Trojaner-Board - Windows Dienste funktionieren nicht, keine Internetverbindung möglich

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Windows Dienste funktionieren nicht, keine Internetverbindung möglich (https://www.trojaner-board.de/91264-windows-dienste-funktionieren-keine-internetverbindung-moeglich.html)

Windows Dienste funktionieren nicht, keine Internetverbindung möglich

Guten Abend,

ich möchte um Rat für die Lösung folgender Probleme bitten, die seit heute Morgen auf meinem Desktop bestehen:

-das System bootet extrem langsam
-eine Internetverbindung lässt sich nicht herstellen
-viele Windowsdienste können nicht gestartet werden, z.b. Netzwerk- und Freigabecenter, Windows Firewall, Windows Update, etc.
-keine Systemwiederherstellung möglich

Folgende Maßnahmen habe ich bisher durchgeführt:

-Vollständiger Systemscan mit Avira Antivir Personal: kein Fund!
-cmd.exe mit sfc /scannow: keine Integritätsverletzung gefunden!
-highjackthis, otl und gmer durchlaufen lassen, logs folgen.
-Systemwiederherstellung mit verschiedenen Wiederherstellungspunkten fehlgeschlagen.

Für Hilfe und Anleitungen zur Problemlösung wäre ich sehr dankbar.
Mit freundlichen Grüßen

Code:

OTL logfile created on: 28.09.2010 23:24:05 - Run 1

OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\***\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 688,54 Gb Total Space | 543,48 Gb Free Space | 78,93% Space Free | Partition Type: NTFS

Drive D: | 10,10 Gb Total Space | 1,38 Gb Free Space | 13,65% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ***

Current User Name: ***

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)

PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\System32\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation)

SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (PcdrNdisuio) -- C:\Windows\System32\DRIVERS\pcdrndisuio.sys File not found

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found

DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)

DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (acedrv11) -- C:\WINDOWS\System32\drivers\acedrv11.sys (Protect Software GmbH)

DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)

DRV - (igfx) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (netr73) -- C:\WINDOWS\System32\drivers\netr73.sys (Ralink Technology, Corp.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (HCW85BDA) -- C:\WINDOWS\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)

DRV - (RtNdPt60) -- C:\WINDOWS\System32\drivers\RtNdPt60.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (PDNMp50) -- C:\WINDOWS\System32\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (PDNSp50) -- C:\WINDOWS\System32\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (w810bus) Sony Ericsson W810 Driver driver (WDM) -- C:\WINDOWS\System32\drivers\w810bus.sys (MCCI)

DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.update: false

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.05.26 22:22:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 15:11:58 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 15:11:58 | 000,000,000 | ---D | M]

 

[2009.11.05 18:49:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2010.09.27 19:19:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1ajscmj5.default\extensions

[2010.05.07 15:14:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1ajscmj5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.05.07 15:14:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1ajscmj5.default\extensions\firebug@software.joehewitt.com

[2010.08.30 11:33:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010.05.05 20:54:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.08.30 11:33:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll

[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPPDLicenseHelper.dll

[2010.03.17 17:43:27 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.03.17 17:43:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.03.17 17:43:27 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.03.17 17:43:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.03.17 17:43:27 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found

O13 - gopher Prefix: missing

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Peggle/Images/stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} hxxp://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab (EPUImageControl Class)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Peggle/Images/armhelper.ocx (ArmHelper Control)

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://www.popcap.com/webgames/popcaploader_v10_de.cab (PopCapLoader Object)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007.12.12 22:03:52 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\Shell - "" = AutoRun

O33 - MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.09.28 23:07:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe

[2010.09.28 23:07:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2010.09.26 09:40:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ScreeNet iSaver

[2010.09.26 09:40:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ScreeNet iSaver

[2010.09.15 19:22:33 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Bewerbungen

[2010.09.15 14:18:59 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL

[2010.09.15 10:49:38 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ARBEITSPLATZ

[2010.09.10 09:46:00 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\button

[2010.09.09 11:54:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\german

[2010.09.01 13:45:35 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\alice

[2010.08.31 19:09:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Nikon

[2010.08.31 19:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Applause and Laugher

[2010.08.31 19:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Ambience

[2010.08.31 19:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\vhosts

[2010.08.30 11:33:54 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010.08.30 11:33:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010.08.30 11:33:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2009.01.16 19:58:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.09.28 23:08:19 | 003,145,728 | ---- | M] () -- C:\Users\***\ntuser.dat

[2010.09.28 23:00:23 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010.09.28 23:00:22 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010.09.28 23:00:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.09.28 23:00:17 | 3218,350,080 | -HS- | M] () -- C:\hiberfil.sys

[2010.09.28 22:59:26 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{43f5bba8-01e0-11df-81a8-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010.09.28 22:59:26 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{43f5bba8-01e0-11df-81a8-806e6f6e6963}.TM.blf

[2010.09.28 22:59:22 | 003,195,306 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db

[2010.09.28 16:27:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2010.09.28 12:21:20 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe

[2010.09.27 22:37:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.09.27 10:00:30 | 000,010,498 | ---- | M] () -- C:\Users\***\Documents\aachener_briefdl.docx

[2010.09.27 09:58:39 | 000,011,138 | ---- | M] () -- C:\Users\***\Documents\aachener_kabelanschluss.docx

[2010.09.26 18:05:36 | 000,014,848 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.09.25 14:28:56 | 005,621,767 | ---- | M] () -- C:\Users\***\Documents\reference-brochure-2010.pdf

[2010.09.22 14:02:03 | 000,010,394 | ---- | M] () -- C:\Users\***\Documents\jobcenter_briefdl.docx

[2010.09.17 09:26:10 | 000,011,136 | ---- | M] () -- C:\Users\***\Documents\betriebskosten2.docx

[2010.09.16 16:55:23 | 000,670,286 | ---- | M] () -- C:\Users\***\Desktop\auszug.jpg

[2010.09.16 16:00:36 | 000,016,765 | ---- | M] () -- C:\Users\***\Documents\anwalt_ebay.docx

[2010.09.16 07:48:30 | 000,658,433 | ---- | M] () -- C:\Users\***\Desktop\Scannen0001.jpg

[2010.09.15 23:09:40 | 000,016,748 | ---- | M] () -- C:\Users\***\Documents\anwalt_ebay2.docx

[2010.09.15 17:18:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdy.DAT

[2010.09.15 16:48:25 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT

[2010.09.15 16:48:25 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Roaming\Sports

[2010.09.15 16:48:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\Speech Enhancer

[2010.09.15 16:48:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\Smooth Strings

[2010.09.14 18:34:37 | 000,001,802 | ---- | M] () -- C:\Users\***\AppData\Roaming\wklnhst.dat

[2010.09.13 07:48:08 | 001,230,477 | ---- | M] () -- C:\Users\***\Desktop\Bewerbungsfoto.JPG

[2010.09.13 06:57:38 | 000,011,668 | ---- | M] () -- C:\Users\***\Documents\bewerbungen.docx

[2010.09.12 19:26:28 | 000,001,456 | ---- | M] () -- C:\Users\***\AppData\Local\Adobe Für Web speichern 12.0 Prefs

[2010.09.12 15:34:50 | 000,415,767 | ---- | M] () -- C:\Users\***\Documents\lebenslauf.pdf

[2010.09.09 17:17:35 | 000,000,111 | ---- | M] () -- C:\Windows\telephon.ini

[2010.09.06 15:19:47 | 000,010,332 | ---- | M] () -- C:\Users\***\Documents\jobcenter_briefc6.docx

[2010.09.06 15:02:25 | 000,011,054 | ---- | M] () -- C:\Users\***\Documents\betriebskosten.docx

[2010.08.31 19:09:41 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT

[2010.08.31 19:08:25 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\ViewNX 2.lnk

[2010.08.31 19:08:13 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Super Strings

[2010.08.31 19:08:13 | 000,000,268 | RH-- | M] () -- C:\Users\***\AppData\Roaming\String Comparison

[2010.08.31 19:08:13 | 000,000,268 | RH-- | M] () -- C:\Users\***\AppData\Roaming\Stingers

[2010.08.31 19:08:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT

[2010.08.31 19:08:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT

[2010.08.31 19:08:12 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Strings

[2010.08.31 19:08:12 | 000,000,268 | RH-- | M] () -- C:\Users\***\AppData\Roaming\StatusSheet

[2010.08.31 10:43:08 | 000,011,611 | ---- | M] () -- C:\Users\***\Documents\Barbara Ullman1.docx  jobcenter.docx

[2010.08.30 16:44:15 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.09.27 09:59:09 | 000,010,498 | ---- | C] () -- C:\Users\***\Documents\aachener_briefdl.docx

[2010.09.27 09:58:38 | 000,011,138 | ---- | C] () -- C:\Users\***\Documents\aachener_kabelanschluss.docx

[2010.09.25 14:28:56 | 005,621,767 | ---- | C] () -- C:\Users\***\Documents\reference-brochure-2010.pdf

[2010.09.22 14:02:02 | 000,010,394 | ---- | C] () -- C:\Users\***\Documents\jobcenter_briefdl.docx

[2010.09.17 09:18:42 | 000,011,136 | ---- | C] () -- C:\Users\***\Documents\betriebskosten2.docx

[2010.09.16 16:50:56 | 000,670,286 | ---- | C] () -- C:\Users\***\Desktop\auszug.jpg

[2010.09.15 19:27:22 | 000,016,748 | ---- | C] () -- C:\Users\***\Documents\anwalt_ebay2.docx

[2010.09.15 16:48:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\Speech Enhancer

[2010.09.15 16:48:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\Smooth Strings

[2010.09.13 07:46:51 | 001,230,477 | ---- | C] () -- C:\Users\***\Desktop\Bewerbungsfoto.JPG

[2010.09.13 06:57:37 | 000,011,668 | ---- | C] () -- C:\Users\***\Documents\bewerbungen.docx

[2010.09.12 21:55:09 | 000,658,433 | ---- | C] () -- C:\Users\***\Desktop\Scannen0001.jpg

[2010.09.12 15:34:50 | 000,415,767 | ---- | C] () -- C:\Users\***\Documents\lebenslauf.pdf

[2010.09.11 20:26:20 | 000,016,765 | ---- | C] () -- C:\Users\***\Documents\anwalt_ebay.docx

[2010.09.09 17:17:35 | 000,000,111 | ---- | C] () -- C:\Windows\telephon.ini

[2010.09.09 13:31:05 | 000,001,456 | ---- | C] () -- C:\Users\***\AppData\Local\Adobe Für Web speichern 12.0 Prefs

[2010.09.06 15:19:47 | 000,010,332 | ---- | C] () -- C:\Users\***\Documents\jobcenter_briefc6.docx

[2010.09.06 14:58:38 | 000,011,054 | ---- | C] () -- C:\Users\***\Documents\betriebskosten.docx

[2010.08.31 19:08:25 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\ViewNX 2.lnk

[2010.08.31 19:08:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Super Strings

[2010.08.31 19:08:13 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\String Comparison

[2010.08.31 19:08:13 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Stingers

[2010.08.31 19:08:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT

[2010.08.31 19:08:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT

[2010.08.31 19:08:12 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Strings

[2010.08.31 19:08:12 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\StatusSheet

[2010.08.31 19:08:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT

[2010.08.31 10:37:01 | 000,011,611 | ---- | C] () -- C:\Users\***\Documents\Barbara Ullman1.docx  jobcenter.docx

[2010.08.03 11:33:03 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Stingers

[2010.08.03 11:33:03 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Standard Tool

[2010.08.03 11:31:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT

[2010.07.15 17:53:23 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT

[2010.07.15 17:53:23 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\Sports

[2010.07.15 17:51:37 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Standard Tool

[2010.07.15 17:51:37 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Specifications

[2010.07.15 17:51:37 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT

[2010.05.31 22:09:07 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND

[2009.06.03 18:29:18 | 000,000,046 | ---- | C] () -- C:\Windows\PCCT.INI

[2009.06.03 18:13:05 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

[2009.06.03 18:12:37 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2009.05.27 18:01:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.05.14 18:19:42 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{da73ac2f-4095-11de-b27d-bf7f517b369e}.TMContainer00000000000000000002.regtrans-ms

[2009.05.14 18:19:42 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{da73ac2f-4095-11de-b27d-bf7f517b369e}.TMContainer00000000000000000001.regtrans-ms

[2009.05.14 18:19:42 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat

[2009.05.14 18:19:42 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{da73ac2f-4095-11de-b27d-bf7f517b369e}.TM.blf

[2009.05.14 18:19:42 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1

[2009.05.14 18:19:42 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2

[2009.01.16 19:59:31 | 000,000,033 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.log

[2009.01.16 19:58:41 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe

[2009.01.16 19:58:41 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat

[2009.01.16 19:58:41 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf

[2008.10.02 13:09:05 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll

[2008.06.28 13:25:24 | 000,014,848 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.05.28 20:33:48 | 000,001,802 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat

[2008.05.09 09:32:50 | 001,869,020 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL

[2008.05.08 20:42:41 | 000,002,032 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat

[2008.03.25 17:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll

[2008.03.04 18:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll

[2007.12.12 21:57:56 | 000,002,963 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2007.12.12 21:54:34 | 000,003,758 | ---- | C] () -- C:\Windows\HCWPNP.INI

[2007.12.12 21:54:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll

[2007.12.12 21:42:25 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll

[2007.12.12 21:42:25 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll

[2007.10.31 09:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll

[2007.05.17 13:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

 
 ========== LOP Check ==========

 

[2010.07.01 15:33:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010.09.24 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla

[2009.06.03 18:14:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX

[2009.04.13 12:22:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON

[2010.07.15 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon

[2009.10.18 11:21:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2009.06.03 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc

[2010.01.19 19:18:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan

[2010.09.26 09:40:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScreeNet iSaver

[2008.05.28 22:04:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SpinTop

[2010.05.26 22:49:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2009.03.24 21:27:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer

[2008.06.27 17:32:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teleca

[2008.05.28 20:34:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template

[2009.06.02 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thies Gerken

[2009.03.24 21:07:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software

[2010.07.31 16:04:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso

[2008.05.08 20:19:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch

[2010.09.27 22:37:16 | 000,032,534 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B8AF0F0F

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B623B5B8

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E35A81F4

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D2C51E3D

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1AE68282

< End of report >

Code:

OTL Extras logfile created on: 28.09.2010 23:24:05 - Run 1

OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\***\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 688,54 Gb Total Space | 543,48 Gb Free Space | 78,93% Space Free | Partition Type: NTFS

Drive D: | 10,10 Gb Total Space | 1,38 Gb Free Space | 13,65% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ***

Current User Name: ***

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1847F71B-2FAE-4FA4-A9EA-402D785F118C}" = lport=139 | protocol=6 | dir=in | app=system | 

"{209ED1EA-0DD5-458F-B625-29201437CE6D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{30C59CD1-F4DA-4E73-80B3-ED7E2E01CAAA}" = lport=445 | protocol=6 | dir=in | app=system | 

"{3D8D576E-8758-41A0-8075-56F0447E0041}" = lport=138 | protocol=17 | dir=in | app=system | 

"{437F064F-55AE-4543-9DB0-3975E5B0F77A}" = rport=137 | protocol=17 | dir=out | app=system | 

"{4A4A2B59-3A7F-4831-895F-769F42048831}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 

"{57183347-21B1-49DF-BA54-8DA509C21606}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{70D704E5-A243-41A1-B092-CECA0B69C1E3}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface | 

"{75FDF4DC-C985-4C49-83A7-23F76FFAA1FF}" = rport=138 | protocol=17 | dir=out | app=system | 

"{9417C674-250C-4967-BCAF-F55EAA9BA8AF}" = rport=445 | protocol=6 | dir=out | app=system | 

"{CE522DAC-0132-42EE-A728-44A39CA88840}" = lport=137 | protocol=17 | dir=in | app=system | 

"{DB994D2F-5A32-4B54-8547-A21F66FB2D1E}" = rport=139 | protocol=6 | dir=out | app=system | 

"{E02479E2-D8A7-4326-BE2B-25B7EB70DF1D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1AC8A79A-98DC-41DE-9FA9-43B4F87A2587}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{229B094F-9640-4758-B638-995FC1268B37}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 

"{2CB2AF92-330E-4080-B3D4-59B695F53FB3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{5C381146-2D0C-4159-9A94-7DB34B872FBD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{7091A608-9F5F-464B-8495-5DF58EE15F79}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{A4AAAC66-B600-4908-A69D-80A2B8C15F41}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{B3E9C747-5864-462B-ACCE-73308A195ACA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{B421620D-3E2D-4D40-A4B5-0243942BA896}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{E7303157-170E-4F15-9FA3-6B428E5BD533}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"TCP Query User{1FF98999-3102-45EA-9000-F1B543E06DA1}C:\program files\spectracal\pattern generator\patgen.exe" = protocol=6 | dir=in | app=c:\program files\spectracal\pattern generator\patgen.exe | 

"TCP Query User{518B6B35-B335-45FD-96BC-C2B3D426FD65}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe | 

"TCP Query User{AC35CBA3-2129-466B-8A0F-6B2CB9B0CD5F}C:\program files\spectracal\pattern generator\patgen.exe" = protocol=6 | dir=in | app=c:\program files\spectracal\pattern generator\patgen.exe | 

"UDP Query User{0CEA07D4-498B-4094-9148-10ED5FC113BB}C:\program files\spectracal\pattern generator\patgen.exe" = protocol=17 | dir=in | app=c:\program files\spectracal\pattern generator\patgen.exe | 

"UDP Query User{D4A09DE1-D33D-4782-A20A-0F74710C3F6D}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe | 

"UDP Query User{D4B50DB5-E490-491A-8DD2-4728D80C0046}C:\program files\spectracal\pattern generator\patgen.exe" = protocol=17 | dir=in | app=c:\program files\spectracal\pattern generator\patgen.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule

"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{3581a349-e9e0-474b-92c4-5d887eb9d5f4}" = DJ_SF_03_D2500_Software

"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4a1789a1-33fd-427e-9027-dec4d7fe8fa5}" = D2500

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In

"{5680dfaf-b87b-455b-a0b1-0c77eb0b03ca}" = DJ_SF_03_D2500_Software_Min

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX

"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)

"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility

"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp

"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback

"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{ac55e361-642f-46af-81f5-1c69fedb6706}" = DJ_SF_03_D2500_ProductContext

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-1033-F400-7760-000000000004}_934" = Adobe Acrobat 9.3.4 - CPSID_83708

"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch

"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements

"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{c6d55c99-0700-44f6-8c46-3a0a14ee3d4c}" = D2500_Help

"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec

"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer

"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1

"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer

"{EE531675-A09C-51DD-F356-ECA9D6857039}" = Adobe Community Help

"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FAC36425-4266-4DE4-9CB5-68FB4FB9385A}" = CalMAN Pattern Generator

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Alice" = Alice-Installationsdateien entfernen

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"ENTERPRISE" = Microsoft Office Enterprise 2007

"FileZilla Client" = FileZilla Client 3.3.4.1

"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25180)

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)

"NVIDIA Drivers" = NVIDIA Drivers

"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator

"PC-Doctor 5 for Windows" = Hardware Diagnose Tools

"Protect Disc License Helper" = Protect Disc License Helper 1.0.118

"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11

"TuneUp Utilities" = TuneUp Utilities

"WinRAR archiver" = WinRAR

 
 ========== Last 10 Event Log Errors ==========

 

Error: Unable to start EventLog service!

 

< End of report >

Code:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:38:52, on 28.09.2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18943)

Boot mode: Normal
 

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\System32\rundll32.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\mobsync.exe

C:\Users\***\Desktop\HiJackThis204.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Peggle/Images/stg_drm.ocx

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - hxxp://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Peggle/Images/armhelper.ocx

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - hxxp://www.popcap.com/webgames/popcaploader_v10_de.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
 

--

End of file - 7194 bytes

Code:

GMER 1.0.15.14966 - hxxp://www.gmer.net

Rootkit scan 2010-09-28 22:52:49

Windows 6.0.6002 Service Pack 2
 
 

---- Kernel code sections - GMER 1.0.15 ----
 

PAGE            spsys.sys!?SPVersion@@3PADA + 1ABF                                                                   9F06D03F 110 Bytes  [8B, FF, 55, 8B, EC, 8B, 45, ...]

PAGE            spsys.sys!?SPVersion@@3PADA + 1B2F                                                                   9F06D0AF 1 Byte  [16]

PAGE            spsys.sys!?SPVersion@@3PADA + 1B2F                                                                   9F06D0AF 128 Bytes  [16, 3B, C8, 75, E2, B0, 01, ...]

PAGE            spsys.sys!?SPVersion@@3PADA + 1BB0                                                                   9F06D130 6 Bytes  [0E, 83, 78, 14, 01, 75]

PAGE            spsys.sys!?SPVersion@@3PADA + 1BB7                                                                   9F06D137 2298 Bytes  [83, 78, 18, 37, 75, 02, B3, ...]

PAGE            ...                                                                                                  
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                [747C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]                 [7481A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]             [747CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]       [747BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]                 [747C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]              [747BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [747F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]     [747CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]             [747BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]              [747BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]               [747B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]       [7484CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile]          [747EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]             [747BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                       [747B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                      [747B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]         [747C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\fastfat \Fat                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat              0xDA 0x95 0xA4 0x5D ...
 

---- Files - GMER 1.0.15 ----
 

File            C:\WINDOWS\System32\LogFiles\Scm\SCM.EVM                                                             (size mismatch) 12877824/3932160 bytes

File            C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl                                 (size mismatch) 98848/98696 bytes

File            C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl                                   (size mismatch) 700720/699928 bytes

File            C:\WINDOWS\System32\LogFiles\WUDF\WUDFTrace.etl                                                      (size mismatch) 36864/24576 bytes

File            C:\WINDOWS\System32\WDI\LogFiles\WdiContextLog.etl.002                                               (size mismatch) 770048/655360 bytes
 

---- EOF - GMER 1.0.15 ----

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O33 - MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\Shell - "" = AutoRun

O33 - MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B8AF0F0F

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B623B5B8

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E35A81F4

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D2C51E3D

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1AE68282

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Hallo Arne,

erstmal vielen Dank für Deine Antwort und die Anleitung, folgend die Logfile nach dem fix

Gruß

Code:

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0124123D-61B4-456f-AF86-78C53A0790C5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49a23e54-e3da-11dd-9041-9c38debfc506}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49a23e54-e3da-11dd-9041-9c38debfc506}\ not found.

File L:\LaunchU3.exe not found.

ADS C:\ProgramData\TEMP:B8AF0F0F deleted successfully.

ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.

ADS C:\ProgramData\TEMP:E35A81F4 deleted successfully.

ADS C:\ProgramData\TEMP:D2C51E3D deleted successfully.

ADS C:\ProgramData\TEMP:1AE68282 deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56504 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: ***

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 52322720 bytes

->Java cache emptied: 89371265 bytes

->FireFox cache emptied: 117422020 bytes

->Flash cache emptied: 395145 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 827661 bytes

RecycleBin emptied: 82648851 bytes

 

Total Files Cleaned = 327,00 mb

 

 

OTL by OldTimer - Version 3.2.14.1 log created on 09292010_123309
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hallo Arne,

vielen Dank. Hier die Combofix Logfile.

Code:

ComboFix 10-09-28.03 - *** 29.09.2010  15:33:39.1.4 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3071.2444 [GMT 2:00]

ausgeführt von:: c:\users\***\Desktop\cofi.exe

SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\users\***\AppData\Roaming\inst.exe

c:\users\***\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.ComfyCakesSave-ms.pif

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-08-28 bis 2010-09-29  ))))))))))))))))))))))))))))))

.
 

2010-09-29 13:43 . 2010-09-29 13:43        --------        d-----w-        c:\users\***\AppData\Local\temp

2010-09-29 13:43 . 2010-09-29 13:43        --------        d-----w-        c:\users\Default\AppData\Local\temp

2010-09-29 13:19 . 2010-09-29 13:19        --------        d-----w-        c:\program files\CCleaner

2010-09-29 10:33 . 2010-09-29 10:33        --------        d-----w-        C:\_OTL

2010-09-26 07:40 . 2010-09-26 07:40        --------        d-----w-        c:\users\***\AppData\Roaming\ScreeNet iSaver

2010-09-26 07:40 . 2010-09-26 07:40        --------        d-----w-        c:\users\***\AppData\Local\ScreeNet iSaver

2010-09-17 09:32 . 2010-09-17 09:32        1079048        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-09-15 12:19 . 2010-04-16 16:46        502272        ----a-w-        c:\windows\system32\usp10.dll

2010-09-15 12:19 . 2010-08-17 14:11        128000        ----a-w-        c:\windows\system32\spoolsv.exe

2010-09-15 12:18 . 2010-04-05 17:02        317952        ----a-w-        c:\windows\system32\MP4SDECD.DLL

2010-09-15 12:18 . 2010-05-27 20:08        739328        ----a-w-        c:\windows\system32\inetcomm.dll

2010-08-31 17:09 . 2010-08-31 17:09        --------        d-----w-        c:\users\***\AppData\Local\Nikon

2010-08-31 17:08 . 2010-08-31 17:08        --------        d-----w-        c:\programdata\Applause and Laugher

2010-08-31 17:08 . 2010-08-31 17:08        --------        d-----w-        c:\programdata\Ambience

2010-08-31 17:08 . 2010-08-31 17:08        --------        d-----w-        c:\programdata\vhosts
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-28 23:15 . 2009-07-11 12:54        --------        d-----w-        c:\users\***\AppData\Roaming\FileZilla

2010-09-28 10:05 . 2008-10-02 11:23        --------        d-----w-        c:\programdata\FLEXnet

2010-09-26 08:44 . 2007-12-12 19:53        --------        d--h--w-        c:\program files\InstallShield Installation Information

2010-09-15 15:18 . 2010-07-15 15:52        --------        d-----w-        c:\program files\Common Files\Nikon

2010-09-15 15:18 . 2010-07-15 15:52        --------        d-----w-        c:\program files\Nikon

2010-09-15 15:18 . 2010-08-03 09:31        20        ---h--w-        c:\programdata\PKP_DLdy.DAT

2010-09-15 14:48 . 2010-07-15 15:53        0        ---h--w-        c:\programdata\PKP_DLdw.DAT

2010-09-15 12:22 . 2009-01-19 15:46        --------        d-----w-        c:\programdata\Microsoft Help

2010-09-15 12:20 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail

2010-09-14 16:34 . 2008-05-28 18:33        1802        ----a-w-        c:\users\***\AppData\Roaming\wklnhst.dat

2010-09-09 15:17 . 2007-12-12 20:12        --------        d-----w-        c:\program files\Alice

2010-09-04 17:48 . 2009-11-08 01:11        --------        d-----w-        c:\program files\FileZilla FTP Client

2010-08-31 17:11 . 2010-07-15 15:52        --------        d-----w-        c:\programdata\Nikon

2010-08-31 17:09 . 2010-08-31 17:08        20        ---h--w-        c:\programdata\PKP_DLet.DAT

2010-08-31 17:08 . 2010-07-15 15:54        57344        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2010-08-31 17:08 . 2010-08-31 17:08        20        ---h--w-        c:\programdata\PKP_DLev.DAT

2010-08-31 17:08 . 2010-08-31 17:08        20        ---h--w-        c:\programdata\PKP_DLes.DAT

2010-08-31 17:08 . 2010-07-15 15:51        --------        d-----w-        c:\programdata\Ultima_T15

2010-08-31 17:08 . 2010-07-15 15:51        --------        d-----w-        c:\programdata\EnterNHelp

2010-08-30 14:44 . 2010-07-15 15:51        20        ---h--w-        c:\programdata\PKP_DLdu.DAT

2010-08-30 09:33 . 2007-12-12 20:04        --------        d-----w-        c:\program files\Java

2010-08-11 19:43 . 2007-12-12 20:05        --------        d-----w-        c:\program files\Microsoft Works

2010-08-09 22:23 . 2010-08-09 22:23        39323536        ----a-w-        c:\users\***\AppData\Roaming\Nikon\Message Center\DOWNLOAD_LOG\14998\S-CCPRO_-271WU-___DE-32BIT_.exe

2010-08-09 22:18 . 2010-07-15 15:55        49152        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe

2010-08-09 22:18 . 2010-08-09 22:18        335872        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe

2010-08-03 09:33 . 2010-08-03 09:33        --------        d-----w-        c:\programdata\Vocal Transformer

2010-07-31 14:04 . 2009-01-16 17:58        47360        ----a-w-        c:\users\***\AppData\Roaming\pcouffin.sys

2010-07-31 14:04 . 2009-01-16 17:58        47360        ----a-w-        c:\users\***\AppData\Roaming\pcouffin.sys

2010-07-31 14:04 . 2009-01-16 17:58        --------        d-----w-        c:\users\***\AppData\Roaming\Vso

2010-07-17 03:00 . 2010-05-05 18:54        423656        ----a-w-        c:\windows\system32\deployJava1.dll

2010-07-12 10:33 . 2010-07-12 10:32        197688        ----a-w-        c:\users\***\AppData\Roaming\Microsoft\Clip Organizer\mstore10.mgc

2010-07-12 10:33 . 2010-07-12 10:32        148512        ----a-w-        c:\users\***\AppData\Roaming\Microsoft\Clip Organizer\Offic10.MGC

2007-12-13 04:15 . 2007-12-13 04:02        8192        --sha-w-        c:\windows\Users\Default\NTUSER.DAT

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-18 21:33        202240        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ehTray.exe"=c:\windows\ehome\ehTray.exe

"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

"Nikon Message Center 2"=c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe -s

"Nikon Transfer Monitor"=c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001
 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]

R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-09-13 28160]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-10 1051976]

S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-10-01 1129344]

S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
 
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://alice.aol.de/

mStart Page = hxxp://alice.aol.de

IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ajscmj5.default\

FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll

FF - plugin: c:\program files\ProtectDisc\License Helper\NPPDLicenseHelper.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-09-29 15:43

Windows 6.0.6002 Service Pack 2 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

Zeit der Fertigstellung: 2010-09-29  15:48:19

ComboFix-quarantined-files.txt  2010-09-29 13:48
 

Vor Suchlauf: 7 Verzeichnis(se), 583.698.137.088 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 583.619.571.712 Bytes frei
 

- - End Of File - - 66E999D1EE65E0557355155932E23A6C

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Hallo Arne,

Gmer ist bei 2 Versuchen abgestürzt und für Osam kann ich den Online Malware Scanner nicht ausführen, weil von meinem Desktop keine Internetverbindung möglich ist (siehe Problembeschreibung). Gibt es weitere Alternativen zu diesen Tools für meinen Fall und soll ich den Bootkit-remover trotzdem laufen lassen?

Vielen Dank und Gruß

Die Online-Untersuchung zu OSAM bitte abbrechen. Ich brauch nur das Logfile.

Hallo Arne,

hier die Bootkit remover Ausagbe:

698 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

und die OSAM Logfile

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 17:05:49 on 30.09.2010
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"PCDRNDISUIO Usermode I/O Protocol" (PcdrNdisuio) - ? - C:\Windows\System32\DRIVERS\pcdrndisuio.sys  (File not found)

"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNMp50.sys

"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNSp50.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll

{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - ? -   (File not found | COM-object registry key not found)

{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll

{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll

{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{D821DC4A-0814-435E-9820-661C543A4679} "CRLDownloadWrapper Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\crlocx.ocx / hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

{4C39376E-FA9D-4349-BACC-D305C1750EF3} "EPUImageControl Class" - "eBay, Inc." - C:\Windows\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\Windows\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab

{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} "PopCapLoader Object" - ? - C:\Windows\Downloaded Program Files\popcaploader.dll  (File not found) / hxxp://www.popcap.com/webgames/popcaploader_v10_de.cab

{149E45D8-163E-4189-86FC-45022AB2B6C9} "SpinTop DRM Control" - "SpinTop Media Inc." - C:\Windows\DOWNLO~1\stg_drm.ocx / file:///C:/Program%20Files/Peggle/Images/stg_drm.ocx

{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

{166B1BCA-3F9C-11CF-8075-444553540000} "{166B1BCA-3F9C-11CF-8075-444553540000}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} "{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}" - ? -   (File not found | COM-object registry key not found) / hxxp://dl.tvunetworks.com/TVUAx.cab

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

{CC450D71-CC90-424C-8638-1F2DBAC87A54} "{CC450D71-CC90-424C-8638-1F2DBAC87A54}" - ? -   (File not found | COM-object registry key not found) / file:///C:/Program%20Files/Peggle/Images/armhelper.ocx

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

<binary data> "Contribute Toolbar" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{074C1DC5-9320-4A9A-947D-C042949C6216} "ContributeBHO Class" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Adobe PDF Port Monitor" - "Adobe Systems Inc" - C:\Windows\system32\AdobePDF.dll

"PCL hpz3l5mu" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l5mu.dll

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll

"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll

"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Gruß und vielen Dank

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Hallo Arne,

hier die File der MBRCheck.exe

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows Vista Home Premium Edition

Windows Information:                Service Pack 2 (build 6002), 32-bit

Base Board Manufacturer:        ASUSTeK Computer INC.

BIOS Manufacturer:                American Megatrends Inc.

System Manufacturer:                HP-Pavilion

System Product Name:                KJ253AA-ABD a6355.de

Logical Drives Mask:                0x000007bc
 

Kernel Drivers (total 142):

  0x82C0A000 \SystemRoot\system32\ntkrnlpa.exe

  0x82FC3000 \SystemRoot\system32\hal.dll

  0x8040A000 \SystemRoot\system32\kdcom.dll

  0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

  0x80481000 \SystemRoot\system32\PSHED.dll

  0x80492000 \SystemRoot\system32\BOOTVID.dll

  0x8049A000 \SystemRoot\system32\CLFS.SYS

  0x804DB000 \SystemRoot\system32\CI.dll

  0x80602000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x8068B000 \SystemRoot\system32\drivers\acpi.sys

  0x806D1000 \SystemRoot\system32\drivers\WMILIB.SYS

  0x806DA000 \SystemRoot\system32\drivers\msisadrv.sys

  0x806E2000 \SystemRoot\system32\drivers\pci.sys

  0x80709000 \SystemRoot\System32\drivers\partmgr.sys

  0x80718000 \SystemRoot\system32\drivers\volmgr.sys

  0x80727000 \SystemRoot\System32\drivers\volmgrx.sys

  0x80771000 \SystemRoot\System32\drivers\mountmgr.sys

  0x8320F000 \SystemRoot\system32\drivers\iastor.sys

  0x832D6000 \SystemRoot\system32\drivers\fltmgr.sys

  0x83308000 \SystemRoot\system32\drivers\fileinfo.sys

  0x83318000 \SystemRoot\System32\Drivers\PxHelp20.sys

  0x83322000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x8AE09000 \SystemRoot\system32\drivers\ndis.sys

  0x8AF14000 \SystemRoot\system32\drivers\msrpc.sys

  0x8AF3F000 \SystemRoot\system32\drivers\NETIO.SYS

  0x8B000000 \SystemRoot\System32\drivers\tcpip.sys

  0x8B0EA000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x8B202000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x8B312000 \SystemRoot\system32\drivers\volsnap.sys

  0x8B34B000 \SystemRoot\System32\Drivers\spldr.sys

  0x8B353000 \SystemRoot\System32\Drivers\mup.sys

  0x8B362000 \SystemRoot\System32\drivers\ecache.sys

  0x8B389000 \SystemRoot\system32\drivers\disk.sys

  0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS

  0x8B3BB000 \SystemRoot\system32\drivers\crcdisk.sys

  0x8B3D1000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x8B3DC000 \SystemRoot\system32\DRIVERS\tunmp.sys

  0x8B3E5000 \SystemRoot\system32\DRIVERS\intelppm.sys

  0x8F60E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

  0x8EE0C000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x8EEAD000 \SystemRoot\System32\drivers\watchdog.sys

  0x8EEB9000 \SystemRoot\system32\DRIVERS\usbuhci.sys

  0x8EEC4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x8EF02000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x8EF11000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0x8F000000 \SystemRoot\system32\drivers\HCW85BDA.sys

  0x8F114000 \SystemRoot\system32\drivers\BdaSup.SYS

  0x8F117000 \SystemRoot\system32\drivers\ks.sys

  0x8F141000 \SystemRoot\system32\DRIVERS\Rtlh86.sys

  0x8F15B000 \SystemRoot\system32\DRIVERS\ohci1394.sys

  0x8F16B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

  0x8F179000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0x8F191000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

  0x8F197000 \SystemRoot\system32\DRIVERS\msiscsi.sys

  0x8EF9E000 \SystemRoot\system32\DRIVERS\storport.sys

  0x8F1C6000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x8F1D1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x8F1E8000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x8B1CC000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x8EFDF000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x8FDEA000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x8AF7A000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x8EFEE000 \SystemRoot\system32\DRIVERS\termdd.sys

  0x8F1F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0x8EE00000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0x8F1FE000 \SystemRoot\system32\DRIVERS\swenum.sys

  0x8F600000 \SystemRoot\system32\DRIVERS\circlass.sys

  0x8B3F4000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0x8B1EF000 \SystemRoot\system32\DRIVERS\umbus.sys

  0x8AF8F000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0x8AFC4000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x90200000 \SystemRoot\system32\drivers\RTKVHDA.sys

  0x83393000 \SystemRoot\system32\drivers\portcls.sys

  0x8AFD5000 \SystemRoot\system32\drivers\drmk.sys

  0x903F3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

  0x8AE00000 \SystemRoot\System32\Drivers\Null.SYS

  0x833C0000 \SystemRoot\System32\Drivers\Beep.SYS

  0x833E3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x833EA000 \SystemRoot\System32\drivers\vga.sys

  0x80781000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x833F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x83200000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x833C7000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x833D2000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x807A2000 \SystemRoot\System32\DRIVERS\rasacd.sys

  0x807AB000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x807C1000 \SystemRoot\system32\DRIVERS\smb.sys

  0x90402000 \SystemRoot\system32\drivers\afd.sys

  0x9044A000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x9047C000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x90492000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x904A0000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x904B3000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

  0x904B9000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x904F5000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x904FF000 \SystemRoot\System32\Drivers\dfsc.sys

  0x90516000 \SystemRoot\system32\DRIVERS\avipbb.sys

  0x90538000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x8B105000 \SystemRoot\System32\Drivers\dump_iaStor.sys

  0x90545000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

  0x9055A000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0x97EA0000 \SystemRoot\System32\win32k.sys

  0x9055C000 \SystemRoot\System32\drivers\Dxapi.sys

  0x90566000 \SystemRoot\system32\DRIVERS\usbccgp.sys

  0x9057D000 \SystemRoot\system32\DRIVERS\netr73.sys

  0x8B3C4000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0x807D5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0x807E5000 \SystemRoot\system32\DRIVERS\kbdhid.sys

  0x807EE000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x805BB000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x980C0000 \SystemRoot\System32\TSDDD.dll

  0x980E0000 \SystemRoot\System32\ATMFD.DLL

  0x805CA000 \SystemRoot\system32\drivers\luafv.sys

  0x805E5000 \SystemRoot\system32\DRIVERS\avgntflt.sys

  0x98130000 \SystemRoot\System32\cdd.dll

  0x8200D000 \SystemRoot\system32\drivers\spsys.sys

  0x820BD000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x820CD000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x820F7000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0x82101000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0x82114000 \SystemRoot\system32\DRIVERS\RtNdPt60.sys

  0x82120000 \SystemRoot\system32\drivers\HTTP.sys

  0x8218D000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x821AA000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x821C3000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x821D8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0xA0C01000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0xA0C3A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0xA0C52000 \SystemRoot\System32\DRIVERS\srv2.sys

  0xA0C79000 \SystemRoot\System32\DRIVERS\srv.sys

  0xA0CC7000 \??\C:\Windows\system32\drivers\acedrv11.sys

  0xA0D0A000 \SystemRoot\system32\drivers\peauth.sys

  0xA0DE8000 \SystemRoot\System32\Drivers\secdrv.SYS

  0xA0DF2000 \SystemRoot\System32\drivers\tcpipreg.sys

  0xA1E04000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

  0xA1E19000 \SystemRoot\system32\DRIVERS\WUDFPf.sys

  0xA1E2B000 \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

  0xA1E2C000 \SystemRoot\system32\DRIVERS\cdfs.sys

  0xA1E42000 \SystemRoot\System32\Drivers\fastfat.SYS

  0xA1E6A000 \SystemRoot\system32\drivers\MSPQM.sys

  0x77C80000 \WINDOWS\System32\ntdll.dll
 

Processes (total 46):

       0 System Idle Process

       4 System

     488 C:\WINDOWS\System32\smss.exe

     556 csrss.exe

     612 C:\WINDOWS\System32\wininit.exe

     624 csrss.exe

     656 C:\WINDOWS\System32\services.exe

     668 C:\WINDOWS\System32\lsass.exe

     680 C:\WINDOWS\System32\lsm.exe

     824 C:\WINDOWS\System32\svchost.exe

     920 C:\WINDOWS\System32\svchost.exe

    1020 C:\WINDOWS\System32\svchost.exe

    1056 C:\WINDOWS\System32\svchost.exe

    1068 C:\WINDOWS\System32\svchost.exe

    1128 C:\WINDOWS\System32\audiodg.exe

    1152 C:\WINDOWS\System32\winlogon.exe

    1192 C:\WINDOWS\System32\svchost.exe

    1208 C:\WINDOWS\System32\SLsvc.exe

    1260 C:\WINDOWS\System32\svchost.exe

    1652 C:\WINDOWS\explorer.exe

    1732 C:\WINDOWS\System32\dwm.exe

    1816 C:\WINDOWS\System32\svchost.exe

     248 C:\Program Files\Avira\AntiVir Desktop\sched.exe

     312 C:\WINDOWS\System32\svchost.exe

    1308 C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    1436 C:\WINDOWS\System32\svchost.exe

    1548 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

    1220 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

    1348 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    1724 C:\WINDOWS\System32\svchost.exe

    1800 C:\WINDOWS\System32\svchost.exe

    1708 C:\WINDOWS\System32\svchost.exe

    1388 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

     432 WUDFHost.exe

    1544 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

    2648 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    2660 C:\WINDOWS\System32\rundll32.exe

    2688 WmiPrvSE.exe

    3888 C:\WINDOWS\System32\wbem\WMIADAP.exe

    3992 C:\WINDOWS\ehome\ehsched.exe

    4012 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

    4060 C:\WINDOWS\ehome\ehrecvr.exe

    3340 dllhost.exe

    3020 dllhost.exe

    3252 C:\Users\***\Desktop\MBRCheck.exe

    3796 C:\WINDOWS\System32\conime.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000ac`227ab600  (NTFS)
 

PhysicalDrive0 Model Number: ST3750640AS, Rev: 3.CHN   
 

      Size  Device Name          MBR Status

  --------------------------------------------

    698 GB  \\.\PhysicalDrive0   Unknown MBR code

            SHA1: CEFD837A02A1F4445A136688B10013AE4399C2CF
 
 

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Vielen Dank und Gruß

Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).
Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.

Hallo Arne,

hab ich wie von Dir beschrieben durchgeführt, ist aber leider keine Besserung zu verzeichen.

Mit freundlichen Grüßen

Mach bitte ein neues Log mit MBRCheck, ich muss überprüfen ob jetzt ein andere Prüfsumme des MBR angezeigt wird.

Hallo Arne,

hier die neue MBRCheck Logfile

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows Vista Home Premium Edition

Windows Information:                Service Pack 2 (build 6002), 32-bit

Base Board Manufacturer:        ASUSTeK Computer INC.

BIOS Manufacturer:                American Megatrends Inc.

System Manufacturer:                HP-Pavilion

System Product Name:                KJ253AA-ABD a6355.de

Logical Drives Mask:                0x000007bc
 

Kernel Drivers (total 141):

  0x82C18000 \SystemRoot\system32\ntkrnlpa.exe

  0x82FD1000 \SystemRoot\system32\hal.dll

  0x80404000 \SystemRoot\system32\kdcom.dll

  0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

  0x8047B000 \SystemRoot\system32\PSHED.dll

  0x8048C000 \SystemRoot\system32\BOOTVID.dll

  0x80494000 \SystemRoot\system32\CLFS.SYS

  0x804D5000 \SystemRoot\system32\CI.dll

  0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x8068E000 \SystemRoot\system32\drivers\acpi.sys

  0x806D4000 \SystemRoot\system32\drivers\WMILIB.SYS

  0x806DD000 \SystemRoot\system32\drivers\msisadrv.sys

  0x806E5000 \SystemRoot\system32\drivers\pci.sys

  0x8070C000 \SystemRoot\System32\drivers\partmgr.sys

  0x8071B000 \SystemRoot\system32\drivers\volmgr.sys

  0x8072A000 \SystemRoot\System32\drivers\volmgrx.sys

  0x80774000 \SystemRoot\System32\drivers\mountmgr.sys

  0x83201000 \SystemRoot\system32\drivers\iastor.sys

  0x832C8000 \SystemRoot\system32\drivers\fltmgr.sys

  0x832FA000 \SystemRoot\system32\drivers\fileinfo.sys

  0x8330A000 \SystemRoot\System32\Drivers\PxHelp20.sys

  0x83314000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x8AE09000 \SystemRoot\system32\drivers\ndis.sys

  0x8AF14000 \SystemRoot\system32\drivers\msrpc.sys

  0x8AF3F000 \SystemRoot\system32\drivers\NETIO.SYS

  0x8B007000 \SystemRoot\System32\drivers\tcpip.sys

  0x8B0F1000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x8B20A000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x8B31A000 \SystemRoot\system32\drivers\volsnap.sys

  0x8B353000 \SystemRoot\System32\Drivers\spldr.sys

  0x8B35B000 \SystemRoot\System32\Drivers\mup.sys

  0x8B36A000 \SystemRoot\System32\drivers\ecache.sys

  0x8B391000 \SystemRoot\system32\drivers\disk.sys

  0x8B3A2000 \SystemRoot\system32\drivers\CLASSPNP.SYS

  0x8B3C3000 \SystemRoot\system32\drivers\crcdisk.sys

  0x8B3D9000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x8B3E4000 \SystemRoot\system32\DRIVERS\tunmp.sys

  0x8B3ED000 \SystemRoot\system32\DRIVERS\intelppm.sys

  0x8EC0B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

  0x8F40F000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x8F4B0000 \SystemRoot\System32\drivers\watchdog.sys

  0x8F4BC000 \SystemRoot\system32\DRIVERS\usbuhci.sys

  0x8F4C7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x8F505000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x8F514000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0x8F60B000 \SystemRoot\system32\drivers\HCW85BDA.sys

  0x8F71F000 \SystemRoot\system32\drivers\BdaSup.SYS

  0x8F722000 \SystemRoot\system32\drivers\ks.sys

  0x8F74C000 \SystemRoot\system32\DRIVERS\Rtlh86.sys

  0x8F766000 \SystemRoot\system32\DRIVERS\ohci1394.sys

  0x8F776000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

  0x8F784000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0x8F79C000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

  0x8F7A2000 \SystemRoot\system32\DRIVERS\msiscsi.sys

  0x8F5A1000 \SystemRoot\system32\DRIVERS\storport.sys

  0x8F7D1000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x8F7DC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x8F7F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x8B1D3000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x8F5E2000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x8F3E7000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x8AF7A000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x8AF8F000 \SystemRoot\system32\DRIVERS\termdd.sys

  0x8F600000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0x8F5F1000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0x8F7FE000 \SystemRoot\system32\DRIVERS\swenum.sys

  0x8F400000 \SystemRoot\system32\DRIVERS\circlass.sys

  0x8EC00000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0x8AF9F000 \SystemRoot\system32\DRIVERS\umbus.sys

  0x8AFAC000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0x8AFE1000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x90000000 \SystemRoot\system32\drivers\RTKVHDA.sys

  0x83385000 \SystemRoot\system32\drivers\portcls.sys

  0x833B2000 \SystemRoot\system32\drivers\drmk.sys

  0x901F3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

  0x8B200000 \SystemRoot\System32\Drivers\Null.SYS

  0x8B1F6000 \SystemRoot\System32\Drivers\Beep.SYS

  0x8B000000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x8AFF2000 \SystemRoot\System32\drivers\vga.sys

  0x833D7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x8AE00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x833F8000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x80784000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x8078F000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x8079D000 \SystemRoot\System32\DRIVERS\rasacd.sys

  0x807A6000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x807BC000 \SystemRoot\system32\DRIVERS\smb.sys

  0x805B5000 \SystemRoot\system32\drivers\afd.sys

  0x90200000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x90232000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x90248000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x90256000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x90269000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

  0x9026F000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x902AB000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x902B5000 \SystemRoot\System32\Drivers\dfsc.sys

  0x902CC000 \SystemRoot\system32\DRIVERS\avipbb.sys

  0x902EE000 \SystemRoot\system32\DRIVERS\usbccgp.sys

  0x90305000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0x90307000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0x90310000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0x90320000 \SystemRoot\system32\DRIVERS\kbdhid.sys

  0x90329000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x90331000 \SystemRoot\system32\DRIVERS\netr73.sys

  0x903B1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

  0x903C6000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x8B10C000 \SystemRoot\System32\Drivers\dump_iaStor.sys

  0x966A0000 \SystemRoot\System32\win32k.sys

  0x903D3000 \SystemRoot\System32\drivers\Dxapi.sys

  0x903DD000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x968C0000 \SystemRoot\System32\TSDDD.dll

  0x968E0000 \SystemRoot\System32\ATMFD.DLL

  0x807D0000 \SystemRoot\system32\drivers\luafv.sys

  0x807EB000 \SystemRoot\system32\DRIVERS\avgntflt.sys

  0x96930000 \SystemRoot\System32\cdd.dll

  0x9E60A000 \SystemRoot\system32\drivers\spsys.sys

  0x9E6BA000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x9E6CA000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x9E6F4000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0x9E6FE000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0x9E711000 \SystemRoot\system32\DRIVERS\RtNdPt60.sys

  0x9E71D000 \SystemRoot\system32\drivers\HTTP.sys

  0x9E78A000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x9E7A7000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x9E7C0000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x9E7D5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0xA0C0D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0xA0C46000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0xA0C5E000 \SystemRoot\System32\DRIVERS\srv2.sys

  0xA0C85000 \SystemRoot\System32\DRIVERS\srv.sys

  0xA0CD3000 \??\C:\Windows\system32\drivers\acedrv11.sys

  0xA0D16000 \SystemRoot\system32\drivers\peauth.sys

  0xA0DF4000 \SystemRoot\System32\Drivers\secdrv.SYS

  0xA0C00000 \SystemRoot\System32\drivers\tcpipreg.sys

  0xA1E04000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

  0xA1E19000 \SystemRoot\system32\DRIVERS\WUDFPf.sys

  0xA1E2B000 \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

  0xA1E2C000 \SystemRoot\system32\DRIVERS\cdfs.sys

  0xA1E42000 \SystemRoot\system32\drivers\MSPQM.sys

  0x77820000 \WINDOWS\System32\ntdll.dll
 

Processes (total 44):

       0 System Idle Process

       4 System

     468 C:\WINDOWS\System32\smss.exe

     544 csrss.exe

     592 C:\WINDOWS\System32\wininit.exe

     604 csrss.exe

     636 C:\WINDOWS\System32\services.exe

     648 C:\WINDOWS\System32\lsass.exe

     660 C:\WINDOWS\System32\lsm.exe

     820 C:\WINDOWS\System32\svchost.exe

     916 C:\WINDOWS\System32\svchost.exe

    1008 C:\WINDOWS\System32\svchost.exe

    1040 C:\WINDOWS\System32\svchost.exe

    1052 C:\WINDOWS\System32\svchost.exe

    1116 C:\WINDOWS\System32\audiodg.exe

    1152 C:\WINDOWS\System32\winlogon.exe

    1168 C:\WINDOWS\System32\svchost.exe

    1192 C:\WINDOWS\System32\SLsvc.exe

    1252 C:\WINDOWS\System32\svchost.exe

    1636 C:\WINDOWS\explorer.exe

    1720 C:\WINDOWS\System32\dwm.exe

    1792 C:\WINDOWS\System32\svchost.exe

     244 C:\Program Files\Avira\AntiVir Desktop\sched.exe

     288 C:\WINDOWS\System32\svchost.exe

    1276 C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    1440 C:\WINDOWS\System32\svchost.exe

    1432 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

     708 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

    1612 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    1632 C:\WINDOWS\System32\svchost.exe

    1852 C:\WINDOWS\System32\svchost.exe

    1384 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

    1944 WUDFHost.exe

     484 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

    2468 C:\WINDOWS\System32\rundll32.exe

    2476 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    3200 C:\WINDOWS\ehome\ehsched.exe

    3244 C:\WINDOWS\ehome\ehrecvr.exe

    3264 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

    5600 WmiPrvSE.exe

     632 dllhost.exe

    4036 dllhost.exe

    1668 C:\Users\***\Desktop\MBRCheck.exe

     972 C:\WINDOWS\System32\conime.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000ac`227ab600  (NTFS)
 

PhysicalDrive0 Model Number: ST3750640AS, Rev: 3.CHN   
 

      Size  Device Name          MBR Status

  --------------------------------------------

    698 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected

            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
 
 

Done!

Vielen Dank und Gruß