| |
| |||||||
Log-Analyse und Auswertung: Svchost.exe lastet System ständig aus.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.05.2010, 07:43
| #1 |
| |  Svchost.exe lastet System ständig aus. Hallo, Ich hab, wie bereits in der Überschrift erwähnt, ein Problem mit svchost.exe. Zwar wurde über dieses, oder ähnliches, Problem schon oftmals hier im Forum diskutiert aber es war keine Lösung dabei die mir weiter geholfen hat. Ich habe mal Hijackthis über mein system laufen lassen und habe folgenden Log erhalten: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:33:32, on 20.05.2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\rundll32.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Hp\HP Software Update\hpwuschd2.exe C:\Program Files\Opera\opera.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\Taskmgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\User\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll O1 - Hosts: ::1 localhost O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8325 bytes Ein weiteres Problem was sich bei mir ergibt ist dass auch die Windows Updates nicht mehr funktionieren und ich diese auch manuel nicht mehr installieren kann. Auch die Services Packs, welche ich manuel runtergeladen habe, kann ich nicht installieren. Ich hoffe mir kann jemand weiterhelfen und bis dahin beste Grüße Christian |
|
20.05.2010, 11:15
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Svchost.exe lastet System ständig aus. Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
20.05.2010, 18:57
| #3 |
| | Svchost.exe lastet System ständig aus. Hallo und danke schonmal für die schnelle Antwort.
__________________Hier der Malwarebyts Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4119 Windows 6.0.6000 Internet Explorer 7.0.6000.16386 20.05.2010 19:56:51 mbam-log-2010-05-20 (19-56-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 266933 Laufzeit: 2 Stunde(n), 3 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\ALCATech\BPM-Studio Profi\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully. C:\Users\User\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully. C:\Windows\System32\WORK.DAT (Malware.Trace) -> Quarantined and deleted successfully. Hier die OTL Logs: 1: Code:
ATTFilter OTL logfile created on: 20.05.2010 13:17:37 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\User\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16386) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 958,00 Mb Total Physical Memory | 148,00 Mb Available Physical Memory | 15,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 46,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,49 Gb Total Space | 31,82 Gb Free Space | 22,18% Space Free | Partition Type: NTFS Drive D: | 5,56 Gb Total Space | 1,19 Gb Free Space | 21,38% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-PC Current User Name: User Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Opera\opera.exe (Opera Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\Program Files\MirandaX Ardena\MirandaX-Ardena.exe ( ) ========== Modules (SafeList) ========== MOD - C:\Users\User\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (Ndisprot) -- C:\Windows\System32\drivers\ndisprot.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\Windows\System32\drivers\SE27bus.sys (MCCI) DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\Windows\System32\drivers\se27unic.sys (MCCI) DRV - (QCMerced) -- C:\Windows\System32\drivers\lvcm.sys () DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {a3b24d40-bac4-11dc-95ff-0800200c9a66}:0.2.2 FF - prefs.js..extensions.enabledItems: {12e4c684-c03e-4e4d-85bc-0c065e7a9489}:5.23.2.10 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.08.31 02:43:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.05 09:54:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.19 19:43:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.04.17 00:02:27 | 000,000,000 | ---D | M] [2008.11.18 15:35:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2010.05.12 18:51:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vdgxhb1s.default\extensions [2009.04.10 20:13:03 | 000,000,000 | ---D | M] (SHOUTcast Radio Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489} [2010.04.27 12:31:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.06.06 15:02:17 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66} [2010.05.11 23:04:25 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2008.11.18 15:36:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\toolbar_extras@de.yahoo.com [2010.05.11 20:59:28 | 000,000,947 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\vdgxhb1s.default\searchplugins\icqplugin.xml [2009.04.10 20:13:20 | 000,001,184 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\vdgxhb1s.default\searchplugins\winamp-search.xml [2010.05.12 18:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.07.15 22:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.05 09:55:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009.03.25 19:06:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.03.25 19:06:00 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2009.03.25 19:06:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.03.25 19:06:00 | 000,000,986 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.03.25 19:06:00 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{0363f4e1-e9ee-11dd-986e-001b2413b344}\Shell - "" = AutoRun O33 - MountPoints2\{24933c40-f9da-11de-a30b-001b2413b344}\Shell - "" = AutoRun O33 - MountPoints2\{a0751f9e-f915-11de-b5d2-001b2413b344}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.20 13:16:47 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2010.05.20 13:07:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.20 13:07:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.20 13:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.05.13 11:30:09 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe [2010.05.13 11:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg [2010.05.11 23:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010.05.11 23:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\softonic-de3 [2010.05.11 23:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Goodnight Timer [2010.05.06 12:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\Valve [2010.05.05 09:54:54 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.05.05 09:54:54 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.05.05 09:54:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.05.05 09:54:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.04.27 12:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar [2010.04.27 12:30:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\AOL [2010.04.27 12:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.1 [2010.04.27 12:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\MirandaX Plus 2.5 [17 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.20 13:19:50 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.20 13:19:50 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.20 13:17:17 | 003,145,728 | ---- | M] () -- C:\Users\User\ntuser.dat [2010.05.20 13:16:49 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2010.05.20 13:07:42 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.20 10:16:29 | 005,243,008 | ---- | M] () -- C:\Users\User\Desktop\Boom_Boxx_-_Balla_Da_Li_2005.mp3 [2010.05.20 10:03:37 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.20 10:03:37 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.20 10:03:37 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.20 10:03:36 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.20 10:03:35 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.20 10:01:09 | 000,000,156 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.05.20 08:45:14 | 000,248,624 | ---- | M] () -- C:\Users\User\AppData\Roaming\nvModes.001 [2010.05.20 08:19:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.20 08:19:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.19 23:40:56 | 000,248,624 | ---- | M] () -- C:\Users\User\AppData\Roaming\nvModes.dat [2010.05.18 23:00:10 | 003,239,567 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db [2010.05.18 22:38:14 | 000,000,059 | ---- | M] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini [2010.05.13 11:31:15 | 000,000,812 | ---- | M] () -- C:\Users\User\Desktop\WaveLab.lnk [2010.05.11 23:04:19 | 000,000,782 | ---- | M] () -- C:\Users\User\Desktop\Goodnight Timer.lnk [2010.05.11 22:29:40 | 000,083,968 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.27 12:09:37 | 000,091,864 | ---- | M] () -- C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT [2010.04.27 12:09:30 | 001,693,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.04.27 10:57:57 | 000,000,848 | ---- | M] () -- C:\Users\User\Desktop\MirandaX Ardena.lnk [2010.04.27 10:57:34 | 000,002,168 | ---- | M] () -- C:\Windows\System32\Ahmbed.gz [17 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.20 13:07:42 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.20 10:15:50 | 005,243,008 | ---- | C] () -- C:\Users\User\Desktop\Boom_Boxx_-_Balla_Da_Li_2005.mp3 [2010.05.13 11:31:15 | 000,000,812 | ---- | C] () -- C:\Users\User\Desktop\WaveLab.lnk [2010.05.11 23:04:23 | 000,000,059 | ---- | C] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini [2010.05.11 23:04:19 | 000,000,782 | ---- | C] () -- C:\Users\User\Desktop\Goodnight Timer.lnk [2010.04.27 10:57:57 | 000,000,848 | ---- | C] () -- C:\Users\User\Desktop\MirandaX Ardena.lnk [2009.02.28 17:32:48 | 000,585,824 | ---- | C] () -- C:\Windows\System32\drivers\lvcm.sys [2009.02.28 17:32:48 | 000,006,812 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009.01.20 13:46:09 | 000,018,944 | ---- | C] () -- C:\Windows\System32\wk32.dll [2009.01.20 13:46:09 | 000,003,584 | ---- | C] () -- C:\Windows\System32\ic32.dll [2008.10.21 15:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\musicmaker.INI [2008.10.21 15:29:43 | 000,038,912 | ---- | C] () -- C:\Windows\System32\mgxasio.dll [2008.10.21 15:28:28 | 000,002,856 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.10.20 22:54:36 | 000,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll [2008.10.20 22:54:32 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.10.19 10:25:48 | 000,000,156 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.10.16 12:42:03 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.10.11 18:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2007.02.27 22:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.12.14 09:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.12.14 09:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.03.10 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2002.03.19 01:18:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\LAME_ENC.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > 2: Code:
ATTFilter OTL Extras logfile created on: 20.05.2010 13:17:37 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
958,00 Mb Total Physical Memory | 148,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 46,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,49 Gb Total Space | 31,82 Gb Free Space | 22,18% Space Free | Partition Type: NTFS
Drive D: | 5,56 Gb Total Space | 1,19 Gb Free Space | 21,38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3000942581-1898625692-2028073255-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15FC8FBC-9B04-41BD-A6FC-C517A59879C1}" = lport=139 | protocol=6 | dir=in | app=system |
"{19A1F7F5-ACA0-4C0B-8FFD-F0678F3E1877}" = rport=139 | protocol=6 | dir=out | app=system |
"{2516AD4D-4F81-4FBF-9CC0-DA02759D8EDC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29627B06-5F38-4326-9DE1-D67FA53FD36B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{309DF68F-2797-4282-B20F-83AFD6708153}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{36D087CE-DA58-4E2F-9F94-AA1C475F1523}" = lport=445 | protocol=6 | dir=in | app=system |
"{383A886A-8BC4-41A6-918F-83747792550A}" = lport=138 | protocol=17 | dir=in | app=system |
"{3DF09B63-2C6B-4B3B-A89A-6CF8C6E5AD1E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3E321B03-B7A4-4FC3-A56E-8E8AAC0FCAE1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{51E0FE64-4613-498A-B40E-8510FD81EDF9}" = rport=138 | protocol=17 | dir=out | app=system |
"{5D8F8B27-8529-478B-A084-140173165905}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8A45A312-0233-47CF-B39F-5C114AE06A7A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{99323CDA-8F54-4FAF-BD20-691EA9194E74}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B44A8E2D-1012-485A-8AC2-030323B977D6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B98D175F-A06C-4947-A95F-96C90719F034}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB10988C-375C-4B95-9D2B-834C1AC6F4B8}" = rport=445 | protocol=6 | dir=out | app=system |
"{C0B896A1-3E2F-462A-A45D-C2D61E1A8CA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D2CF96CD-49B5-4EE9-8CB7-9EE18A74CFE3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDC76B43-C14C-4CBE-8ABD-11854D279CD5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E05E27B2-C691-404E-8B1B-F39D83B67064}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E8616E8B-6E35-4093-A80F-2907664C62BB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{ECC97CD0-1483-4BD8-A506-D1B517EDD5AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED9CB15A-F78C-4370-9156-9F1D0D37C7B2}" = rport=137 | protocol=17 | dir=out | app=system |
"{EDB4E624-B3BC-4C4E-AC0F-6C554D0E4290}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F626D78C-A99D-4015-8DF8-6FC2F341712E}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0387AC48-C2DB-45D4-845C-1A18C12B56D4}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{145F729F-23D4-4933-A44E-AF04539B4C60}" = protocol=17 | dir=in | app=c:\windows\system32\gdtmha.exe |
"{15BD69C3-67E1-4B60-A1C3-E64DB3BD7846}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{171B6CC0-F5A8-4394-97AF-89BE9ADF3D6A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{23D8A70D-1754-4F70-A562-B724FD770F1A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{35D796EB-5AF0-476E-9B14-A4B98211E4AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3F5D35FB-3BA5-4F0A-A6A4-0C76D0A0DF05}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{58F64F76-E4DC-4220-A75A-37C6E6BA0B20}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{5A465820-D85C-40EE-B251-C34A7B89958B}" = protocol=6 | dir=out | app=system |
"{78C8716E-2A31-47FC-BBA8-F75EB9A43D82}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7AB92462-EC18-47A5-ACE4-B7277641BD08}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D6D94FB-220E-4978-BB9D-E37548181630}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7FE9D3A9-ADBE-4CC5-A0D0-A11B5DD299AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8586ED4D-3682-4A3D-86BB-D7CB433501A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{86FFF9C7-565B-4BCB-A71E-409AA77F5D9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88638F6E-7BE6-43F1-A750-F23329B39D96}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{8D0CE6A1-CDDC-4DA7-A3A5-0AE197681A15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{921A8D6E-A30F-45BF-A5CE-EB8578682AF0}" = protocol=17 | dir=in | app=c:\program files\ftp-uploader\ftpuploader.exe |
"{93F66AEA-554F-4DFA-971C-A7057D43A42F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{98462CAB-9C50-42F7-AD22-0D56C80B63C6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A5D61139-BB3E-446C-93A2-C7E6C0B9B9C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB3A8019-0B5B-47E5-B0AD-B14256D24F18}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{BDE85CFA-4D63-49A3-8D27-A9021777AB9D}" = protocol=17 | dir=in | app=c:\program files\avira\antivir personaledition classic\update.exe |
"{C1603D57-3309-4B55-913F-ED7DB660D00E}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{C2DEC678-AE86-431B-9E46-11EBB5294C7E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC7E4D93-09F5-4323-87ED-7B4C033139DF}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{D0F3D374-C354-4656-A58C-A25E3B1ECE47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5E050E7-7100-4611-8A76-CD8529DCC38B}" = protocol=6 | dir=in | app=c:\program files\avira\antivir personaledition classic\update.exe |
"{DC9DF05A-827B-4B1E-8BA9-05EA28EBAE5C}" = protocol=6 | dir=in | app=c:\windows\system32\gdtmha.exe |
"{DDC1F1C7-2DCE-40A6-9D18-B12EEF4772D0}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{E141D060-D1AA-437A-9810-3F477798B116}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8259C75-1313-41C5-9730-2418A3368921}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{E83955D5-37E8-423C-8444-80E1AD060421}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EAF78552-5BB1-4F20-9213-4B830E69171C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{F8CFB086-8B6D-46F9-9181-BF883C6ED79E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F9E61770-9FC4-42FB-8569-A963171D2AA3}" = protocol=6 | dir=in | app=c:\program files\ftp-uploader\ftpuploader.exe |
"{FE99C951-8F9D-4042-A541-831104E1EE92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1106504B-E17F-4908-8EDB-44DB07F53CAA}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{163C596C-9D77-4C5B-9841-5026C8B4E4D0}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{1C4A0B7A-A5A7-4B3F-A0B8-2BF15771EA1D}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{36DDEB0E-FFC3-4914-9997-280FFB3E5838}C:\program files\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"TCP Query User{38F2C8E3-7269-4EE0-8096-8CB3B624A04C}C:\program files\valve\steam\steamapps\user\half-life 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\user\half-life 2\hl2.exe |
"TCP Query User{3E0AF754-A28E-4A10-AC5E-FBB9372C37E5}C:\program files\valve\steam\steamapps\user\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\user\counter-strike source\hl2.exe |
"TCP Query User{48C48805-AC28-47A4-9F04-84AADDF68DE9}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"TCP Query User{4FDDB66D-2697-40E3-8A4D-9E8DDDE0C9EE}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{53D97C4B-8B7D-4460-82FE-E0525F68D9C1}C:\program files\mirandax ardena\mirandax-ardena.exe" = protocol=6 | dir=in | app=c:\program files\mirandax ardena\mirandax-ardena.exe |
"TCP Query User{65B6021F-C163-45FE-97BF-2889A5938248}C:\program files\mirandax ardena\mirandax-ardena.exe" = protocol=6 | dir=in | app=c:\program files\mirandax ardena\mirandax-ardena.exe |
"TCP Query User{6D40EED0-FEE1-4BF3-9C90-BC2B2F4DC12A}C:\valve\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\valve\condition zero\czero.exe |
"TCP Query User{729E1527-5F53-4F19-9CE2-7D6B52867885}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{8ABB3576-7CF3-4AA0-97AB-3084C7166893}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{9E30D124-7A95-42FA-85ED-C1B94DF37DE2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{AA1E0E29-E86E-43E9-B9FF-098C44E997B8}C:\users\user\appdata\local\opera\opera\temporary_downloads\keygen.regcure.1.5.0.0.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\opera\opera\temporary_downloads\keygen.regcure.1.5.0.0.exe |
"TCP Query User{AAA68D7C-EC79-4304-8DD3-B9A5DB87A993}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{D22673E2-D601-47B6-88AE-3D847DC5795F}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{F2B9C5BB-DA20-44CC-A56A-9564E69B9702}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{F83D6248-5891-47CD-91F8-EB23DD668DED}C:\program files\virtualdj\virtualdj.exe" = protocol=6 | dir=in | app=c:\program files\virtualdj\virtualdj.exe |
"TCP Query User{FFA43FB8-9175-4107-9E38-D704DACFA3FF}C:\valve\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\valve\condition zero\czero.exe |
"UDP Query User{0A687C76-C420-4462-89E7-29F4CB1E9FEC}C:\valve\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\valve\condition zero\czero.exe |
"UDP Query User{14F80362-7C38-4595-A8BB-C8985651E881}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{173450B4-FB43-42D6-A916-74B20DB89387}C:\program files\mirandax ardena\mirandax-ardena.exe" = protocol=17 | dir=in | app=c:\program files\mirandax ardena\mirandax-ardena.exe |
"UDP Query User{21AC627F-1656-463D-89B6-0BB2D9A4FE9E}C:\users\user\appdata\local\opera\opera\temporary_downloads\keygen.regcure.1.5.0.0.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\opera\opera\temporary_downloads\keygen.regcure.1.5.0.0.exe |
"UDP Query User{255825EB-6AA8-4237-AAED-55C0E8AE38C9}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{2A78EE9A-A57E-4138-A428-21410934A362}C:\program files\virtualdj\virtualdj.exe" = protocol=17 | dir=in | app=c:\program files\virtualdj\virtualdj.exe |
"UDP Query User{44D94F6F-E5B7-4AA0-BB7D-1A0D73438DF0}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{55543604-65CC-49CA-9A12-4D32A0402817}C:\program files\valve\steam\steamapps\user\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\user\counter-strike source\hl2.exe |
"UDP Query User{64D90D3B-A50D-4B35-B18D-1B935DC94D89}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{6DF1271A-3E6F-469A-959A-66D55612926D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{7BD6EBA5-9306-4772-B49F-504C7664EB8F}C:\program files\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"UDP Query User{7CF7B097-EE80-4CC9-87B8-BE9FDEEC0980}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{84AFE84A-C77D-4AF5-B157-67C65BC86E8B}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"UDP Query User{8CCAD9E3-1068-4A37-BAA5-98DF37728A9B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9E16C989-D598-47D5-A7F1-93256C0CFDE9}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{C052D4FE-07FC-475A-856B-FBB4BD81C7B2}C:\program files\valve\steam\steamapps\user\half-life 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\user\half-life 2\hl2.exe |
"UDP Query User{C3E793EC-061A-48BE-8C14-8ACCB13F8512}C:\valve\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\valve\condition zero\czero.exe |
"UDP Query User{CA7D2BE3-38E2-4A87-9D47-6C6B8BFB00F2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{CC88A3E1-3335-40D5-A9F7-BD67ECBE1523}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{CE9BE09B-EFF4-4EB7-A0D1-64DAC04B345C}C:\program files\mirandax ardena\mirandax-ardena.exe" = protocol=17 | dir=in | app=c:\program files\mirandax ardena\mirandax-ardena.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{131E6112-CC8A-4161-B8B2-49146B0A14BB}" = ESU for Microsoft Vista
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{194C14D5-3CB0-4977-8886-A79DFC00E820}" = MSCU for Microsoft Vista
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 D3
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{66381CF5-ECBB-4CB7-A7AF-C9767E4FDF24}" = Scratch Live 1.9.0 (19035)
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF0B98A9-F7E2-4FF5-88C7-7960EB91752B}" = HP User Guides 0041
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B944FA21-81AF-4A77-8328-CE4F4CC51031}" = Nero 8
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
"Collab" = Collab
"Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FLV Player" = FLV Player 2.0 (build 25)
"Goodnight Timer_is1" = Goodnight Timer 1.1
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.4
"Logitech Eyetoy Webcam" = Logitech Eyetoy Webcam
"lvdrivers_11.50" = Logitech QuickCam-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediacoderSE1.1" = MediacoderSE
"Messenger Plus! Live" = Messenger Plus! Live
"Miranda IM" = Miranda IM 0.8.23
"MirandaX Ardena" = MirandaX Ardena
"MixVibesDvs.exe" = MixVibes DVS uninstall
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"NVIDIA Drivers" = NVIDIA Drivers
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steinberg WaveLab 5.01b" = Steinberg WaveLab 5.01b
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinGimp-2.0_is1" = Gimp 2.6.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.05.2010 02:58:35 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.05.2010 02:58:40 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.05.2010 03:07:52 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.05.2010 03:17:08 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.05.2010 03:17:08 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 19.05.2010 03:05:19 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 19.05.2010 03:05:19 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.05.2010 02:21:49 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.05.2010 02:21:49 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.05.2010 02:23:22 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 20.05.2010 02:25:49 | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 20.05.2010 02:29:59 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 20.05.2010 02:29:59 | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 20.05.2010 02:29:59 | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 20.05.2010 02:29:59 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 20.05.2010 02:44:01 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 20.05.2010 02:44:01 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 20.05.2010 02:44:01 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 20.05.2010 02:44:01 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 20.05.2010 02:44:01 | Computer Name = User-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
< End of report >
Gruß, Christian |
|
20.05.2010, 19:53
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Svchost.exe lastet System ständig aus. Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0363f4e1-e9ee-11dd-986e-001b2413b344}\Shell - "" = AutoRun
O33 - MountPoints2\{24933c40-f9da-11de-a30b-001b2413b344}\Shell - "" = AutoRun
O33 - MountPoints2\{a0751f9e-f915-11de-b5d2-001b2413b344}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe -- File not found
[2010.04.27 10:57:34 | 000,002,168 | ---- | M] () -- C:\Windows\System32\Ahmbed.gz
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.05.2010, 20:24
| #5 |
| | Svchost.exe lastet System ständig aus. So, habe alles gemacht was cosinus gesagt hat und OTL hat folgenden Log, nach dem Neustart, rausgegeben: All processes killed Error: Unable to interpret <[emptytemp]> in the current context! OTL by OldTimer - Version 3.2.5.0 log created on 05202010_211616 All processes killed OTL by OldTimer - Version 3.2.5.0 log created on 05202010_211616 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Allerdings besteht das Problem weiter. |
|
20.05.2010, 20:28
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Svchost.exe lastet System ständig aus. Hast Du die Doppelpunkte mitkopiert?? Speziell bei ":Commands" und ":OTL:"
__________________ --> Svchost.exe lastet System ständig aus. |
|
20.05.2010, 20:36
| #7 |
| | Svchost.exe lastet System ständig aus. Ja, hab es 1 zu 1 kopiert. Allerdings hatte ich die "betroffene" svchost.exe manuel geschlossen vorher. Liegt dort eventuel der Fehler? Habe leider kein Vorwissen auf dem Gebiet. Ich danke aber schonmal für die fachkundige Hilfe! |
|
20.05.2010, 20:39
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Svchost.exe lastet System ständig aus. Du darfst natürlich so nichts am System verändern... Lass das bitte mit dem Prozesse töten, das kann auch OTL!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.05.2010, 20:43
| #9 |
| | Svchost.exe lastet System ständig aus. Achso, dann ist ja klar warum das nicht geklappt hat. Dann werde ich das ganze gleich nochmal wiederholen. Gruß Christian |
|
20.05.2010, 21:21
| #10 |
| | Svchost.exe lastet System ständig aus. Habe nun das ganze nocheinmal ausgeführt und habe folgenden Log erhalten: All processes killed ========== OTL ========== File D:\AUTOMODE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0363f4e1-e9ee-11dd-986e-001b2413b344}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0363f4e1-e9ee-11dd-986e-001b2413b344}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24933c40-f9da-11de-a30b-001b2413b344}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24933c40-f9da-11de-a30b-001b2413b344}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0751f9e-f915-11de-b5d2-001b2413b344}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0751f9e-f915-11de-b5d2-001b2413b344}\ not found. File F:\Get_Started_for_Win.exe not found. File C:\Windows\System32\Ahmbed.gz not found. Unable to delete ADS C:\ProgramData\TEMP:8FF81EB0 . Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 . Unable to delete ADS C:\ProgramData\TEMP  FC5A2B2 .========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: User ->Temp folder emptied: 33188 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 524745 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,00 mb OTL by OldTimer - Version 3.2.5.0 log created on 05202010_221241 Files\Folders moved on Reboot... C:\Windows\temp\TMP000000244F699012E6E71BCF moved successfully. Registry entries deleted on Reboot... Hat sich allerdings nichts geändert was das Problem angeht. Gruß, Christian |
|
21.05.2010, 09:51
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Svchost.exe lastet System ständig aus.Zitat:
Bitte mal CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.05.2010, 13:57
| #12 |
| | Svchost.exe lastet System ständig aus. Alle Schritte ausgeführ und schließlich von Cobofix folgenden Log erhalten: Code:
ATTFilter ComboFix 10-05-20.A1 - User 21.05.2010 14:15:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.958.443 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\User\AppData\Roaming\Desktopicon
c:\windows\system32\AbaleZip.dll
c:\windows\system32\ic32.dll
c:\windows\system32\wk32.dll
D:\resycled
.
((((((((((((((((((((((( Dateien erstellt von 2010-04-21 bis 2010-05-21 ))))))))))))))))))))))))))))))
.
2010-05-21 12:05 . 2010-05-21 12:05 -------- d-----w- c:\program files\CCleaner
2010-05-20 19:11 . 2010-05-20 19:11 -------- d-----w- C:\_OTL
2010-05-20 11:07 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-20 11:07 . 2010-05-20 11:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-20 11:07 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-13 09:30 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-05-13 09:28 . 2010-05-13 09:28 -------- d-----w- c:\program files\Steinberg
2010-05-11 21:04 . 2010-05-11 21:04 -------- d-----w- c:\program files\Conduit
2010-05-11 21:04 . 2010-05-11 21:04 -------- d-----w- c:\program files\softonic-de3
2010-05-11 21:04 . 2010-03-16 09:42 52224 ----a-w- c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll
2010-05-11 21:04 . 2010-03-16 09:42 101376 ----a-w- c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll
2010-05-11 21:04 . 2010-05-11 21:04 -------- d-----w- c:\program files\Goodnight Timer
2010-05-06 10:56 . 2010-05-06 10:56 -------- d-----w- c:\program files\Valve
2010-05-05 07:54 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-27 10:31 . 2010-04-27 10:31 -------- d-----w- c:\program files\ICQ6Toolbar
2010-04-27 10:30 . 2010-04-27 10:30 -------- d-----w- c:\users\User\AppData\Local\AOL
2010-04-27 10:28 . 2010-04-28 06:16 -------- d-----w- c:\program files\ICQ7.1
2010-04-27 10:17 . 2010-04-27 10:18 -------- d-----w- c:\program files\MirandaX Plus 2.5
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-21 11:32 . 2010-04-11 19:58 -------- d-----w- c:\users\User\AppData\Roaming\vlc
2010-05-20 08:03 . 2006-11-02 15:33 641344 ----a-w- c:\windows\system32\perfh007.dat
2010-05-20 08:03 . 2006-11-02 15:33 116706 ----a-w- c:\windows\system32\perfc007.dat
2010-05-19 21:40 . 2005-12-31 23:51 248624 ----a-w- c:\users\User\AppData\Roaming\nvModes.dat
2010-05-19 20:44 . 2008-09-23 20:10 -------- d-----w- c:\users\User\AppData\Roaming\ICQ
2010-05-13 09:29 . 2008-10-21 12:59 -------- d-----w- c:\program files\VstPlugins
2010-05-12 19:12 . 2009-03-30 19:54 -------- d-----w- c:\users\User\AppData\Roaming\IrfanView
2010-05-06 08:36 . 2010-01-21 14:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 07:54 . 2006-01-01 11:13 -------- d-----w- c:\program files\Java
2010-05-02 07:50 . 2008-09-23 20:06 -------- d-----w- c:\program files\Opera
2010-04-27 10:31 . 2006-01-01 09:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-27 10:30 . 2008-09-23 20:10 -------- d-----w- c:\programdata\ICQ
2010-04-27 10:09 . 2006-01-01 03:35 91864 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-27 08:57 . 2009-02-02 17:28 -------- d-----w- c:\program files\MirandaX Ardena
2010-04-18 17:46 . 2010-04-18 17:42 -------- d-----w- c:\program files\MediacoderSE
2010-04-10 23:25 . 2008-12-26 18:17 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss
2010-04-02 07:49 . 2006-01-01 11:13 -------- d-----w- c:\program files\Common Files\Java
2010-03-28 09:34 . 2010-03-28 09:34 -------- d-----w- c:\users\User\AppData\Roaming\Avira
2010-03-24 16:18 . 2010-03-24 16:18 -------- d-----w- c:\program files\MSECache
2010-03-24 15:01 . 2009-01-20 11:27 -------- d-----w- c:\program files\Miranda IM
2010-03-06 13:16 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-05 13:40 . 2010-03-05 13:40 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-03-05 13:39 . 2010-03-05 13:39 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll
2010-03-05 13:36 . 2010-03-05 13:36 61440 ----a-w- c:\windows\system32\ntprint.exe
2010-03-01 07:05 . 2009-07-06 10:15 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\softonic-de3\tbsoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Valve\Steam\\Steam.exe" [2004-09-29 1208320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-10-20 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 180224]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 317128]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows scvhost
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winwce
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Miranda IM"=c:\program files\MirandaX Ardena\MirandaX-Ardena.exe
"Uniblue RegistryBooster 2"=c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3000942581-1898625692-2028073255-1000]
"EnableNotificationsRef"=dword:00000001
R3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [2008-12-01 29184]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vdgxhb1s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - component: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - component: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll
FF - component: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-21 14:42
Windows 6.0.6000 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-05-21 14:49:03
ComboFix-quarantined-files.txt 2010-05-21 12:48
Vor Suchlauf: 13 Verzeichnis(se), 33.407.164.416 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 33.387.155.456 Bytes frei
- - End Of File - - 8E0B3885A886A95B5E4E94E843FDFFA4
Christian |
|
21.05.2010, 15:20
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Svchost.exe lastet System ständig aus.Zitat:
Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.05.2010, 17:55
| #14 |
| | Svchost.exe lastet System ständig aus. Naja, schade. Auch wenn die Software nicht wissentlich von mir benutzt wurde. Gut, dann kommt der Laptop eben weg. Danke trotzdem für die Hilfe. Gruß Christian |
|
| Themen zu Svchost.exe lastet System ständig aus. |
| adobe, antivir, antivir guard, auslastung, avg, avira, bho, defender, desktop, excel, explorer, hijack, hijackthis, internet, internet explorer, launch, manuel, monitor, plug-in, problem, rundll, software, svchost.exe, system, vista, windows, windows updates |
