:19:06 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 23.11.2009 02:46:01 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 23.11.2009 16:31:41 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 24.11.2009 16:32:31 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 25.11.2009 13:35:44 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 26.11.2009 10:09:57 | Computer Name = Dominic-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?11.?2009 um 07:39:31 unerwartet heruntergefahren.
 
Error - 26.11.2009 16:24:38 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 27.11.2009 19:19:58 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 28.11.2009 20:05:13 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
 
< End of report >

Dominic28 29.11.2009 13:23
und das ergebnis von gmer:

Code:
---- System - GMER 1.0.15 ----

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                  81C24AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                  81C24104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                  81C243F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                  81C0CFB4
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                  81C241DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                  81C24958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                  81C246F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                  81C24F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                  81C251A8

---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                                                                            81C768E9 1 Byte  [06]
.text          ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                                                    81C963B2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?              System32\Drivers\spoi.sys                                                                                                                                  Das System kann den angegebenen Pfad nicht finden. !
.text          USBPORT.SYS!DllUnload                                                                                                                                      8FE6ACA0 5 Bytes  JMP 8446C4E0
.reloc          C:\Windows\system32\drivers\acedrv11.sys                                                                                                                  section is executable [0x97E9F300, 0x25D4C, 0xE0000060]
.text          peauth.sys                                                                                                                                                97EF5C9E 27 Bytes  [22, 16, 32, 6F, DC, 1D, 10, ...]
.text          peauth.sys                                                                                                                                                97EF5CC2 27 Bytes  [22, 16, 32, 6F, DC, 1D, 10, ...]
PAGE            peauth.sys                                                                                                                                                97EFBE21 100 Bytes  [9A, 93, D0, AD, 68, 54, 77, ...]
PAGE            peauth.sys                                                                                                                                                97EFC02D 101 Bytes  [64, C8, CE, 9D, 60, AB, 54, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                                                                                        8136D000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                                                                                        8136D123 629 Bytes  [85, 36, 81, FE, 05, 34, 85, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                                                                                        8136D399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                                                                                        8136D3FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 543B                                                                                                                        8136D4AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE            ...                                                                                                                                                       

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1784] kernel32.dll!SetUnhandledExceptionFilter                                                        765B3142 4 Bytes  [C2, 04, 00, 00]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                          [88E3CDDC] \SystemRoot\System32\Drivers\spoi.sys
IAT            \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                            [88E3CE30] \SystemRoot\System32\Drivers\spoi.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT            c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1872] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]    [75DB5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1872] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]      [75DB5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1872] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]      [75DB5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1872] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]    [75DB5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1872] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]    [75DB5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1872] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]    [75DB5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1872] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]    [75DB5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1872] @ C:\Windows\system32\ole32.dll [ntdll.dll!EtwRegisterTraceGuidsW]  [714AB0C6] C:\Windows\AppPatch\AcXtrnal.dll (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                    8511F1F8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                    eamon.sys (Amon monitor/ESET)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                                                      844751F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                                                          8598A500
Device          \Driver\sptd \Device\199426784                                                                                                                            spoi.sys
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                                          8598A500
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                                                          8598A500
Device          \Driver\NetBT \Device\NetBT_Tcpip_{F0ECB400-DB36-4A29-8E9D-DBD7A61FFE74}                                                                                  857E01F8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                                                          8598A500
Device          \Driver\usbehci \Device\USBPDO-4                                                                                                                          85762500
Device          \Driver\USBSTOR \Device\00000070                                                                                                                          858341F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                                                    844751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\PCI_PNP8034 \Device\00000058                                                                                                                      spoi.sys
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                                                    844751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                                                              85821500
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                                                    844751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom1                                                                                                                              85821500
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                                                844771F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                        844771F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                        844771F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                                        844771F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                                        844771F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-4                                                                                                                844771F8
Device          \Driver\USBSTOR \Device\00000073                                                                                                                          858341F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                                                                    844751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom2                                                                                                                              85821500
Device          \Driver\volmgr \Device\HarddiskVolume5                                                                                                                    844751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume6                                                                                                                    844751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume7                                                                                                                    844751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000077                                                                                                                          858341F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                    857E01F8
Device          \Driver\volmgr \Device\HarddiskVolume8                                                                                                                    844751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000078                                                                                                                          858341F8
Device          \Driver\USBSTOR \Device\00000079                                                                                                                          858341F8
Device          \Driver\ACPI_HAL \Device\0000004f                                                                                                                          halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                                                          8598A500
Device          \Driver\USBSTOR \Device\0000007a                                                                                                                          858341F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                                                          8598A500
Device          \Driver\USBSTOR \Device\0000007b                                                                                                                          858341F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                                                          8598A500
Device          \Driver\USBSTOR \Device\0000006f                                                                                                                          858341F8
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                                                          8598A500
Device          \Driver\usbehci \Device\USBFDO-4                                                                                                                          85762500
Device          \Driver\NetBT \Device\NetBT_Tcpip_{510BC375-ADEF-4D20-A6F8-B69A6493B453}                                                                                  857E01F8
Device          \Driver\a92hya0e \Device\Scsi\a92hya0e1Port4Path0Target0Lun0                                                                                              84525500
Device          \Driver\a92hya0e \Device\Scsi\a92hya0e1                                                                                                                    84525500
Device          \Driver\00000745 -> \Driver\atapi \Device\Harddisk0\DR0                                                                                                    851DD170

---- Threads - GMER 1.0.15 ----

Thread          System [4:272]                                                                                                                                            85918930

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                                        771343423
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                                        285507792
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                                        1
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                         
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                        C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                        0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                        0
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                    0x5C 0xC7 0xC8 0xF2 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                 
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                              0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                            0x11 0x6D 0xAC 0xE0 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                           
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                      0x6B 0xC9 0x3C 0x1D ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                     
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                            C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                            0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                            0
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                        0x5C 0xC7 0xC8 0xF2 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                             
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                  0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                0x11 0x6D 0xAC 0xE0 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                       
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                          0x6B 0xC9 0x3C 0x1D ...
Reg            HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId                                                    88
Reg            HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\89                                                                               
Reg            HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\89@CrawlType                                                                      2
Reg            HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\89@InProgress                                                                    1
Reg            HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\89@DoneAddingCrawlSeeds                                                          0
Reg            HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\89@IsCatalogLevel                                                                0
Reg            HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\89@LogStartAddId                                                                  2
Reg            HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\2@CrawlNumberInProgress                                                      89

---- Files - GMER 1.0.15 ----

File            C:\Windows\system32\drivers\atapi.sys                                                                                                                      suspicious modification

---- EOF - GMER 1.0.15 ----

Larusso 29.11.2009 13:26
Kannst Du mir dazu was sagen?

Code:
O1 - Hosts: 127.0.0.1 activate.adobe.com

Dominic28 29.11.2009 13:32
Zitat:
Zitat von Larusso (Beitrag 483808)
Kannst Du mir dazu was sagen?

Code:
O1 - Hosts: 127.0.0.1 activate.adobe.com
ka adobe ist doch von photshop und so oder?
ich hab mir das nicht installiert hab ka von pc sachen...

Larusso 29.11.2009 13:35
Wurde adobe gekauft? Das ist nämlich ein Zeichen das es nicht so ist.

Andere wichtigere Frage. Was spricht gegen ein neu aufsetzen? Sieht nicht gut aus.

Dominic28 29.11.2009 13:37
ich wollte das nur mal haben für grafiken da hat mir das ein freund draufgemacht ka ob der das gekauft hat...

also wenn ich ohne probleme wichtige sachen auf meine externe festplatte machen kann und die später alle noch da sind seh ich da kein problem.
aber was ist denn so schlimm? bisher sind mir nur die öffnenden tabs aufgefallen...

Larusso 29.11.2009 13:40
Anleitung zum Neu aufsetzten
Hier steht WARUM

zaphod66 05.12.2009 09:52
Hallo,

ich habe das gleich Problem. Bei mir lautet die Adresszeile die er versucht zu öffnen www.ƒ8}l[.com.

Das Problem tritt mal mehr, mal weniger auf. Mit dem Firefox von JONDO passiert das nicht.

Wer kann helfen.

Larusso 05.12.2009 12:29
:hallo:

Klick einfach, im entsprechenden Forum auf http://www.trojaner-board.de/images/.../newthread.gif und erstelle ein eigenes Thema :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131