Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Svchost.exe lastet System ständig aus.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.05.2010, 07:43   #1
Chris1190
 
Svchost.exe lastet System ständig aus. - Standard

Svchost.exe lastet System ständig aus.



Hallo,
Ich hab, wie bereits in der Überschrift erwähnt, ein Problem mit svchost.exe.
Zwar wurde über dieses, oder ähnliches, Problem schon oftmals hier im Forum diskutiert aber es war keine Lösung dabei die mir weiter geholfen hat.

Ich habe mal Hijackthis über mein system laufen lassen und habe folgenden Log erhalten:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:33:32, on 20.05.2010
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\User\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8325 bytes
         
Allerdings weiß ich leider nicht was ich damit anfangen soll, bzw. was für die Hohe Auslastung der svchost.exe verantwortlich ist.
Ein weiteres Problem was sich bei mir ergibt ist dass auch die Windows Updates nicht mehr funktionieren und ich diese auch manuel nicht mehr installieren kann.
Auch die Services Packs, welche ich manuel runtergeladen habe, kann ich nicht installieren.

Ich hoffe mir kann jemand weiterhelfen und bis dahin beste Grüße
Christian

Alt 20.05.2010, 11:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Svchost.exe lastet System ständig aus. - Standard

Svchost.exe lastet System ständig aus.



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 20.05.2010, 18:57   #3
Chris1190
 
Svchost.exe lastet System ständig aus. - Standard

Svchost.exe lastet System ständig aus.



Hallo und danke schonmal für die schnelle Antwort.

Hier der Malwarebyts Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4119

Windows 6.0.6000
Internet Explorer 7.0.6000.16386

20.05.2010 19:56:51
mbam-log-2010-05-20 (19-56-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 266933
Laufzeit: 2 Stunde(n), 3 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\ALCATech\BPM-Studio Profi\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Windows\System32\WORK.DAT (Malware.Trace) -> Quarantined and deleted successfully.



Hier die OTL Logs:

1:

Code:
ATTFilter
OTL logfile created on: 20.05.2010 13:17:37 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
958,00 Mb Total Physical Memory | 148,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 46,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,49 Gb Total Space | 31,82 Gb Free Space | 22,18% Space Free | Partition Type: NTFS
Drive D: | 5,56 Gb Total Space | 1,19 Gb Free Space | 21,38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\MirandaX Ardena\MirandaX-Ardena.exe ( )
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Ndisprot) -- C:\Windows\System32\drivers\ndisprot.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\Windows\System32\drivers\SE27bus.sys (MCCI)
DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\Windows\System32\drivers\se27unic.sys (MCCI)
DRV - (QCMerced) -- C:\Windows\System32\drivers\lvcm.sys ()
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a3b24d40-bac4-11dc-95ff-0800200c9a66}:0.2.2
FF - prefs.js..extensions.enabledItems: {12e4c684-c03e-4e4d-85bc-0c065e7a9489}:5.23.2.10
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.08.31 02:43:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.05 09:54:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.19 19:43:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.04.17 00:02:27 | 000,000,000 | ---D | M]
 
[2008.11.18 15:35:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010.05.12 18:51:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vdgxhb1s.default\extensions
[2009.04.10 20:13:03 | 000,000,000 | ---D | M] (SHOUTcast Radio Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
[2010.04.27 12:31:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.06.06 15:02:17 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010.05.11 23:04:25 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2008.11.18 15:36:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\toolbar_extras@de.yahoo.com
[2010.05.11 20:59:28 | 000,000,947 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\vdgxhb1s.default\searchplugins\icqplugin.xml
[2009.04.10 20:13:20 | 000,001,184 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\vdgxhb1s.default\searchplugins\winamp-search.xml
[2010.05.12 18:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.15 22:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.05 09:55:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.03.25 19:06:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.03.25 19:06:00 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.03.25 19:06:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.03.25 19:06:00 | 000,000,986 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.03.25 19:06:00 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0363f4e1-e9ee-11dd-986e-001b2413b344}\Shell - "" = AutoRun
O33 - MountPoints2\{24933c40-f9da-11de-a30b-001b2413b344}\Shell - "" = AutoRun
O33 - MountPoints2\{a0751f9e-f915-11de-b5d2-001b2413b344}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.20 13:16:47 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010.05.20 13:07:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.20 13:07:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.20 13:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.05.13 11:30:09 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010.05.13 11:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2010.05.11 23:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.05.11 23:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\softonic-de3
[2010.05.11 23:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Goodnight Timer
[2010.05.06 12:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\Valve
[2010.05.05 09:54:54 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.05.05 09:54:54 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.05.05 09:54:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.05.05 09:54:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.04.27 12:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
[2010.04.27 12:30:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\AOL
[2010.04.27 12:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.1
[2010.04.27 12:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\MirandaX Plus 2.5
[17 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.20 13:19:50 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.20 13:19:50 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.20 13:17:17 | 003,145,728 | ---- | M] () -- C:\Users\User\ntuser.dat
[2010.05.20 13:16:49 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010.05.20 13:07:42 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.20 10:16:29 | 005,243,008 | ---- | M] () -- C:\Users\User\Desktop\Boom_Boxx_-_Balla_Da_Li_2005.mp3
[2010.05.20 10:03:37 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.20 10:03:37 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.20 10:03:37 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.20 10:03:36 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.20 10:03:35 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.20 10:01:09 | 000,000,156 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.05.20 08:45:14 | 000,248,624 | ---- | M] () -- C:\Users\User\AppData\Roaming\nvModes.001
[2010.05.20 08:19:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.20 08:19:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.19 23:40:56 | 000,248,624 | ---- | M] () -- C:\Users\User\AppData\Roaming\nvModes.dat
[2010.05.18 23:00:10 | 003,239,567 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2010.05.18 22:38:14 | 000,000,059 | ---- | M] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini
[2010.05.13 11:31:15 | 000,000,812 | ---- | M] () -- C:\Users\User\Desktop\WaveLab.lnk
[2010.05.11 23:04:19 | 000,000,782 | ---- | M] () -- C:\Users\User\Desktop\Goodnight Timer.lnk
[2010.05.11 22:29:40 | 000,083,968 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.27 12:09:37 | 000,091,864 | ---- | M] () -- C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.27 12:09:30 | 001,693,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.27 10:57:57 | 000,000,848 | ---- | M] () -- C:\Users\User\Desktop\MirandaX Ardena.lnk
[2010.04.27 10:57:34 | 000,002,168 | ---- | M] () -- C:\Windows\System32\Ahmbed.gz
[17 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.20 13:07:42 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.20 10:15:50 | 005,243,008 | ---- | C] () -- C:\Users\User\Desktop\Boom_Boxx_-_Balla_Da_Li_2005.mp3
[2010.05.13 11:31:15 | 000,000,812 | ---- | C] () -- C:\Users\User\Desktop\WaveLab.lnk
[2010.05.11 23:04:23 | 000,000,059 | ---- | C] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini
[2010.05.11 23:04:19 | 000,000,782 | ---- | C] () -- C:\Users\User\Desktop\Goodnight Timer.lnk
[2010.04.27 10:57:57 | 000,000,848 | ---- | C] () -- C:\Users\User\Desktop\MirandaX Ardena.lnk
[2009.02.28 17:32:48 | 000,585,824 | ---- | C] () -- C:\Windows\System32\drivers\lvcm.sys
[2009.02.28 17:32:48 | 000,006,812 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.01.20 13:46:09 | 000,018,944 | ---- | C] () -- C:\Windows\System32\wk32.dll
[2009.01.20 13:46:09 | 000,003,584 | ---- | C] () -- C:\Windows\System32\ic32.dll
[2008.10.21 15:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\musicmaker.INI
[2008.10.21 15:29:43 | 000,038,912 | ---- | C] () -- C:\Windows\System32\mgxasio.dll
[2008.10.21 15:28:28 | 000,002,856 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.10.20 22:54:36 | 000,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2008.10.20 22:54:32 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.10.19 10:25:48 | 000,000,156 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.10.16 12:42:03 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.10.11 18:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007.02.27 22:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.12.14 09:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.12.14 09:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.10 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002.03.19 01:18:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\LAME_ENC.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
         


2:

Code:
ATTFilter
OTL Extras logfile created on: 20.05.2010 13:17:37 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
958,00 Mb Total Physical Memory | 148,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 46,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,49 Gb Total Space | 31,82 Gb Free Space | 22,18% Space Free | Partition Type: NTFS
Drive D: | 5,56 Gb Total Space | 1,19 Gb Free Space | 21,38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3000942581-1898625692-2028073255-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15FC8FBC-9B04-41BD-A6FC-C517A59879C1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{19A1F7F5-ACA0-4C0B-8FFD-F0678F3E1877}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2516AD4D-4F81-4FBF-9CC0-DA02759D8EDC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{29627B06-5F38-4326-9DE1-D67FA53FD36B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{309DF68F-2797-4282-B20F-83AFD6708153}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{36D087CE-DA58-4E2F-9F94-AA1C475F1523}" = lport=445 | protocol=6 | dir=in | app=system | 
"{383A886A-8BC4-41A6-918F-83747792550A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3DF09B63-2C6B-4B3B-A89A-6CF8C6E5AD1E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3E321B03-B7A4-4FC3-A56E-8E8AAC0FCAE1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{51E0FE64-4613-498A-B40E-8510FD81EDF9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5D8F8B27-8529-478B-A084-140173165905}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8A45A312-0233-47CF-B39F-5C114AE06A7A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{99323CDA-8F54-4FAF-BD20-691EA9194E74}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B44A8E2D-1012-485A-8AC2-030323B977D6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B98D175F-A06C-4947-A95F-96C90719F034}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BB10988C-375C-4B95-9D2B-834C1AC6F4B8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C0B896A1-3E2F-462A-A45D-C2D61E1A8CA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D2CF96CD-49B5-4EE9-8CB7-9EE18A74CFE3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DDC76B43-C14C-4CBE-8ABD-11854D279CD5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E05E27B2-C691-404E-8B1B-F39D83B67064}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E8616E8B-6E35-4093-A80F-2907664C62BB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{ECC97CD0-1483-4BD8-A506-D1B517EDD5AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ED9CB15A-F78C-4370-9156-9F1D0D37C7B2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EDB4E624-B3BC-4C4E-AC0F-6C554D0E4290}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F626D78C-A99D-4015-8DF8-6FC2F341712E}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0387AC48-C2DB-45D4-845C-1A18C12B56D4}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{145F729F-23D4-4933-A44E-AF04539B4C60}" = protocol=17 | dir=in | app=c:\windows\system32\gdtmha.exe | 
"{15BD69C3-67E1-4B60-A1C3-E64DB3BD7846}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{171B6CC0-F5A8-4394-97AF-89BE9ADF3D6A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{23D8A70D-1754-4F70-A562-B724FD770F1A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{35D796EB-5AF0-476E-9B14-A4B98211E4AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3F5D35FB-3BA5-4F0A-A6A4-0C76D0A0DF05}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{58F64F76-E4DC-4220-A75A-37C6E6BA0B20}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{5A465820-D85C-40EE-B251-C34A7B89958B}" = protocol=6 | dir=out | app=system | 
"{78C8716E-2A31-47FC-BBA8-F75EB9A43D82}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7AB92462-EC18-47A5-ACE4-B7277641BD08}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7D6D94FB-220E-4978-BB9D-E37548181630}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7FE9D3A9-ADBE-4CC5-A0D0-A11B5DD299AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8586ED4D-3682-4A3D-86BB-D7CB433501A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{86FFF9C7-565B-4BCB-A71E-409AA77F5D9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{88638F6E-7BE6-43F1-A750-F23329B39D96}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{8D0CE6A1-CDDC-4DA7-A3A5-0AE197681A15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{921A8D6E-A30F-45BF-A5CE-EB8578682AF0}" = protocol=17 | dir=in | app=c:\program files\ftp-uploader\ftpuploader.exe | 
"{93F66AEA-554F-4DFA-971C-A7057D43A42F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{98462CAB-9C50-42F7-AD22-0D56C80B63C6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A5D61139-BB3E-446C-93A2-C7E6C0B9B9C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BB3A8019-0B5B-47E5-B0AD-B14256D24F18}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{BDE85CFA-4D63-49A3-8D27-A9021777AB9D}" = protocol=17 | dir=in | app=c:\program files\avira\antivir personaledition classic\update.exe | 
"{C1603D57-3309-4B55-913F-ED7DB660D00E}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{C2DEC678-AE86-431B-9E46-11EBB5294C7E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CC7E4D93-09F5-4323-87ED-7B4C033139DF}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{D0F3D374-C354-4656-A58C-A25E3B1ECE47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D5E050E7-7100-4611-8A76-CD8529DCC38B}" = protocol=6 | dir=in | app=c:\program files\avira\antivir personaledition classic\update.exe | 
"{DC9DF05A-827B-4B1E-8BA9-05EA28EBAE5C}" = protocol=6 | dir=in | app=c:\windows\system32\gdtmha.exe | 
"{DDC1F1C7-2DCE-40A6-9D18-B12EEF4772D0}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{E141D060-D1AA-437A-9810-3F477798B116}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8259C75-1313-41C5-9730-2418A3368921}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{E83955D5-37E8-423C-8444-80E1AD060421}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EAF78552-5BB1-4F20-9213-4B830E69171C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{F8CFB086-8B6D-46F9-9181-BF883C6ED79E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{F9E61770-9FC4-42FB-8569-A963171D2AA3}" = protocol=6 | dir=in | app=c:\program files\ftp-uploader\ftpuploader.exe | 
"{FE99C951-8F9D-4042-A541-831104E1EE92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{1106504B-E17F-4908-8EDB-44DB07F53CAA}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{163C596C-9D77-4C5B-9841-5026C8B4E4D0}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{1C4A0B7A-A5A7-4B3F-A0B8-2BF15771EA1D}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{36DDEB0E-FFC3-4914-9997-280FFB3E5838}C:\program files\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe | 
"TCP Query User{38F2C8E3-7269-4EE0-8096-8CB3B624A04C}C:\program files\valve\steam\steamapps\user\half-life 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\user\half-life 2\hl2.exe | 
"TCP Query User{3E0AF754-A28E-4A10-AC5E-FBB9372C37E5}C:\program files\valve\steam\steamapps\user\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\user\counter-strike source\hl2.exe | 
"TCP Query User{48C48805-AC28-47A4-9F04-84AADDF68DE9}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"TCP Query User{4FDDB66D-2697-40E3-8A4D-9E8DDDE0C9EE}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{53D97C4B-8B7D-4460-82FE-E0525F68D9C1}C:\program files\mirandax ardena\mirandax-ardena.exe" = protocol=6 | dir=in | app=c:\program files\mirandax ardena\mirandax-ardena.exe | 
"TCP Query User{65B6021F-C163-45FE-97BF-2889A5938248}C:\program files\mirandax ardena\mirandax-ardena.exe" = protocol=6 | dir=in | app=c:\program files\mirandax ardena\mirandax-ardena.exe | 
"TCP Query User{6D40EED0-FEE1-4BF3-9C90-BC2B2F4DC12A}C:\valve\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\valve\condition zero\czero.exe | 
"TCP Query User{729E1527-5F53-4F19-9CE2-7D6B52867885}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{8ABB3576-7CF3-4AA0-97AB-3084C7166893}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{9E30D124-7A95-42FA-85ED-C1B94DF37DE2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{AA1E0E29-E86E-43E9-B9FF-098C44E997B8}C:\users\user\appdata\local\opera\opera\temporary_downloads\keygen.regcure.1.5.0.0.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\opera\opera\temporary_downloads\keygen.regcure.1.5.0.0.exe | 
"TCP Query User{AAA68D7C-EC79-4304-8DD3-B9A5DB87A993}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{D22673E2-D601-47B6-88AE-3D847DC5795F}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{F2B9C5BB-DA20-44CC-A56A-9564E69B9702}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{F83D6248-5891-47CD-91F8-EB23DD668DED}C:\program files\virtualdj\virtualdj.exe" = protocol=6 | dir=in | app=c:\program files\virtualdj\virtualdj.exe | 
"TCP Query User{FFA43FB8-9175-4107-9E38-D704DACFA3FF}C:\valve\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\valve\condition zero\czero.exe | 
"UDP Query User{0A687C76-C420-4462-89E7-29F4CB1E9FEC}C:\valve\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\valve\condition zero\czero.exe | 
"UDP Query User{14F80362-7C38-4595-A8BB-C8985651E881}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{173450B4-FB43-42D6-A916-74B20DB89387}C:\program files\mirandax ardena\mirandax-ardena.exe" = protocol=17 | dir=in | app=c:\program files\mirandax ardena\mirandax-ardena.exe | 
"UDP Query User{21AC627F-1656-463D-89B6-0BB2D9A4FE9E}C:\users\user\appdata\local\opera\opera\temporary_downloads\keygen.regcure.1.5.0.0.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\opera\opera\temporary_downloads\keygen.regcure.1.5.0.0.exe | 
"UDP Query User{255825EB-6AA8-4237-AAED-55C0E8AE38C9}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{2A78EE9A-A57E-4138-A428-21410934A362}C:\program files\virtualdj\virtualdj.exe" = protocol=17 | dir=in | app=c:\program files\virtualdj\virtualdj.exe | 
"UDP Query User{44D94F6F-E5B7-4AA0-BB7D-1A0D73438DF0}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{55543604-65CC-49CA-9A12-4D32A0402817}C:\program files\valve\steam\steamapps\user\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\user\counter-strike source\hl2.exe | 
"UDP Query User{64D90D3B-A50D-4B35-B18D-1B935DC94D89}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{6DF1271A-3E6F-469A-959A-66D55612926D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{7BD6EBA5-9306-4772-B49F-504C7664EB8F}C:\program files\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe | 
"UDP Query User{7CF7B097-EE80-4CC9-87B8-BE9FDEEC0980}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{84AFE84A-C77D-4AF5-B157-67C65BC86E8B}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"UDP Query User{8CCAD9E3-1068-4A37-BAA5-98DF37728A9B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{9E16C989-D598-47D5-A7F1-93256C0CFDE9}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{C052D4FE-07FC-475A-856B-FBB4BD81C7B2}C:\program files\valve\steam\steamapps\user\half-life 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\user\half-life 2\hl2.exe | 
"UDP Query User{C3E793EC-061A-48BE-8C14-8ACCB13F8512}C:\valve\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\valve\condition zero\czero.exe | 
"UDP Query User{CA7D2BE3-38E2-4A87-9D47-6C6B8BFB00F2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{CC88A3E1-3335-40D5-A9F7-BD67ECBE1523}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{CE9BE09B-EFF4-4EB7-A0D1-64DAC04B345C}C:\program files\mirandax ardena\mirandax-ardena.exe" = protocol=17 | dir=in | app=c:\program files\mirandax ardena\mirandax-ardena.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{131E6112-CC8A-4161-B8B2-49146B0A14BB}" = ESU for Microsoft Vista
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{194C14D5-3CB0-4977-8886-A79DFC00E820}" = MSCU for Microsoft Vista
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 D3
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{66381CF5-ECBB-4CB7-A7AF-C9767E4FDF24}" = Scratch Live 1.9.0 (19035)
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF0B98A9-F7E2-4FF5-88C7-7960EB91752B}" = HP User Guides 0041
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B944FA21-81AF-4A77-8328-CE4F4CC51031}" = Nero 8
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
"Collab" = Collab
"Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FLV Player" = FLV Player 2.0 (build 25)
"Goodnight Timer_is1" = Goodnight Timer 1.1
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.4
"Logitech Eyetoy Webcam" = Logitech Eyetoy Webcam
"lvdrivers_11.50" = Logitech QuickCam-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediacoderSE1.1" = MediacoderSE
"Messenger Plus! Live" = Messenger Plus! Live
"Miranda IM" = Miranda IM 0.8.23
"MirandaX Ardena" = MirandaX Ardena
"MixVibesDvs.exe" = MixVibes DVS uninstall
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"NVIDIA Drivers" = NVIDIA Drivers
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steinberg WaveLab 5.01b" = Steinberg WaveLab 5.01b
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinGimp-2.0_is1" = Gimp 2.6.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.05.2010 02:58:35 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 17.05.2010 02:58:40 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.05.2010 03:07:52 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.05.2010 03:17:08 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.05.2010 03:17:08 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.05.2010 03:05:19 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.05.2010 03:05:19 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.05.2010 02:21:49 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.05.2010 02:21:49 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.05.2010 02:23:22 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 20.05.2010 02:25:49 | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 20.05.2010 02:29:59 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 20.05.2010 02:29:59 | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 20.05.2010 02:29:59 | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 20.05.2010 02:29:59 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 20.05.2010 02:44:01 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 20.05.2010 02:44:01 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 20.05.2010 02:44:01 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 20.05.2010 02:44:01 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 20.05.2010 02:44:01 | Computer Name = User-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
 
< End of report >
         



Gruß,
Christian
__________________

Alt 20.05.2010, 19:53   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Svchost.exe lastet System ständig aus. - Standard

Svchost.exe lastet System ständig aus.



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0363f4e1-e9ee-11dd-986e-001b2413b344}\Shell - "" = AutoRun
O33 - MountPoints2\{24933c40-f9da-11de-a30b-001b2413b344}\Shell - "" = AutoRun
O33 - MountPoints2\{a0751f9e-f915-11de-b5d2-001b2413b344}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe -- File not found
[2010.04.27 10:57:34 | 000,002,168 | ---- | M] () -- C:\Windows\System32\Ahmbed.gz
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.05.2010, 20:24   #5
Chris1190
 
Svchost.exe lastet System ständig aus. - Standard

Svchost.exe lastet System ständig aus.



So, habe alles gemacht was cosinus gesagt hat und OTL hat folgenden Log, nach dem Neustart, rausgegeben:

All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!

OTL by OldTimer - Version 3.2.5.0 log created on 05202010_211616
All processes killed

OTL by OldTimer - Version 3.2.5.0 log created on 05202010_211616

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Allerdings besteht das Problem weiter.


Alt 20.05.2010, 20:28   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Svchost.exe lastet System ständig aus. - Standard

Svchost.exe lastet System ständig aus.



Hast Du die Doppelpunkte mitkopiert?? Speziell bei ":Commands" und ":OTL:"
__________________
--> Svchost.exe lastet System ständig aus.

Alt 20.05.2010, 20:36   #7
Chris1190
 
Svchost.exe lastet System ständig aus. - Standard

Svchost.exe lastet System ständig aus.



Ja, hab es 1 zu 1 kopiert.
Allerdings hatte ich die "betroffene" svchost.exe manuel geschlossen vorher.
Liegt dort eventuel der Fehler?
Habe leider kein Vorwissen auf dem Gebiet.
Ich danke aber schonmal für die fachkundige Hilfe!

Alt 20.05.2010, 20:39   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Svchost.exe lastet System ständig aus. - Standard

Svchost.exe lastet System ständig aus.



Du darfst natürlich so nichts am System verändern...
Lass das bitte mit dem Prozesse töten, das kann auch OTL!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.05.2010, 20:43   #9
Chris1190
 
Svchost.exe lastet System ständig aus. - Standard

Svchost.exe lastet System ständig aus.



Achso, dann ist ja klar warum das nicht geklappt hat.
Dann werde ich das ganze gleich nochmal wiederholen.

Gruß
Christian

Alt 20.05.2010, 21:21   #10
Chris1190
 
Svchost.exe lastet System ständig aus. - Standard

Svchost.exe lastet System ständig aus.



Habe nun das ganze nocheinmal ausgeführt und habe folgenden Log erhalten:

All processes killed
========== OTL ==========
File D:\AUTOMODE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0363f4e1-e9ee-11dd-986e-001b2413b344}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0363f4e1-e9ee-11dd-986e-001b2413b344}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24933c40-f9da-11de-a30b-001b2413b344}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24933c40-f9da-11de-a30b-001b2413b344}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0751f9e-f915-11de-b5d2-001b2413b344}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0751f9e-f915-11de-b5d2-001b2413b344}\ not found.
File F:\Get_Started_for_Win.exe not found.
File C:\Windows\System32\Ahmbed.gz not found.
Unable to delete ADS C:\ProgramData\TEMP:8FF81EB0 .
Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 .
Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 33188 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524745 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,00 mb


OTL by OldTimer - Version 3.2.5.0 log created on 05202010_221241

Files\Folders moved on Reboot...
C:\Windows\temp\TMP000000244F699012E6E71BCF moved successfully.

Registry entries deleted on Reboot...

Hat sich allerdings nichts geändert was das Problem angeht.

Gruß,
Christian

Alt 21.05.2010, 09:51   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Svchost.exe lastet System ständig aus. - Standard

Svchost.exe lastet System ständig aus.



Zitat:
Hat sich allerdings nichts geändert was das Problem angeht.
Es hat auch keiner gesagt, dass das Problem dann weg ist...
Bitte mal CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.05.2010, 13:57   #12
Chris1190
 
Svchost.exe lastet System ständig aus. - Standard

Svchost.exe lastet System ständig aus.



Alle Schritte ausgeführ und schließlich von Cobofix folgenden Log erhalten:

Code:
ATTFilter
ComboFix 10-05-20.A1 - User 21.05.2010  14:15:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.958.443 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\User\AppData\Roaming\Desktopicon
c:\windows\system32\AbaleZip.dll
c:\windows\system32\ic32.dll
c:\windows\system32\wk32.dll
D:\resycled

.
(((((((((((((((((((((((   Dateien erstellt von 2010-04-21 bis 2010-05-21  ))))))))))))))))))))))))))))))
.

2010-05-21 12:05 . 2010-05-21 12:05	--------	d-----w-	c:\program files\CCleaner
2010-05-20 19:11 . 2010-05-20 19:11	--------	d-----w-	C:\_OTL
2010-05-20 11:07 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-20 11:07 . 2010-05-20 11:07	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-20 11:07 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-05-13 09:30 . 1998-10-29 14:45	306688	----a-w-	c:\windows\IsUninst.exe
2010-05-13 09:28 . 2010-05-13 09:28	--------	d-----w-	c:\program files\Steinberg
2010-05-11 21:04 . 2010-05-11 21:04	--------	d-----w-	c:\program files\Conduit
2010-05-11 21:04 . 2010-05-11 21:04	--------	d-----w-	c:\program files\softonic-de3
2010-05-11 21:04 . 2010-03-16 09:42	52224	----a-w-	c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll
2010-05-11 21:04 . 2010-03-16 09:42	101376	----a-w-	c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll
2010-05-11 21:04 . 2010-05-11 21:04	--------	d-----w-	c:\program files\Goodnight Timer
2010-05-06 10:56 . 2010-05-06 10:56	--------	d-----w-	c:\program files\Valve
2010-05-05 07:54 . 2010-04-12 15:29	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-04-27 10:31 . 2010-04-27 10:31	--------	d-----w-	c:\program files\ICQ6Toolbar
2010-04-27 10:30 . 2010-04-27 10:30	--------	d-----w-	c:\users\User\AppData\Local\AOL
2010-04-27 10:28 . 2010-04-28 06:16	--------	d-----w-	c:\program files\ICQ7.1
2010-04-27 10:17 . 2010-04-27 10:18	--------	d-----w-	c:\program files\MirandaX Plus 2.5

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-21 11:32 . 2010-04-11 19:58	--------	d-----w-	c:\users\User\AppData\Roaming\vlc
2010-05-20 08:03 . 2006-11-02 15:33	641344	----a-w-	c:\windows\system32\perfh007.dat
2010-05-20 08:03 . 2006-11-02 15:33	116706	----a-w-	c:\windows\system32\perfc007.dat
2010-05-19 21:40 . 2005-12-31 23:51	248624	----a-w-	c:\users\User\AppData\Roaming\nvModes.dat
2010-05-19 20:44 . 2008-09-23 20:10	--------	d-----w-	c:\users\User\AppData\Roaming\ICQ
2010-05-13 09:29 . 2008-10-21 12:59	--------	d-----w-	c:\program files\VstPlugins
2010-05-12 19:12 . 2009-03-30 19:54	--------	d-----w-	c:\users\User\AppData\Roaming\IrfanView
2010-05-06 08:36 . 2010-01-21 14:14	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-05 07:54 . 2006-01-01 11:13	--------	d-----w-	c:\program files\Java
2010-05-02 07:50 . 2008-09-23 20:06	--------	d-----w-	c:\program files\Opera
2010-04-27 10:31 . 2006-01-01 09:52	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-04-27 10:30 . 2008-09-23 20:10	--------	d-----w-	c:\programdata\ICQ
2010-04-27 10:09 . 2006-01-01 03:35	91864	----a-w-	c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-27 08:57 . 2009-02-02 17:28	--------	d-----w-	c:\program files\MirandaX Ardena
2010-04-18 17:46 . 2010-04-18 17:42	--------	d-----w-	c:\program files\MediacoderSE
2010-04-10 23:25 . 2008-12-26 18:17	--------	d-----w-	c:\users\User\AppData\Roaming\dvdcss
2010-04-02 07:49 . 2006-01-01 11:13	--------	d-----w-	c:\program files\Common Files\Java
2010-03-28 09:34 . 2010-03-28 09:34	--------	d-----w-	c:\users\User\AppData\Roaming\Avira
2010-03-24 16:18 . 2010-03-24 16:18	--------	d-----w-	c:\program files\MSECache
2010-03-24 15:01 . 2009-01-20 11:27	--------	d-----w-	c:\program files\Miranda IM
2010-03-06 13:16 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2010-03-05 13:40 . 2010-03-05 13:40	1808896	----a-w-	c:\windows\system32\NlsLexicons0046.dll
2010-03-05 13:39 . 2010-03-05 13:39	9892864	----a-w-	c:\windows\system32\NlsLexicons000a.dll
2010-03-05 13:36 . 2010-03-05 13:36	61440	----a-w-	c:\windows\system32\ntprint.exe
2010-03-01 07:05 . 2009-07-06 10:15	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2009-09-25 16:41 . 2009-09-25 16:41	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-03-17 13:45	2355224	----a-w-	c:\program files\softonic-de3\tbsoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Valve\Steam\\Steam.exe" [2004-09-29 1208320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-10-20 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 180224]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 317128]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows scvhost
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winwce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44	3883840	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57	153136	----a-w-	c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Miranda IM"=c:\program files\MirandaX Ardena\MirandaX-Ardena.exe
"Uniblue RegistryBooster 2"=c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3000942581-1898625692-2028073255-1000]
"EnableNotificationsRef"=dword:00000001

R3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [2008-12-01 29184]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vdgxhb1s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - component: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - component: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll
FF - component: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vdgxhb1s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-21 14:42
Windows 6.0.6000  NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-05-21  14:49:03
ComboFix-quarantined-files.txt  2010-05-21 12:48

Vor Suchlauf: 13 Verzeichnis(se), 33.407.164.416 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 33.387.155.456 Bytes frei

- - End Of File - - 8E0B3885A886A95B5E4E94E843FDFFA4
         
Gruß
Christian

Alt 21.05.2010, 15:20   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Svchost.exe lastet System ständig aus. - Standard

Svchost.exe lastet System ständig aus.



Zitat:
c:\users\user\appdata\local\opera\opera\temporary_downloads\keygen.regcure.1.5.0.0.exe
Ok, hier ist die Sache leider zu Ende...

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.05.2010, 17:55   #14
Chris1190
 
Svchost.exe lastet System ständig aus. - Standard

Svchost.exe lastet System ständig aus.



Naja, schade.
Auch wenn die Software nicht wissentlich von mir benutzt wurde.
Gut, dann kommt der Laptop eben weg.
Danke trotzdem für die Hilfe.

Gruß
Christian

Antwort

Themen zu Svchost.exe lastet System ständig aus.
adobe, antivir, antivir guard, auslastung, avg, avira, bho, defender, desktop, excel, explorer, hijack, hijackthis, internet, internet explorer, launch, manuel, monitor, problem, rundll, software, svchost.exe, system, vista, windows, windows updates



Ähnliche Themen: Svchost.exe lastet System ständig aus.


  1. svhost.exe lastet permanent das System zu 70% aus
    Log-Analyse und Auswertung - 21.02.2014 (1)
  2. XP: svchost.exe lastet cpu aus
    Log-Analyse und Auswertung - 17.12.2013 (3)
  3. Internet sehr langsam, svchost lastet CPU aus
    Log-Analyse und Auswertung - 26.06.2011 (6)
  4. svchost.exe lastet CPU aus wenn Firefox Seiten läd
    Log-Analyse und Auswertung - 15.04.2011 (7)
  5. svchost.exe lastet meinen Speicher aus
    Log-Analyse und Auswertung - 23.02.2011 (33)
  6. svchost.exe lastet computer aus und...
    Log-Analyse und Auswertung - 15.01.2011 (9)
  7. PC läuft sehr langsam, svchost.exe lastet das System extrem aus
    Plagegeister aller Art und deren Bekämpfung - 13.09.2010 (24)
  8. svchost.exe lastet den PC in allen Bereichen (Festplate, Netzwerk, CPU) aus
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (2)
  9. svchost.exe lastet mein System 98% aus!
    Plagegeister aller Art und deren Bekämpfung - 31.08.2010 (11)
  10. Bei Internetverbindung lastet svchost.exe den CPU 100 % aus
    Plagegeister aller Art und deren Bekämpfung - 18.06.2010 (29)
  11. Svchost lastet pc vollkommen aus!Virus im Spiel?
    Log-Analyse und Auswertung - 15.06.2010 (24)
  12. Svchost.exe lastet CPU zu fast 100% aus / AntiVir findet 'TR/Crypt.ZPACK.Gen'
    Plagegeister aller Art und deren Bekämpfung - 14.06.2010 (8)
  13. svchost.exe lastet System bei Internetverbindung aus!
    Plagegeister aller Art und deren Bekämpfung - 10.06.2010 (24)
  14. svchost.exe lastet System aus!
    Log-Analyse und Auswertung - 09.01.2010 (9)
  15. svchost.exe lastet cpu aus!
    Log-Analyse und Auswertung - 27.07.2008 (2)
  16. svchost.exe lastet cpu aus!
    Mülltonne - 27.07.2008 (0)
  17. bdss lastet mein System aus
    Plagegeister aller Art und deren Bekämpfung - 17.04.2006 (3)

Zum Thema Svchost.exe lastet System ständig aus. - Hallo, Ich hab, wie bereits in der Überschrift erwähnt, ein Problem mit svchost.exe. Zwar wurde über dieses, oder ähnliches, Problem schon oftmals hier im Forum diskutiert aber es war keine - Svchost.exe lastet System ständig aus....
Archiv
Du betrachtest: Svchost.exe lastet System ständig aus. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.