Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows Dienste funktionieren nicht, keine Internetverbindung möglich

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.09.2010, 23:23   #1
an123
 
Windows Dienste funktionieren nicht, keine Internetverbindung möglich - Standard

Windows Dienste funktionieren nicht, keine Internetverbindung möglich



Guten Abend,

ich möchte um Rat für die Lösung folgender Probleme bitten, die seit heute Morgen auf meinem Desktop bestehen:

-das System bootet extrem langsam
-eine Internetverbindung lässt sich nicht herstellen
-viele Windowsdienste können nicht gestartet werden, z.b. Netzwerk- und Freigabecenter, Windows Firewall, Windows Update, etc.
-keine Systemwiederherstellung möglich

Folgende Maßnahmen habe ich bisher durchgeführt:

-Vollständiger Systemscan mit Avira Antivir Personal: kein Fund!
-cmd.exe mit sfc /scannow: keine Integritätsverletzung gefunden!
-highjackthis, otl und GMER durchlaufen lassen, logs folgen.
-Systemwiederherstellung mit verschiedenen Wiederherstellungspunkten fehlgeschlagen.

Für Hilfe und Anleitungen zur Problemlösung wäre ich sehr dankbar.
Mit freundlichen Grüßen

Code:
ATTFilter
OTL logfile created on: 28.09.2010 23:24:05 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 688,54 Gb Total Space | 543,48 Gb Free Space | 78,93% Space Free | Partition Type: NTFS
Drive D: | 10,10 Gb Total Space | 1,38 Gb Free Space | 13,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PcdrNdisuio) -- C:\Windows\System32\DRIVERS\pcdrndisuio.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (acedrv11) -- C:\WINDOWS\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (igfx) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (netr73) -- C:\WINDOWS\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HCW85BDA) -- C:\WINDOWS\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV - (RtNdPt60) -- C:\WINDOWS\System32\drivers\RtNdPt60.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (PDNMp50) -- C:\WINDOWS\System32\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PDNSp50) -- C:\WINDOWS\System32\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (w810bus) Sony Ericsson W810 Driver driver (WDM) -- C:\WINDOWS\System32\drivers\w810bus.sys (MCCI)
DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.05.26 22:22:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 15:11:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 15:11:58 | 000,000,000 | ---D | M]
 
[2009.11.05 18:49:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.09.27 19:19:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1ajscmj5.default\extensions
[2010.05.07 15:14:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1ajscmj5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.07 15:14:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1ajscmj5.default\extensions\firebug@software.joehewitt.com
[2010.08.30 11:33:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.05 20:54:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.30 11:33:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
[2010.03.17 17:43:27 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.17 17:43:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.17 17:43:27 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.17 17:43:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.17 17:43:27 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Peggle/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} hxxp://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab (EPUImageControl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Peggle/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://www.popcap.com/webgames/popcaploader_v10_de.cab (PopCapLoader Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.12 22:03:52 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\Shell - "" = AutoRun
O33 - MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.28 23:07:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2010.09.28 23:07:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.09.26 09:40:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ScreeNet iSaver
[2010.09.26 09:40:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ScreeNet iSaver
[2010.09.15 19:22:33 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Bewerbungen
[2010.09.15 14:18:59 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.15 10:49:38 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ARBEITSPLATZ
[2010.09.10 09:46:00 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\button
[2010.09.09 11:54:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\german
[2010.09.01 13:45:35 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\alice
[2010.08.31 19:09:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Nikon
[2010.08.31 19:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Applause and Laugher
[2010.08.31 19:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Ambience
[2010.08.31 19:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\vhosts
[2010.08.30 11:33:54 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.30 11:33:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.30 11:33:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009.01.16 19:58:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.28 23:08:19 | 003,145,728 | ---- | M] () -- C:\Users\***\ntuser.dat
[2010.09.28 23:00:23 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.28 23:00:22 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.28 23:00:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.28 23:00:17 | 3218,350,080 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.28 22:59:26 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{43f5bba8-01e0-11df-81a8-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010.09.28 22:59:26 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{43f5bba8-01e0-11df-81a8-806e6f6e6963}.TM.blf
[2010.09.28 22:59:22 | 003,195,306 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.09.28 16:27:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.09.28 12:21:20 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2010.09.27 22:37:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.27 10:00:30 | 000,010,498 | ---- | M] () -- C:\Users\***\Documents\aachener_briefdl.docx
[2010.09.27 09:58:39 | 000,011,138 | ---- | M] () -- C:\Users\***\Documents\aachener_kabelanschluss.docx
[2010.09.26 18:05:36 | 000,014,848 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.25 14:28:56 | 005,621,767 | ---- | M] () -- C:\Users\***\Documents\reference-brochure-2010.pdf
[2010.09.22 14:02:03 | 000,010,394 | ---- | M] () -- C:\Users\***\Documents\jobcenter_briefdl.docx
[2010.09.17 09:26:10 | 000,011,136 | ---- | M] () -- C:\Users\***\Documents\betriebskosten2.docx
[2010.09.16 16:55:23 | 000,670,286 | ---- | M] () -- C:\Users\***\Desktop\auszug.jpg
[2010.09.16 16:00:36 | 000,016,765 | ---- | M] () -- C:\Users\***\Documents\anwalt_ebay.docx
[2010.09.16 07:48:30 | 000,658,433 | ---- | M] () -- C:\Users\***\Desktop\Scannen0001.jpg
[2010.09.15 23:09:40 | 000,016,748 | ---- | M] () -- C:\Users\***\Documents\anwalt_ebay2.docx
[2010.09.15 17:18:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdy.DAT
[2010.09.15 16:48:25 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.09.15 16:48:25 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Roaming\Sports
[2010.09.15 16:48:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\Speech Enhancer
[2010.09.15 16:48:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\Smooth Strings
[2010.09.14 18:34:37 | 000,001,802 | ---- | M] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2010.09.13 07:48:08 | 001,230,477 | ---- | M] () -- C:\Users\***\Desktop\Bewerbungsfoto.JPG
[2010.09.13 06:57:38 | 000,011,668 | ---- | M] () -- C:\Users\***\Documents\bewerbungen.docx
[2010.09.12 19:26:28 | 000,001,456 | ---- | M] () -- C:\Users\***\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010.09.12 15:34:50 | 000,415,767 | ---- | M] () -- C:\Users\***\Documents\lebenslauf.pdf
[2010.09.09 17:17:35 | 000,000,111 | ---- | M] () -- C:\Windows\telephon.ini
[2010.09.06 15:19:47 | 000,010,332 | ---- | M] () -- C:\Users\***\Documents\jobcenter_briefc6.docx
[2010.09.06 15:02:25 | 000,011,054 | ---- | M] () -- C:\Users\***\Documents\betriebskosten.docx
[2010.08.31 19:09:41 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2010.08.31 19:08:25 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\ViewNX 2.lnk
[2010.08.31 19:08:13 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Super Strings
[2010.08.31 19:08:13 | 000,000,268 | RH-- | M] () -- C:\Users\***\AppData\Roaming\String Comparison
[2010.08.31 19:08:13 | 000,000,268 | RH-- | M] () -- C:\Users\***\AppData\Roaming\Stingers
[2010.08.31 19:08:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2010.08.31 19:08:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT
[2010.08.31 19:08:12 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Strings
[2010.08.31 19:08:12 | 000,000,268 | RH-- | M] () -- C:\Users\***\AppData\Roaming\StatusSheet
[2010.08.31 10:43:08 | 000,011,611 | ---- | M] () -- C:\Users\***\Documents\Barbara Ullman1.docx  jobcenter.docx
[2010.08.30 16:44:15 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.27 09:59:09 | 000,010,498 | ---- | C] () -- C:\Users\***\Documents\aachener_briefdl.docx
[2010.09.27 09:58:38 | 000,011,138 | ---- | C] () -- C:\Users\***\Documents\aachener_kabelanschluss.docx
[2010.09.25 14:28:56 | 005,621,767 | ---- | C] () -- C:\Users\***\Documents\reference-brochure-2010.pdf
[2010.09.22 14:02:02 | 000,010,394 | ---- | C] () -- C:\Users\***\Documents\jobcenter_briefdl.docx
[2010.09.17 09:18:42 | 000,011,136 | ---- | C] () -- C:\Users\***\Documents\betriebskosten2.docx
[2010.09.16 16:50:56 | 000,670,286 | ---- | C] () -- C:\Users\***\Desktop\auszug.jpg
[2010.09.15 19:27:22 | 000,016,748 | ---- | C] () -- C:\Users\***\Documents\anwalt_ebay2.docx
[2010.09.15 16:48:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\Speech Enhancer
[2010.09.15 16:48:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\Smooth Strings
[2010.09.13 07:46:51 | 001,230,477 | ---- | C] () -- C:\Users\***\Desktop\Bewerbungsfoto.JPG
[2010.09.13 06:57:37 | 000,011,668 | ---- | C] () -- C:\Users\***\Documents\bewerbungen.docx
[2010.09.12 21:55:09 | 000,658,433 | ---- | C] () -- C:\Users\***\Desktop\Scannen0001.jpg
[2010.09.12 15:34:50 | 000,415,767 | ---- | C] () -- C:\Users\***\Documents\lebenslauf.pdf
[2010.09.11 20:26:20 | 000,016,765 | ---- | C] () -- C:\Users\***\Documents\anwalt_ebay.docx
[2010.09.09 17:17:35 | 000,000,111 | ---- | C] () -- C:\Windows\telephon.ini
[2010.09.09 13:31:05 | 000,001,456 | ---- | C] () -- C:\Users\***\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010.09.06 15:19:47 | 000,010,332 | ---- | C] () -- C:\Users\***\Documents\jobcenter_briefc6.docx
[2010.09.06 14:58:38 | 000,011,054 | ---- | C] () -- C:\Users\***\Documents\betriebskosten.docx
[2010.08.31 19:08:25 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\ViewNX 2.lnk
[2010.08.31 19:08:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Super Strings
[2010.08.31 19:08:13 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\String Comparison
[2010.08.31 19:08:13 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Stingers
[2010.08.31 19:08:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010.08.31 19:08:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010.08.31 19:08:12 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Strings
[2010.08.31 19:08:12 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\StatusSheet
[2010.08.31 19:08:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2010.08.31 10:37:01 | 000,011,611 | ---- | C] () -- C:\Users\***\Documents\Barbara Ullman1.docx  jobcenter.docx
[2010.08.03 11:33:03 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Stingers
[2010.08.03 11:33:03 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Standard Tool
[2010.08.03 11:31:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2010.07.15 17:53:23 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.07.15 17:53:23 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\Sports
[2010.07.15 17:51:37 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Standard Tool
[2010.07.15 17:51:37 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Specifications
[2010.07.15 17:51:37 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010.05.31 22:09:07 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2009.06.03 18:29:18 | 000,000,046 | ---- | C] () -- C:\Windows\PCCT.INI
[2009.06.03 18:13:05 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.06.03 18:12:37 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.05.27 18:01:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.14 18:19:42 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{da73ac2f-4095-11de-b27d-bf7f517b369e}.TMContainer00000000000000000002.regtrans-ms
[2009.05.14 18:19:42 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{da73ac2f-4095-11de-b27d-bf7f517b369e}.TMContainer00000000000000000001.regtrans-ms
[2009.05.14 18:19:42 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2009.05.14 18:19:42 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{da73ac2f-4095-11de-b27d-bf7f517b369e}.TM.blf
[2009.05.14 18:19:42 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2009.05.14 18:19:42 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2009.01.16 19:59:31 | 000,000,033 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.log
[2009.01.16 19:58:41 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe
[2009.01.16 19:58:41 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat
[2009.01.16 19:58:41 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf
[2008.10.02 13:09:05 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008.06.28 13:25:24 | 000,014,848 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.28 20:33:48 | 000,001,802 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2008.05.09 09:32:50 | 001,869,020 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2008.05.08 20:42:41 | 000,002,032 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.03.25 17:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008.03.04 18:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2007.12.12 21:57:56 | 000,002,963 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007.12.12 21:54:34 | 000,003,758 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2007.12.12 21:54:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007.12.12 21:42:25 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007.12.12 21:42:25 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007.10.31 09:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007.05.17 13:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.07.01 15:33:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.09.24 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2009.06.03 18:14:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2009.04.13 12:22:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON
[2010.07.15 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon
[2009.10.18 11:21:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2009.06.03 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc
[2010.01.19 19:18:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2010.09.26 09:40:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScreeNet iSaver
[2008.05.28 22:04:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SpinTop
[2010.05.26 22:49:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009.03.24 21:27:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2008.06.27 17:32:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teleca
[2008.05.28 20:34:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2009.06.02 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thies Gerken
[2009.03.24 21:07:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.07.31 16:04:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso
[2008.05.08 20:19:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch
[2010.09.27 22:37:16 | 000,032,534 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B8AF0F0F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E35A81F4
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D2C51E3D
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1AE68282
< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 28.09.2010 23:24:05 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 688,54 Gb Total Space | 543,48 Gb Free Space | 78,93% Space Free | Partition Type: NTFS
Drive D: | 10,10 Gb Total Space | 1,38 Gb Free Space | 13,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1847F71B-2FAE-4FA4-A9EA-402D785F118C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{209ED1EA-0DD5-458F-B625-29201437CE6D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{30C59CD1-F4DA-4E73-80B3-ED7E2E01CAAA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3D8D576E-8758-41A0-8075-56F0447E0041}" = lport=138 | protocol=17 | dir=in | app=system | 
"{437F064F-55AE-4543-9DB0-3975E5B0F77A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4A4A2B59-3A7F-4831-895F-769F42048831}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{57183347-21B1-49DF-BA54-8DA509C21606}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{70D704E5-A243-41A1-B092-CECA0B69C1E3}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface | 
"{75FDF4DC-C985-4C49-83A7-23F76FFAA1FF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9417C674-250C-4967-BCAF-F55EAA9BA8AF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CE522DAC-0132-42EE-A728-44A39CA88840}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DB994D2F-5A32-4B54-8547-A21F66FB2D1E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E02479E2-D8A7-4326-BE2B-25B7EB70DF1D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AC8A79A-98DC-41DE-9FA9-43B4F87A2587}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{229B094F-9640-4758-B638-995FC1268B37}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{2CB2AF92-330E-4080-B3D4-59B695F53FB3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5C381146-2D0C-4159-9A94-7DB34B872FBD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7091A608-9F5F-464B-8495-5DF58EE15F79}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A4AAAC66-B600-4908-A69D-80A2B8C15F41}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B3E9C747-5864-462B-ACCE-73308A195ACA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B421620D-3E2D-4D40-A4B5-0243942BA896}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{E7303157-170E-4F15-9FA3-6B428E5BD533}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"TCP Query User{1FF98999-3102-45EA-9000-F1B543E06DA1}C:\program files\spectracal\pattern generator\patgen.exe" = protocol=6 | dir=in | app=c:\program files\spectracal\pattern generator\patgen.exe | 
"TCP Query User{518B6B35-B335-45FD-96BC-C2B3D426FD65}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe | 
"TCP Query User{AC35CBA3-2129-466B-8A0F-6B2CB9B0CD5F}C:\program files\spectracal\pattern generator\patgen.exe" = protocol=6 | dir=in | app=c:\program files\spectracal\pattern generator\patgen.exe | 
"UDP Query User{0CEA07D4-498B-4094-9148-10ED5FC113BB}C:\program files\spectracal\pattern generator\patgen.exe" = protocol=17 | dir=in | app=c:\program files\spectracal\pattern generator\patgen.exe | 
"UDP Query User{D4A09DE1-D33D-4782-A20A-0F74710C3F6D}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe | 
"UDP Query User{D4B50DB5-E490-491A-8DD2-4728D80C0046}C:\program files\spectracal\pattern generator\patgen.exe" = protocol=17 | dir=in | app=c:\program files\spectracal\pattern generator\patgen.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3581a349-e9e0-474b-92c4-5d887eb9d5f4}" = DJ_SF_03_D2500_Software
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4a1789a1-33fd-427e-9027-dec4d7fe8fa5}" = D2500
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5680dfaf-b87b-455b-a0b1-0c77eb0b03ca}" = DJ_SF_03_D2500_Software_Min
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ac55e361-642f-46af-81f5-1c69fedb6706}" = DJ_SF_03_D2500_ProductContext
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_934" = Adobe Acrobat 9.3.4 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{c6d55c99-0700-44f6-8c46-3a0a14ee3d4c}" = D2500_Help
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EE531675-A09C-51DD-F356-ECA9D6857039}" = Adobe Community Help
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAC36425-4266-4DE4-9CB5-68FB4FB9385A}" = CalMAN Pattern Generator
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alice" = Alice-Installationsdateien entfernen
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.4.1
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25180)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"TuneUp Utilities" = TuneUp Utilities
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >
         
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:38:52, on 28.09.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Users\***\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Peggle/Images/stg_drm.ocx
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - hxxp://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Peggle/Images/armhelper.ocx
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - hxxp://www.popcap.com/webgames/popcaploader_v10_de.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7194 bytes
         
Code:
ATTFilter
GMER 1.0.15.14966 - hxxp://www.gmer.net
Rootkit scan 2010-09-28 22:52:49
Windows 6.0.6002 Service Pack 2


---- Kernel code sections - GMER 1.0.15 ----

PAGE            spsys.sys!?SPVersion@@3PADA + 1ABF                                                                   9F06D03F 110 Bytes  [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE            spsys.sys!?SPVersion@@3PADA + 1B2F                                                                   9F06D0AF 1 Byte  [16]
PAGE            spsys.sys!?SPVersion@@3PADA + 1B2F                                                                   9F06D0AF 128 Bytes  [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE            spsys.sys!?SPVersion@@3PADA + 1BB0                                                                   9F06D130 6 Bytes  [0E, 83, 78, 14, 01, 75]
PAGE            spsys.sys!?SPVersion@@3PADA + 1BB7                                                                   9F06D137 2298 Bytes  [83, 78, 18, 37, 75, 02, B3, ...]
PAGE            ...                                                                                                  

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                [747C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]                 [7481A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]             [747CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]       [747BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]                 [747C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]              [747BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [747F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]     [747CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]             [747BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]              [747BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]               [747B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]       [7484CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile]          [747EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]             [747BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                       [747B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                      [747B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]         [747C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat              0xDA 0x95 0xA4 0x5D ...

---- Files - GMER 1.0.15 ----

File            C:\WINDOWS\System32\LogFiles\Scm\SCM.EVM                                                             (size mismatch) 12877824/3932160 bytes
File            C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl                                 (size mismatch) 98848/98696 bytes
File            C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl                                   (size mismatch) 700720/699928 bytes
File            C:\WINDOWS\System32\LogFiles\WUDF\WUDFTrace.etl                                                      (size mismatch) 36864/24576 bytes
File            C:\WINDOWS\System32\WDI\LogFiles\WdiContextLog.etl.002                                               (size mismatch) 770048/655360 bytes

---- EOF - GMER 1.0.15 ----
         

Alt 29.09.2010, 10:36   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Dienste funktionieren nicht, keine Internetverbindung möglich - Standard

Windows Dienste funktionieren nicht, keine Internetverbindung möglich



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O33 - MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\Shell - "" = AutoRun
O33 - MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B8AF0F0F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E35A81F4
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D2C51E3D
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1AE68282
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________

__________________

Alt 29.09.2010, 11:47   #3
an123
 
Windows Dienste funktionieren nicht, keine Internetverbindung möglich - Standard

Windows Dienste funktionieren nicht, keine Internetverbindung möglich



Hallo Arne,

erstmal vielen Dank für Deine Antwort und die Anleitung, folgend die Logfile nach dem fix

Gruß

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0124123D-61B4-456f-AF86-78C53A0790C5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49a23e54-e3da-11dd-9041-9c38debfc506}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49a23e54-e3da-11dd-9041-9c38debfc506}\ not found.
File L:\LaunchU3.exe not found.
ADS C:\ProgramData\TEMP:B8AF0F0F deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:E35A81F4 deleted successfully.
ADS C:\ProgramData\TEMP:D2C51E3D deleted successfully.
ADS C:\ProgramData\TEMP:1AE68282 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 52322720 bytes
->Java cache emptied: 89371265 bytes
->FireFox cache emptied: 117422020 bytes
->Flash cache emptied: 395145 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 827661 bytes
RecycleBin emptied: 82648851 bytes
 
Total Files Cleaned = 327,00 mb
 
 
OTL by OldTimer - Version 3.2.14.1 log created on 09292010_123309

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
__________________

Alt 29.09.2010, 13:59   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Dienste funktionieren nicht, keine Internetverbindung möglich - Standard

Windows Dienste funktionieren nicht, keine Internetverbindung möglich



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.09.2010, 15:07   #5
an123
 
Windows Dienste funktionieren nicht, keine Internetverbindung möglich - Standard

Windows Dienste funktionieren nicht, keine Internetverbindung möglich



Hallo Arne,

vielen Dank. Hier die Combofix Logfile.

Code:
ATTFilter
ComboFix 10-09-28.03 - *** 29.09.2010  15:33:39.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3071.2444 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\***\AppData\Roaming\inst.exe
c:\users\***\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.ComfyCakesSave-ms.pif
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-28 bis 2010-09-29  ))))))))))))))))))))))))))))))
.

2010-09-29 13:43 . 2010-09-29 13:43	--------	d-----w-	c:\users\***\AppData\Local\temp
2010-09-29 13:43 . 2010-09-29 13:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-29 13:19 . 2010-09-29 13:19	--------	d-----w-	c:\program files\CCleaner
2010-09-29 10:33 . 2010-09-29 10:33	--------	d-----w-	C:\_OTL
2010-09-26 07:40 . 2010-09-26 07:40	--------	d-----w-	c:\users\***\AppData\Roaming\ScreeNet iSaver
2010-09-26 07:40 . 2010-09-26 07:40	--------	d-----w-	c:\users\***\AppData\Local\ScreeNet iSaver
2010-09-17 09:32 . 2010-09-17 09:32	1079048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-15 12:19 . 2010-04-16 16:46	502272	----a-w-	c:\windows\system32\usp10.dll
2010-09-15 12:19 . 2010-08-17 14:11	128000	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-15 12:18 . 2010-04-05 17:02	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2010-09-15 12:18 . 2010-05-27 20:08	739328	----a-w-	c:\windows\system32\inetcomm.dll
2010-08-31 17:09 . 2010-08-31 17:09	--------	d-----w-	c:\users\***\AppData\Local\Nikon
2010-08-31 17:08 . 2010-08-31 17:08	--------	d-----w-	c:\programdata\Applause and Laugher
2010-08-31 17:08 . 2010-08-31 17:08	--------	d-----w-	c:\programdata\Ambience
2010-08-31 17:08 . 2010-08-31 17:08	--------	d-----w-	c:\programdata\vhosts

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 23:15 . 2009-07-11 12:54	--------	d-----w-	c:\users\***\AppData\Roaming\FileZilla
2010-09-28 10:05 . 2008-10-02 11:23	--------	d-----w-	c:\programdata\FLEXnet
2010-09-26 08:44 . 2007-12-12 19:53	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-09-15 15:18 . 2010-07-15 15:52	--------	d-----w-	c:\program files\Common Files\Nikon
2010-09-15 15:18 . 2010-07-15 15:52	--------	d-----w-	c:\program files\Nikon
2010-09-15 15:18 . 2010-08-03 09:31	20	---h--w-	c:\programdata\PKP_DLdy.DAT
2010-09-15 14:48 . 2010-07-15 15:53	0	---h--w-	c:\programdata\PKP_DLdw.DAT
2010-09-15 12:22 . 2009-01-19 15:46	--------	d-----w-	c:\programdata\Microsoft Help
2010-09-15 12:20 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-09-14 16:34 . 2008-05-28 18:33	1802	----a-w-	c:\users\***\AppData\Roaming\wklnhst.dat
2010-09-09 15:17 . 2007-12-12 20:12	--------	d-----w-	c:\program files\Alice
2010-09-04 17:48 . 2009-11-08 01:11	--------	d-----w-	c:\program files\FileZilla FTP Client
2010-08-31 17:11 . 2010-07-15 15:52	--------	d-----w-	c:\programdata\Nikon
2010-08-31 17:09 . 2010-08-31 17:08	20	---h--w-	c:\programdata\PKP_DLet.DAT
2010-08-31 17:08 . 2010-07-15 15:54	57344	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-08-31 17:08 . 2010-08-31 17:08	20	---h--w-	c:\programdata\PKP_DLev.DAT
2010-08-31 17:08 . 2010-08-31 17:08	20	---h--w-	c:\programdata\PKP_DLes.DAT
2010-08-31 17:08 . 2010-07-15 15:51	--------	d-----w-	c:\programdata\Ultima_T15
2010-08-31 17:08 . 2010-07-15 15:51	--------	d-----w-	c:\programdata\EnterNHelp
2010-08-30 14:44 . 2010-07-15 15:51	20	---h--w-	c:\programdata\PKP_DLdu.DAT
2010-08-30 09:33 . 2007-12-12 20:04	--------	d-----w-	c:\program files\Java
2010-08-11 19:43 . 2007-12-12 20:05	--------	d-----w-	c:\program files\Microsoft Works
2010-08-09 22:23 . 2010-08-09 22:23	39323536	----a-w-	c:\users\***\AppData\Roaming\Nikon\Message Center\DOWNLOAD_LOG\14998\S-CCPRO_-271WU-___DE-32BIT_.exe
2010-08-09 22:18 . 2010-07-15 15:55	49152	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2010-08-09 22:18 . 2010-08-09 22:18	335872	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2010-08-03 09:33 . 2010-08-03 09:33	--------	d-----w-	c:\programdata\Vocal Transformer
2010-07-31 14:04 . 2009-01-16 17:58	47360	----a-w-	c:\users\***\AppData\Roaming\pcouffin.sys
2010-07-31 14:04 . 2009-01-16 17:58	47360	----a-w-	c:\users\***\AppData\Roaming\pcouffin.sys
2010-07-31 14:04 . 2009-01-16 17:58	--------	d-----w-	c:\users\***\AppData\Roaming\Vso
2010-07-17 03:00 . 2010-05-05 18:54	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-07-12 10:33 . 2010-07-12 10:32	197688	----a-w-	c:\users\***\AppData\Roaming\Microsoft\Clip Organizer\mstore10.mgc
2010-07-12 10:33 . 2010-07-12 10:32	148512	----a-w-	c:\users\***\AppData\Roaming\Microsoft\Clip Organizer\Offic10.MGC
2007-12-13 04:15 . 2007-12-13 04:02	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-18 21:33	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Nikon Message Center 2"=c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe -s
"Nikon Transfer Monitor"=c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-09-13 28160]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-10 1051976]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-10-01 1129344]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://alice.aol.de/
mStart Page = hxxp://alice.aol.de
IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ajscmj5.default\
FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\ProtectDisc\License Helper\NPPDLicenseHelper.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-29 15:43
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2010-09-29  15:48:19
ComboFix-quarantined-files.txt  2010-09-29 13:48

Vor Suchlauf: 7 Verzeichnis(se), 583.698.137.088 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 583.619.571.712 Bytes frei

- - End Of File - - 66E999D1EE65E0557355155932E23A6C
         


Alt 30.09.2010, 11:58   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Dienste funktionieren nicht, keine Internetverbindung möglich - Standard

Windows Dienste funktionieren nicht, keine Internetverbindung möglich



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
--> Windows Dienste funktionieren nicht, keine Internetverbindung möglich

Alt 30.09.2010, 12:39   #7
an123
 
Windows Dienste funktionieren nicht, keine Internetverbindung möglich - Standard

Windows Dienste funktionieren nicht, keine Internetverbindung möglich



Hallo Arne,

Gmer ist bei 2 Versuchen abgestürzt und für Osam kann ich den Online Malware Scanner nicht ausführen, weil von meinem Desktop keine Internetverbindung möglich ist (siehe Problembeschreibung). Gibt es weitere Alternativen zu diesen Tools für meinen Fall und soll ich den Bootkit Remover trotzdem laufen lassen?

Vielen Dank und Gruß

Alt 30.09.2010, 15:28   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Dienste funktionieren nicht, keine Internetverbindung möglich - Standard

Windows Dienste funktionieren nicht, keine Internetverbindung möglich



Die Online-Untersuchung zu OSAM bitte abbrechen. Ich brauch nur das Logfile.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.09.2010, 16:31   #9
an123
 
Windows Dienste funktionieren nicht, keine Internetverbindung möglich - Standard

Windows Dienste funktionieren nicht, keine Internetverbindung möglich



Hallo Arne,

hier die Bootkit remover Ausagbe:

698 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


und die OSAM Logfile

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:05:49 on 30.09.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PCDRNDISUIO Usermode I/O Protocol" (PcdrNdisuio) - ? - C:\Windows\System32\DRIVERS\pcdrndisuio.sys  (File not found)
"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNMp50.sys
"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNSp50.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - ? -   (File not found | COM-object registry key not found)
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{D821DC4A-0814-435E-9820-661C543A4679} "CRLDownloadWrapper Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\crlocx.ocx / hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
{4C39376E-FA9D-4349-BACC-D305C1750EF3} "EPUImageControl Class" - "eBay, Inc." - C:\Windows\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\Windows\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} "PopCapLoader Object" - ? - C:\Windows\Downloaded Program Files\popcaploader.dll  (File not found) / hxxp://www.popcap.com/webgames/popcaploader_v10_de.cab
{149E45D8-163E-4189-86FC-45022AB2B6C9} "SpinTop DRM Control" - "SpinTop Media Inc." - C:\Windows\DOWNLO~1\stg_drm.ocx / file:///C:/Program%20Files/Peggle/Images/stg_drm.ocx
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "{166B1BCA-3F9C-11CF-8075-444553540000}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} "{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}" - ? -   (File not found | COM-object registry key not found) / hxxp://dl.tvunetworks.com/TVUAx.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{CC450D71-CC90-424C-8638-1F2DBAC87A54} "{CC450D71-CC90-424C-8638-1F2DBAC87A54}" - ? -   (File not found | COM-object registry key not found) / file:///C:/Program%20Files/Peggle/Images/armhelper.ocx
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
<binary data> "Contribute Toolbar" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{074C1DC5-9320-4A9A-947D-C042949C6216} "ContributeBHO Class" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port Monitor" - "Adobe Systems Inc" - C:\Windows\system32\AdobePDF.dll
"PCL hpz3l5mu" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l5mu.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
Gruß und vielen Dank

Alt 30.09.2010, 17:20   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Dienste funktionieren nicht, keine Internetverbindung möglich - Standard

Windows Dienste funktionieren nicht, keine Internetverbindung möglich



Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.09.2010, 17:40   #11
an123
 
Windows Dienste funktionieren nicht, keine Internetverbindung möglich - Standard

Windows Dienste funktionieren nicht, keine Internetverbindung möglich



Hallo Arne,

hier die File der MBRCheck.exe

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	ASUSTeK Computer INC.
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		HP-Pavilion
System Product Name:		KJ253AA-ABD a6355.de
Logical Drives Mask:		0x000007bc

Kernel Drivers (total 142):
  0x82C0A000 \SystemRoot\system32\ntkrnlpa.exe
  0x82FC3000 \SystemRoot\system32\hal.dll
  0x8040A000 \SystemRoot\system32\kdcom.dll
  0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80481000 \SystemRoot\system32\PSHED.dll
  0x80492000 \SystemRoot\system32\BOOTVID.dll
  0x8049A000 \SystemRoot\system32\CLFS.SYS
  0x804DB000 \SystemRoot\system32\CI.dll
  0x80602000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8068B000 \SystemRoot\system32\drivers\acpi.sys
  0x806D1000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806DA000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806E2000 \SystemRoot\system32\drivers\pci.sys
  0x80709000 \SystemRoot\System32\drivers\partmgr.sys
  0x80718000 \SystemRoot\system32\drivers\volmgr.sys
  0x80727000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80771000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8320F000 \SystemRoot\system32\drivers\iastor.sys
  0x832D6000 \SystemRoot\system32\drivers\fltmgr.sys
  0x83308000 \SystemRoot\system32\drivers\fileinfo.sys
  0x83318000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x83322000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8AE09000 \SystemRoot\system32\drivers\ndis.sys
  0x8AF14000 \SystemRoot\system32\drivers\msrpc.sys
  0x8AF3F000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B000000 \SystemRoot\System32\drivers\tcpip.sys
  0x8B0EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8B202000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B312000 \SystemRoot\system32\drivers\volsnap.sys
  0x8B34B000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B353000 \SystemRoot\System32\Drivers\mup.sys
  0x8B362000 \SystemRoot\System32\drivers\ecache.sys
  0x8B389000 \SystemRoot\system32\drivers\disk.sys
  0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8B3BB000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8B3D1000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8B3DC000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8B3E5000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8F60E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8EE0C000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8EEAD000 \SystemRoot\System32\drivers\watchdog.sys
  0x8EEB9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8EEC4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8EF02000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8EF11000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8F000000 \SystemRoot\system32\drivers\HCW85BDA.sys
  0x8F114000 \SystemRoot\system32\drivers\BdaSup.SYS
  0x8F117000 \SystemRoot\system32\drivers\ks.sys
  0x8F141000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x8F15B000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x8F16B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x8F179000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8F191000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
  0x8F197000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8EF9E000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8F1C6000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8F1D1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8F1E8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8B1CC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8EFDF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8FDEA000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8AF7A000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8EFEE000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8F1F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8EE00000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8F1FE000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8F600000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x8B3F4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8B1EF000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8AF8F000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8AFC4000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x90200000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x83393000 \SystemRoot\system32\drivers\portcls.sys
  0x8AFD5000 \SystemRoot\system32\drivers\drmk.sys
  0x903F3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8AE00000 \SystemRoot\System32\Drivers\Null.SYS
  0x833C0000 \SystemRoot\System32\Drivers\Beep.SYS
  0x833E3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x833EA000 \SystemRoot\System32\drivers\vga.sys
  0x80781000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x833F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x83200000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x833C7000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x833D2000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x807A2000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x807AB000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x807C1000 \SystemRoot\system32\DRIVERS\smb.sys
  0x90402000 \SystemRoot\system32\drivers\afd.sys
  0x9044A000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x9047C000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x90492000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x904A0000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x904B3000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x904B9000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x904F5000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x904FF000 \SystemRoot\System32\Drivers\dfsc.sys
  0x90516000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x90538000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8B105000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x90545000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x9055A000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x97EA0000 \SystemRoot\System32\win32k.sys
  0x9055C000 \SystemRoot\System32\drivers\Dxapi.sys
  0x90566000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x9057D000 \SystemRoot\system32\DRIVERS\netr73.sys
  0x8B3C4000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x807D5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x807E5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x807EE000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x805BB000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x980C0000 \SystemRoot\System32\TSDDD.dll
  0x980E0000 \SystemRoot\System32\ATMFD.DLL
  0x805CA000 \SystemRoot\system32\drivers\luafv.sys
  0x805E5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x98130000 \SystemRoot\System32\cdd.dll
  0x8200D000 \SystemRoot\system32\drivers\spsys.sys
  0x820BD000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x820CD000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x820F7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x82101000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x82114000 \SystemRoot\system32\DRIVERS\RtNdPt60.sys
  0x82120000 \SystemRoot\system32\drivers\HTTP.sys
  0x8218D000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x821AA000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x821C3000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x821D8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA0C01000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA0C3A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA0C52000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA0C79000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA0CC7000 \??\C:\Windows\system32\drivers\acedrv11.sys
  0xA0D0A000 \SystemRoot\system32\drivers\peauth.sys
  0xA0DE8000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA0DF2000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA1E04000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA1E19000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xA1E2B000 \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
  0xA1E2C000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA1E42000 \SystemRoot\System32\Drivers\fastfat.SYS
  0xA1E6A000 \SystemRoot\system32\drivers\MSPQM.sys
  0x77C80000 \WINDOWS\System32\ntdll.dll

Processes (total 46):
       0 System Idle Process
       4 System
     488 C:\WINDOWS\System32\smss.exe
     556 csrss.exe
     612 C:\WINDOWS\System32\wininit.exe
     624 csrss.exe
     656 C:\WINDOWS\System32\services.exe
     668 C:\WINDOWS\System32\lsass.exe
     680 C:\WINDOWS\System32\lsm.exe
     824 C:\WINDOWS\System32\svchost.exe
     920 C:\WINDOWS\System32\svchost.exe
    1020 C:\WINDOWS\System32\svchost.exe
    1056 C:\WINDOWS\System32\svchost.exe
    1068 C:\WINDOWS\System32\svchost.exe
    1128 C:\WINDOWS\System32\audiodg.exe
    1152 C:\WINDOWS\System32\winlogon.exe
    1192 C:\WINDOWS\System32\svchost.exe
    1208 C:\WINDOWS\System32\SLsvc.exe
    1260 C:\WINDOWS\System32\svchost.exe
    1652 C:\WINDOWS\explorer.exe
    1732 C:\WINDOWS\System32\dwm.exe
    1816 C:\WINDOWS\System32\svchost.exe
     248 C:\Program Files\Avira\AntiVir Desktop\sched.exe
     312 C:\WINDOWS\System32\svchost.exe
    1308 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1436 C:\WINDOWS\System32\svchost.exe
    1548 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1220 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    1348 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1724 C:\WINDOWS\System32\svchost.exe
    1800 C:\WINDOWS\System32\svchost.exe
    1708 C:\WINDOWS\System32\svchost.exe
    1388 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
     432 WUDFHost.exe
    1544 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    2648 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2660 C:\WINDOWS\System32\rundll32.exe
    2688 WmiPrvSE.exe
    3888 C:\WINDOWS\System32\wbem\WMIADAP.exe
    3992 C:\WINDOWS\ehome\ehsched.exe
    4012 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    4060 C:\WINDOWS\ehome\ehrecvr.exe
    3340 dllhost.exe
    3020 dllhost.exe
    3252 C:\Users\***\Desktop\MBRCheck.exe
    3796 C:\WINDOWS\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000ac`227ab600  (NTFS)

PhysicalDrive0 Model Number: ST3750640AS, Rev: 3.CHN   

      Size  Device Name          MBR Status
  --------------------------------------------
    698 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: CEFD837A02A1F4445A136688B10013AE4399C2CF


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
         
Vielen Dank und Gruß

Alt 30.09.2010, 17:50   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Dienste funktionieren nicht, keine Internetverbindung möglich - Standard

Windows Dienste funktionieren nicht, keine Internetverbindung möglich



Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).
Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.09.2010, 18:25   #13
an123
 
Windows Dienste funktionieren nicht, keine Internetverbindung möglich - Standard

Windows Dienste funktionieren nicht, keine Internetverbindung möglich



Hallo Arne,

hab ich wie von Dir beschrieben durchgeführt, ist aber leider keine Besserung zu verzeichen.

Mit freundlichen Grüßen

Alt 30.09.2010, 19:10   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Dienste funktionieren nicht, keine Internetverbindung möglich - Standard

Windows Dienste funktionieren nicht, keine Internetverbindung möglich



Mach bitte ein neues Log mit MBRCheck, ich muss überprüfen ob jetzt ein andere Prüfsumme des MBR angezeigt wird.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.09.2010, 19:25   #15
an123
 
Windows Dienste funktionieren nicht, keine Internetverbindung möglich - Standard

Windows Dienste funktionieren nicht, keine Internetverbindung möglich



Hallo Arne,

hier die neue MBRCheck Logfile

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	ASUSTeK Computer INC.
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		HP-Pavilion
System Product Name:		KJ253AA-ABD a6355.de
Logical Drives Mask:		0x000007bc

Kernel Drivers (total 141):
  0x82C18000 \SystemRoot\system32\ntkrnlpa.exe
  0x82FD1000 \SystemRoot\system32\hal.dll
  0x80404000 \SystemRoot\system32\kdcom.dll
  0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8047B000 \SystemRoot\system32\PSHED.dll
  0x8048C000 \SystemRoot\system32\BOOTVID.dll
  0x80494000 \SystemRoot\system32\CLFS.SYS
  0x804D5000 \SystemRoot\system32\CI.dll
  0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8068E000 \SystemRoot\system32\drivers\acpi.sys
  0x806D4000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806DD000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806E5000 \SystemRoot\system32\drivers\pci.sys
  0x8070C000 \SystemRoot\System32\drivers\partmgr.sys
  0x8071B000 \SystemRoot\system32\drivers\volmgr.sys
  0x8072A000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80774000 \SystemRoot\System32\drivers\mountmgr.sys
  0x83201000 \SystemRoot\system32\drivers\iastor.sys
  0x832C8000 \SystemRoot\system32\drivers\fltmgr.sys
  0x832FA000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8330A000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x83314000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8AE09000 \SystemRoot\system32\drivers\ndis.sys
  0x8AF14000 \SystemRoot\system32\drivers\msrpc.sys
  0x8AF3F000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B007000 \SystemRoot\System32\drivers\tcpip.sys
  0x8B0F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8B20A000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B31A000 \SystemRoot\system32\drivers\volsnap.sys
  0x8B353000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B35B000 \SystemRoot\System32\Drivers\mup.sys
  0x8B36A000 \SystemRoot\System32\drivers\ecache.sys
  0x8B391000 \SystemRoot\system32\drivers\disk.sys
  0x8B3A2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8B3C3000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8B3D9000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8B3E4000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8B3ED000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8EC0B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8F40F000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8F4B0000 \SystemRoot\System32\drivers\watchdog.sys
  0x8F4BC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8F4C7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8F505000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8F514000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8F60B000 \SystemRoot\system32\drivers\HCW85BDA.sys
  0x8F71F000 \SystemRoot\system32\drivers\BdaSup.SYS
  0x8F722000 \SystemRoot\system32\drivers\ks.sys
  0x8F74C000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x8F766000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x8F776000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x8F784000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8F79C000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
  0x8F7A2000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8F5A1000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8F7D1000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8F7DC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8F7F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8B1D3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8F5E2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8F3E7000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8AF7A000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8AF8F000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8F600000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8F5F1000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8F7FE000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8F400000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x8EC00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8AF9F000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8AFAC000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8AFE1000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x90000000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x83385000 \SystemRoot\system32\drivers\portcls.sys
  0x833B2000 \SystemRoot\system32\drivers\drmk.sys
  0x901F3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8B200000 \SystemRoot\System32\Drivers\Null.SYS
  0x8B1F6000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8B000000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8AFF2000 \SystemRoot\System32\drivers\vga.sys
  0x833D7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8AE00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x833F8000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x80784000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8078F000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8079D000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x807A6000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x807BC000 \SystemRoot\system32\DRIVERS\smb.sys
  0x805B5000 \SystemRoot\system32\drivers\afd.sys
  0x90200000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x90232000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x90248000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x90256000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x90269000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x9026F000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x902AB000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x902B5000 \SystemRoot\System32\Drivers\dfsc.sys
  0x902CC000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x902EE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x90305000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x90307000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x90310000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x90320000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x90329000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x90331000 \SystemRoot\system32\DRIVERS\netr73.sys
  0x903B1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x903C6000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8B10C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x966A0000 \SystemRoot\System32\win32k.sys
  0x903D3000 \SystemRoot\System32\drivers\Dxapi.sys
  0x903DD000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x968C0000 \SystemRoot\System32\TSDDD.dll
  0x968E0000 \SystemRoot\System32\ATMFD.DLL
  0x807D0000 \SystemRoot\system32\drivers\luafv.sys
  0x807EB000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x96930000 \SystemRoot\System32\cdd.dll
  0x9E60A000 \SystemRoot\system32\drivers\spsys.sys
  0x9E6BA000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9E6CA000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9E6F4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9E6FE000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9E711000 \SystemRoot\system32\DRIVERS\RtNdPt60.sys
  0x9E71D000 \SystemRoot\system32\drivers\HTTP.sys
  0x9E78A000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9E7A7000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9E7C0000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9E7D5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA0C0D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA0C46000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA0C5E000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA0C85000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA0CD3000 \??\C:\Windows\system32\drivers\acedrv11.sys
  0xA0D16000 \SystemRoot\system32\drivers\peauth.sys
  0xA0DF4000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA0C00000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA1E04000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA1E19000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xA1E2B000 \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
  0xA1E2C000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA1E42000 \SystemRoot\system32\drivers\MSPQM.sys
  0x77820000 \WINDOWS\System32\ntdll.dll

Processes (total 44):
       0 System Idle Process
       4 System
     468 C:\WINDOWS\System32\smss.exe
     544 csrss.exe
     592 C:\WINDOWS\System32\wininit.exe
     604 csrss.exe
     636 C:\WINDOWS\System32\services.exe
     648 C:\WINDOWS\System32\lsass.exe
     660 C:\WINDOWS\System32\lsm.exe
     820 C:\WINDOWS\System32\svchost.exe
     916 C:\WINDOWS\System32\svchost.exe
    1008 C:\WINDOWS\System32\svchost.exe
    1040 C:\WINDOWS\System32\svchost.exe
    1052 C:\WINDOWS\System32\svchost.exe
    1116 C:\WINDOWS\System32\audiodg.exe
    1152 C:\WINDOWS\System32\winlogon.exe
    1168 C:\WINDOWS\System32\svchost.exe
    1192 C:\WINDOWS\System32\SLsvc.exe
    1252 C:\WINDOWS\System32\svchost.exe
    1636 C:\WINDOWS\explorer.exe
    1720 C:\WINDOWS\System32\dwm.exe
    1792 C:\WINDOWS\System32\svchost.exe
     244 C:\Program Files\Avira\AntiVir Desktop\sched.exe
     288 C:\WINDOWS\System32\svchost.exe
    1276 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1440 C:\WINDOWS\System32\svchost.exe
    1432 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
     708 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    1612 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1632 C:\WINDOWS\System32\svchost.exe
    1852 C:\WINDOWS\System32\svchost.exe
    1384 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    1944 WUDFHost.exe
     484 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    2468 C:\WINDOWS\System32\rundll32.exe
    2476 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3200 C:\WINDOWS\ehome\ehsched.exe
    3244 C:\WINDOWS\ehome\ehrecvr.exe
    3264 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    5600 WmiPrvSE.exe
     632 dllhost.exe
    4036 dllhost.exe
    1668 C:\Users\***\Desktop\MBRCheck.exe
     972 C:\WINDOWS\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000ac`227ab600  (NTFS)

PhysicalDrive0 Model Number: ST3750640AS, Rev: 3.CHN   

      Size  Device Name          MBR Status
  --------------------------------------------
    698 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
         
Vielen Dank und Gruß

Antwort

Themen zu Windows Dienste funktionieren nicht, keine Internetverbindung möglich
0 bytes, 32 bit, akamai, alternate, antivir, antivir guard, anwalt, avgntflt.sys, avira, bho, components, corp./icp, desktop, error, excel.exe, firefox, flash player, hijack, hijackthis, home, home premium, iastor.sys, install.exe, kein fund, keine internetverbindung, location, logfile, maßnahme, media center, microsoft office word, mozilla, nvlddmkm.sys, nvstor.sys, object, office 2007, oldtimer, otl logfile, otl.exe, programdata, realtek, registry, rundll, sched.exe, searchplugins, security, security update, senden, sfc /scannow, shell32.dll, software, super, system, vista, windows



Ähnliche Themen: Windows Dienste funktionieren nicht, keine Internetverbindung möglich


  1. Restart nachdem keine Internetverbindung möglich war und dann laufen irgendwelche Updates
    Plagegeister aller Art und deren Bekämpfung - 15.12.2015 (13)
  2. Windows 8.1: Proxyserver eingetragen - keine Internetverbindung möglich
    Plagegeister aller Art und deren Bekämpfung - 02.03.2015 (11)
  3. Nach Adware Cleaner Meldung: "Keine Internetverbindung". Keine Updates, kein Skype u.ä. mehr möglich!
    Antiviren-, Firewall- und andere Schutzprogramme - 08.01.2015 (15)
  4. Browser keine Internetverbindung, andere Programme sind verbunden und funktionieren
    Plagegeister aller Art und deren Bekämpfung - 26.11.2014 (7)
  5. Browser keine Internetverbindung, andere Programme sind verbunden und funktionieren (Windows 7)
    Alles rund um Windows - 23.11.2014 (3)
  6. Nach Avira Update keine Internetverbindung mehr möglich
    Antiviren-, Firewall- und andere Schutzprogramme - 14.08.2014 (2)
  7. Windows nach Virus neu aufgelegt und keine Internetverbindung (für mich) möglich
    Netzwerk und Hardware - 12.10.2013 (6)
  8. Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren
    Log-Analyse und Auswertung - 25.02.2013 (9)
  9. Avira findet ATRAPS.GEN und keine Internetverbindung möglich
    Log-Analyse und Auswertung - 17.05.2012 (6)
  10. Trotz Internetverbindung keine Verbindung zu bestimmten Seiten möglich
    Alles rund um Windows - 14.01.2012 (4)
  11. Keine Internetverbindung mehr möglich nach löschen von Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (1)
  12. Keine Internetverbindung mehr möglich
    Log-Analyse und Auswertung - 02.06.2010 (0)
  13. Fast alle Dienste deaktiviert! keine Aktivierungen mehr möglich...
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (0)
  14. Anti-Spyware Programme werden geblockt, viele Dienste funktionieren nicht
    Plagegeister aller Art und deren Bekämpfung - 18.04.2010 (3)
  15. Internetverbindung extrem langsam / keine Updates möglich
    Log-Analyse und Auswertung - 03.01.2009 (1)
  16. windows dienste abgeschaltet -> keine verbindung zu ISDN-Anlage mehr möglich
    Antiviren-, Firewall- und andere Schutzprogramme - 24.02.2005 (1)
  17. Keine Datenübermittlung trotz Internetverbindung möglich
    Netzwerk und Hardware - 25.10.2003 (2)

Zum Thema Windows Dienste funktionieren nicht, keine Internetverbindung möglich - Guten Abend, ich möchte um Rat für die Lösung folgender Probleme bitten, die seit heute Morgen auf meinem Desktop bestehen: -das System bootet extrem langsam -eine Internetverbindung lässt sich nicht - Windows Dienste funktionieren nicht, keine Internetverbindung möglich...
Archiv
Du betrachtest: Windows Dienste funktionieren nicht, keine Internetverbindung möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.