Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner; PC langsam & mehrere Werbeseiten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.12.2010, 10:29   #1
PinkLady87
 
Trojaner; PC langsam & mehrere Werbeseiten - Standard

Trojaner; PC langsam & mehrere Werbeseiten



Hallo PC-Experten,
seit ca. 1 Woche habe ich Probleme mit meinem Computer. Ich habe bereits versucht die Probleme allein zu lösen, doch es gibt immer noch Malware und Bedrohungen auf meinem PC. Sie nehmen sogar täglich zu. Ich habe den logfile mit Hijack This ausgeführt und hoffe, dass ihr mir weiterhelfen könnt.

Logfile:
"R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [samrwnxoce.exe] "C:\Users\User\AppData\Local\Temp\samrwnxoce.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [{98B98829-5639-B249-A44D-AED3E16222E5}] C:\Users\User\AppData\Roaming\Uxukz\roda.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = scc.uni-weimar.de,scc.uni-weimar.de,scc.uni-weimar.de
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = scc.uni-weimar.de,scc.uni-weimar.de,scc.uni-weimar.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = scc.uni-weimar.de,scc.uni-weimar.de,scc.uni-weimar.de
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

--
End of file - 5769 bytes"

Hoffentlich muss ich den PC nicht neu installieren, da ich kurz vor den Prüfungen bin und ich den PC dringend brauche.

Vielen Dank für jeden Beitrag
Frohes Fest und guten Rutsch
PinkLady87

Alt 30.12.2010, 10:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner; PC langsam & mehrere Werbeseiten - Standard

Trojaner; PC langsam & mehrere Werbeseiten



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 30.12.2010, 18:17   #3
PinkLady87
 
Trojaner; PC langsam & mehrere Werbeseiten - Standard

Trojaner; PC langsam & mehrere Werbeseiten



Hallo Arne,
ich habe deine Ratschläge befolgt und bin mal gespannt was die Auswertung bringen wird.

Logdatei Malwarebytes:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5422

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30.12.2010 19:02:31
mbam-log-2010-12-30 (19-02-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 266513
Laufzeit: 2 Stunde(n), 14 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\B60JHDGR6V (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{98B98829-5639-B249-A44D-AED3E16222E5} (Trojan.ZbotR.Gen) -> Value: {98B98829-5639-B249-A44D-AED3E16222E5} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> No action taken.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> No action taken.


OTL zeigt folgendes Ergebnis:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.12.2010 17:23:19 - Run 1
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\User\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 158,00 Mb Available Physical Memory | 16,00% Memory free
2,00 Gb Paging File | 0,00 Gb Available in Paging File | 25,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 43,51 Gb Free Space | 58,46% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK-01 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CEC06EF-5052-4CE8-8256-74AE363A4238}" = Adobe Creative Suite 3 Master Collection
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}" = Adobe Setup
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1" = Loaris Trojan Remover 1.2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{4037A2B9-A976-4538-8B08-A0D95B637F35}" = C5100
"{41EBC322-660F-4D16-A0DF-53147210CBDB}" = SpyHunter
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-8001-0410-0002-0060B0CE6BBA}" = AutoCAD 2010 - Italiano
"{5783F2D7-8001-0410-1002-0060B0CE6BBA}" = Language Pack di AutoCAD 2010 - Italiano
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5436728-2DFD-4221-B4D7-F49F740134C9}" = c5100_Help
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"001FFF1FFF13FF00FF0201F00F02F000-R1" = ArchiCAD 13 GER
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_5ac697db6c6103f6f8b5198d25f73f7" = Add or Remove Adobe Creative Suite 3 Master Collection
"AutoCAD 2010 - Italiano" = AutoCAD 2010 - Italiano
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"JustVoip_is1" = JustVoip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Spyware Doctor" = Spyware Doctor 8.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.12.2010 08:00:02 | Computer Name = Notebook-01 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 28.12.2010 08:20:14 | Computer Name = Notebook-01 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Iq2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d131a20  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559, Zeitstempel:
 0x4ba9b21e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005206e  ID des fehlerhaften Prozesses:
 0x1c4  Startzeit der fehlerhaften Anwendung: 0x01cba686af08e9ee  Pfad der fehlerhaften
 Anwendung: C:\Users\User\AppData\Local\Temp\Iq2.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: d22c4c46-127c-11e0-89ac-a0253ee3fedf
 
Error - 28.12.2010 10:58:00 | Computer Name = Notebook-01 | Source = MsiInstaller | ID = 11721
Description = 
 
Error - 28.12.2010 11:02:05 | Computer Name = Notebook-01 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 28.12.2010 11:02:05 | Computer Name = Notebook-01 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 28.12.2010 12:38:38 | Computer Name = Notebook-01 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 28.12.2010 12:38:48 | Computer Name = Notebook-01 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 28.12.2010 15:14:03 | Computer Name = Notebook-01 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\pc
 tools security\networklayer\PCTCFFix64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2010 15:14:42 | Computer Name = Notebook-01 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 29.12.2010 22:34:18 | Computer Name = Notebook-01 | Source = Application Hang | ID = 1002
Description = Programm avcenter.exe, Version 9.0.0.20 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 970    Startzeit: 
01cba7c97decf604    Endzeit: 240    Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avcenter.exe

Berichts-ID:
 357fe0de-13bd-11e0-8d5f-c8a50d2f7dcb  
 
[ System Events ]
Error - 28.12.2010 19:34:27 | Computer Name = Notebook-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "Sicherheitscenter"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 29.12.2010 05:57:11 | Computer Name = Notebook-01 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 29.12.2010 05:57:11 | Computer Name = Notebook-01 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 29.12.2010 06:03:39 | Computer Name = Notebook-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "Sicherheitscenter"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 29.12.2010 06:05:00 | Computer Name = Notebook-01 | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 29.12.2010 06:41:17 | Computer Name = Notebook-01 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?12.?2010 um 11:40:03 unerwartet heruntergefahren.
 
Error - 29.12.2010 06:41:51 | Computer Name = Notebook-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "Sicherheitscenter"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 29.12.2010 22:19:35 | Computer Name = Notebook-01 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst seclogon erreicht.
 
Error - 29.12.2010 22:21:07 | Computer Name = Notebook-01 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 30.12.2010 11:27:19 | Computer Name = Notebook-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "Sicherheitscenter"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.12.2010 17:23:19 - Run 1
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\User\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 158,00 Mb Available Physical Memory | 16,00% Memory free
2,00 Gb Paging File | 0,00 Gb Available in Paging File | 25,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 43,51 Gb Free Space | 58,46% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK-01 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Programme\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\PC Tools Security\smum32.dll (PC Tools)
MOD - C:\Programme\PC Tools Security\PCTGMhk.dll (PC Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (sdCoreService) -- C:\Programme\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sdAuxService) -- C:\Programme\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AVFSFilter) -- C:\Windows\System32\DRIVERS\avfsfilter.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctEFA) -- C:\Windows\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools)
DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LVUVC) QuickCam for Notebooks Deluxe(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 02 67 B1 8B 2A CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [samrwnxoce.exe] C:\Users\User\AppData\Local\Temp\samrwnxoce.exe File not found
O4 - HKCU..\Run: [{98B98829-5639-B249-A44D-AED3E16222E5}] C:\Users\User\AppData\Roaming\Uxukz\roda.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.30 16:42:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2010.12.30 16:41:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.30 16:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.30 16:41:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.30 16:41:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.12.29 11:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2010.12.29 11:44:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PackageAware
[2010.12.29 00:55:19 | 000,000,000 | ---D | C] -- C:\Programme\Loaris
[2010.12.28 19:46:28 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.12.28 19:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.12.28 17:32:45 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2010.12.28 17:32:45 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2010.12.28 17:32:44 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.12.28 17:32:44 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.12.28 17:32:38 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.12.28 17:32:38 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.12.28 17:32:23 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.12.28 17:31:47 | 000,000,000 | ---D | C] -- C:\Programme\PC Tools Security
[2010.12.28 17:31:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PC Tools
[2010.12.28 17:31:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools
[2010.12.28 17:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.12.28 17:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.12.28 16:49:11 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.12.28 16:49:10 | 000,000,000 | ---D | C] -- C:\rsit
[2010.12.28 14:08:32 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010.12.28 14:08:32 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2010.12.28 14:08:13 | 000,000,000 | ---D | C] -- C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP
[2010.12.28 14:08:10 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.12.24 08:03:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.12.24 06:29:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Xaaf
[2010.12.24 06:29:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Igob
[2010.12.24 06:29:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\9F1C676233C775510E833F542C2F41B7
[2010.12.24 06:16:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.12.19 18:04:11 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\fotos mamoir
[2010.12.15 10:23:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.15 10:22:53 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.15 10:22:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.15 10:22:47 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.15 10:22:47 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.15 10:22:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.15 10:22:47 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.15 10:22:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.15 10:22:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.15 10:22:46 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.15 10:22:46 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.15 10:22:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.15 10:22:41 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 10:22:41 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 10:22:41 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 10:22:41 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010.12.15 10:22:38 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 10:22:38 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 10:22:37 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2010.12.15 10:22:35 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 10:19:36 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.10 08:29:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.12.08 10:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010.12.08 10:33:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\HP
[2010.12.08 10:33:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\HP
[2010.12.08 10:14:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo!
[2010.12.08 10:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010.12.08 10:09:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Hewlett-Packard
[2010.12.08 10:09:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\HP
[2010.12.08 10:07:43 | 000,000,000 | ---D | C] -- C:\Programme\HP
[2010.12.08 10:07:42 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010.12.08 10:06:00 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2010.12.06 18:55:52 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\blocchi
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.30 17:01:05 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.12.30 16:38:04 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.30 16:36:53 | 000,014,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.30 16:36:52 | 000,014,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.30 16:27:14 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\YUAQRYUPD.job
[2010.12.30 16:26:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.30 16:26:33 | 798,564,352 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.29 11:52:07 | 001,024,890 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010.12.27 17:25:56 | 002,213,760 | ---- | M] () -- C:\Users\User\Desktop\Schlussabgabe Bar.3dm
[2010.12.23 22:33:01 | 000,061,440 | RHS- | M] () -- C:\Windows\System32\nltestv.dll
[2010.12.23 21:10:37 | 000,108,806 | ---- | M] () -- C:\Users\User\Desktop\bar2.jpg
[2010.12.23 21:04:38 | 000,618,820 | ---- | M] () -- C:\Users\User\Desktop\bar.jpg
[2010.12.23 10:48:17 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.23 10:48:17 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.23 10:48:17 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.23 10:48:17 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.22 15:22:51 | 008,474,271 | ---- | M] () -- C:\Users\User\Desktop\Standort + Module.dwg
[2010.12.22 08:49:35 | 017,427,268 | ---- | M] () -- C:\Users\User\Desktop\schwarzplan Fernitz.dwg
[2010.12.22 08:49:15 | 005,276,274 | ---- | M] () -- C:\Users\User\Desktop\Modul 2.zwischkr..dwg
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.20 08:19:54 | 000,000,162 | -H-- | M] () -- C:\Users\User\Desktop\~$uklimatik teil1.doc
[2010.12.15 17:48:17 | 001,826,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.13 17:19:49 | 000,000,170 | ---- | M] () -- C:\Users\User\Documents\acad.err
[2010.12.11 20:28:39 | 000,007,600 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2010.12.08 11:08:33 | 001,794,560 | ---- | M] () -- C:\Users\User\Desktop\bauklimatik teil1.doc
[2010.12.08 11:04:46 | 000,888,532 | ---- | M] () -- C:\Users\User\Desktop\windböen.gif
[2010.12.08 10:33:51 | 000,226,736 | ---- | M] () -- C:\Windows\hpoins18.dat
[2010.12.07 12:41:46 | 000,348,654 | ---- | M] () -- C:\Users\User\Desktop\otto bock ps_20090616_sciencecenter_startschuss.pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.28 17:32:50 | 001,024,890 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010.12.27 22:25:12 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.12.27 13:29:51 | 002,213,760 | ---- | C] () -- C:\Users\User\Desktop\Schlussabgabe Bar.3dm
[2010.12.23 22:33:06 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.23 22:33:01 | 000,061,440 | RHS- | C] () -- C:\Windows\System32\nltestv.dll
[2010.12.23 22:33:01 | 000,000,310 | -HS- | C] () -- C:\Windows\tasks\YUAQRYUPD.job
[2010.12.23 21:10:46 | 000,108,806 | ---- | C] () -- C:\Users\User\Desktop\bar2.jpg
[2010.12.23 21:08:51 | 000,618,820 | ---- | C] () -- C:\Users\User\Desktop\bar.jpg
[2010.12.20 08:19:54 | 000,000,162 | -H-- | C] () -- C:\Users\User\Desktop\~$uklimatik teil1.doc
[2010.12.16 10:28:45 | 005,276,274 | ---- | C] () -- C:\Users\User\Desktop\Modul 2.zwischkr..dwg
[2010.12.13 17:19:49 | 000,000,170 | ---- | C] () -- C:\Users\User\Documents\acad.err
[2010.12.11 20:28:39 | 000,007,600 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2010.12.08 11:05:48 | 000,888,532 | ---- | C] () -- C:\Users\User\Desktop\windböen.gif
[2010.12.08 10:06:36 | 000,226,736 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010.12.08 10:06:36 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010.12.07 12:41:45 | 000,348,654 | ---- | C] () -- C:\Users\User\Desktop\otto bock ps_20090616_sciencecenter_startschuss.pdf
[2010.11.09 16:53:26 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\QSwitch.txt
[2010.11.09 16:53:26 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\DSwitch.txt
[2010.11.09 16:53:26 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\AtStart.txt
[2010.11.03 05:57:22 | 000,003,949 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.09.08 23:45:59 | 000,079,360 | ---- | C] () -- C:\Windows\System32\acdbres.dll
[2009.10.23 19:59:27 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009.09.01 00:11:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.07.26 13:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008.04.17 08:08:56 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006.03.09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         
--- --- ---



Es wäre echt super wenn du bei den ganzen Daten durchsteigst und die Probleme erkennst. Vielleicht brauchst du ncoh die Info, dass ich Windows 7 habe.

PS: Der Spyhunter zeigt ungefähr 40 Bedrohungen an.... oh je

Wünsche dir einen schönen Abend und ich spreche alle PC-Experten erneut an, wenn ihr also die Gefahren erkennt oder mir sagen könnt was ich im logfile des hijack this löschen kann, bin ich euch super dankbar.

Liebe Grüße
PinkLady
__________________

Alt 30.12.2010, 18:32   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner; PC langsam & mehrere Werbeseiten - Standard

Trojaner; PC langsam & mehrere Werbeseiten



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
DRV - (AVFSFilter) -- C:\Windows\System32\DRIVERS\avfsfilter.sys File not found
O4 - HKLM..\Run: [samrwnxoce.exe] C:\Users\User\AppData\Local\Temp\samrwnxoce.exe File not found
O4 - HKCU..\Run: [{98B98829-5639-B249-A44D-AED3E16222E5}] C:\Users\User\AppData\Roaming\Uxukz\roda.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
[2010.12.29 11:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2010.12.28 17:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.12.28 14:08:32 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010.12.28 14:08:13 | 000,000,000 | ---D | C] -- C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP
[2010.12.24 06:29:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Xaaf
[2010.12.24 06:29:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Igob
[2010.12.24 06:29:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\9F1C676233C775510E833F542C2F41B7
[2010.12.30 16:27:14 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\YUAQRYUPD.job
[2010.12.11 20:28:39 | 000,007,600 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.12.2010, 18:38   #5
PinkLady87
 
Trojaner; PC langsam & mehrere Werbeseiten - Standard

Trojaner; PC langsam & mehrere Werbeseiten



ich habe gerade noch eine neuigkeit bekommen. also eines meiner spyware programme - der spywaredoctor - hat soeben einige neue informationen zufällig ausgespuckt.

4 bedrohungen und 22 Infizierungen

- trackware.tracking cockies!rem (5 infizierungen)
- adware.advertising (6 infizierungen)
- application.trackingCookies (10 infizierungen)
- Spyware.trustyhound!rem (1 infizierung)

wie kann ich meinen pc wieder heilen???

liebe grüße
pinklady87


Alt 30.12.2010, 19:08   #6
PinkLady87
 
Trojaner; PC langsam & mehrere Werbeseiten - Standard

Trojaner; PC langsam & mehrere Werbeseiten



halli hallo

ich hoffe, dass ich jetzt alles korrekt gemacht habe. ich schicke dir den logfile von otl.

liebe grüße
pinklady87

Error: Unable to interpret <OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.12.2010 19:57:43 - Run 2> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\User\Downloads> in the current context!
Error: Unable to interpret < Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 8.0.7600.16385)> in the current context!
Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <1.015,00 Mb Total Physical Memory | 382,00 Mb Available Physical Memory | 38,00% Memory free> in the current context!
Error: Unable to interpret <2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files> in the current context!
Error: Unable to interpret <Drive C: | 74,43 Gb Total Space | 43,39 Gb Free Space | 58,29% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: NOTEBOOK-01 | User Name: User | Logged in as Administrator.> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: Current user> in the current context!
Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)> in the current context!
Error: Unable to interpret <PRC - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Modules (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <MOD - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)> in the current context!
Error: Unable to interpret <MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SRV - (sdCoreService) -- C:\Programme\PC Tools Security\pctsSvc.exe (PC Tools)> in the current context!
Error: Unable to interpret <SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)> in the current context!
Error: Unable to interpret <SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)> in the current context!
Error: Unable to interpret <SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (sdAuxService) -- C:\Programme\PC Tools Security\pctsAuxs.exe (PC Tools)> in the current context!
Error: Unable to interpret <SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)> in the current context!
Error: Unable to interpret <SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)> in the current context!
Error: Unable to interpret <SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <DRV - (AVFSFilter) -- C:\Windows\System32\DRIVERS\avfsfilter.sys File not found> in the current context!
Error: Unable to interpret <DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)> in the current context!
Error: Unable to interpret <DRV - (pctEFA) -- C:\Windows\system32\drivers\pctEFA.sys (PC Tools)> in the current context!
Error: Unable to interpret <DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools)> in the current context!
Error: Unable to interpret <DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys ()> in the current context!
Error: Unable to interpret <DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)> in the current context!
Error: Unable to interpret <DRV - (LVUVC) QuickCam for Notebooks Deluxe(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)> in the current context!
Error: Unable to interpret <DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)> in the current context!
Error: Unable to interpret <DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)> in the current context!
Error: Unable to interpret <DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)> in the current context!
Error: Unable to interpret <DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)> in the current context!
Error: Unable to interpret <DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)> in the current context!
Error: Unable to interpret <DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)> in the current context!
Error: Unable to interpret <DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)> in the current context!
Error: Unable to interpret <DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)> in the current context!
Error: Unable to interpret <DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)> in the current context!
Error: Unable to interpret <DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)> in the current context!
Error: Unable to interpret <DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)> in the current context!
Error: Unable to interpret <DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)> in the current context!
Error: Unable to interpret <DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)> in the current context!
Error: Unable to interpret <DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)> in the current context!
Error: Unable to interpret <DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)> in the current context!
Error: Unable to interpret <DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)> in the current context!
Error: Unable to interpret <DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)> in the current context!
Error: Unable to interpret <DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)> in the current context!
Error: Unable to interpret <DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)> in the current context!
Error: Unable to interpret <DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)> in the current context!
Error: Unable to interpret <DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)> in the current context!
Error: Unable to interpret <DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)> in the current context!
Error: Unable to interpret <DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)> in the current context!
Error: Unable to interpret <DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)> in the current context!
Error: Unable to interpret <DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)> in the current context!
Error: Unable to interpret <DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)> in the current context!
Error: Unable to interpret <DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)> in the current context!
Error: Unable to interpret <DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)> in the current context!
Error: Unable to interpret <DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)> in the current context!
Error: Unable to interpret <DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)> in the current context!
Error: Unable to interpret <DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)> in the current context!
Error: Unable to interpret <DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)> in the current context!
Error: Unable to interpret <DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)> in the current context!
Error: Unable to interpret <DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)> in the current context!
Error: Unable to interpret <DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)> in the current context!
Error: Unable to interpret <DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)> in the current context!
Error: Unable to interpret <DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)> in the current context!
Error: Unable to interpret <DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)> in the current context!
Error: Unable to interpret <DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)> in the current context!
Error: Unable to interpret <DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)> in the current context!
Error: Unable to interpret <DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)> in the current context!
Error: Unable to interpret <DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)> in the current context!
Error: Unable to interpret <DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)> in the current context!
Error: Unable to interpret <DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)> in the current context!
Error: Unable to interpret <DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)> in the current context!
Error: Unable to interpret <DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)> in the current context!
Error: Unable to interpret <DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)> in the current context!
Error: Unable to interpret <DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)> in the current context!
Error: Unable to interpret <DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)> in the current context!
Error: Unable to interpret <DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)> in the current context!
Error: Unable to interpret <DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)> in the current context!
Error: Unable to interpret <DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)> in the current context!
Error: Unable to interpret <DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)> in the current context!
Error: Unable to interpret <DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)> in the current context!
Error: Unable to interpret <DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)> in the current context!
Error: Unable to interpret <DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)> in the current context!
Error: Unable to interpret <DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)> in the current context!
Error: Unable to interpret <DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)> in the current context!
Error: Unable to interpret <DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)> in the current context!
Error: Unable to interpret <DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)> in the current context!
Error: Unable to interpret <DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Internet Explorer ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/> in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp> in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de> in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 02 67 B1 8B 2A CA 01  [binary data]> in the current context!
Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.> in the current context!
Error: Unable to interpret <O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [samrwnxoce.exe] C:\Users\User\AppData\Local\Temp\samrwnxoce.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [{98B98829-5639-B249-A44D-AED3E16222E5}] C:\Users\User\AppData\Roaming\Uxukz\roda.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)> in the current context!
Error: Unable to interpret <O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)> in the current context!
Error: Unable to interpret <O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found> in the current context!
Error: Unable to interpret <O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.> in the current context!
Error: Unable to interpret <O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *) -  File not found> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010.12.30 19:20:48 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\VIREN KACK> in the current context!
Error: Unable to interpret <[2010.12.30 16:42:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes> in the current context!
Error: Unable to interpret <[2010.12.30 16:41:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys> in the current context!
Error: Unable to interpret <[2010.12.30 16:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes> in the current context!
Error: Unable to interpret <[2010.12.30 16:41:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys> in the current context!
Error: Unable to interpret <[2010.12.30 16:41:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware> in the current context!
Error: Unable to interpret <[2010.12.29 11:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\clp> in the current context!
Error: Unable to interpret <[2010.12.29 11:44:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PackageAware> in the current context!
Error: Unable to interpret <[2010.12.29 00:55:19 | 000,000,000 | ---D | C] -- C:\Programme\Loaris> in the current context!
Error: Unable to interpret <[2010.12.28 19:46:28 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy> in the current context!
Error: Unable to interpret <[2010.12.28 19:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy> in the current context!
Error: Unable to interpret <[2010.12.28 17:32:45 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys> in the current context!
Error: Unable to interpret <[2010.12.28 17:32:45 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys> in the current context!
Error: Unable to interpret <[2010.12.28 17:32:44 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys> in the current context!
Error: Unable to interpret <[2010.12.28 17:32:44 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys> in the current context!
Error: Unable to interpret <[2010.12.28 17:32:38 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys> in the current context!
Error: Unable to interpret <[2010.12.28 17:32:38 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys> in the current context!
Error: Unable to interpret <[2010.12.28 17:32:23 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys> in the current context!
Error: Unable to interpret <[2010.12.28 17:31:47 | 000,000,000 | ---D | C] -- C:\Programme\PC Tools Security> in the current context!
Error: Unable to interpret <[2010.12.28 17:31:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PC Tools> in the current context!
Error: Unable to interpret <[2010.12.28 17:31:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools> in the current context!
Error: Unable to interpret <[2010.12.28 17:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP> in the current context!
Error: Unable to interpret <[2010.12.28 17:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools> in the current context!
Error: Unable to interpret <[2010.12.28 16:49:11 | 000,000,000 | ---D | C] -- C:\Programme\trend micro> in the current context!
Error: Unable to interpret <[2010.12.28 16:49:10 | 000,000,000 | ---D | C] -- C:\rsit> in the current context!
Error: Unable to interpret <[2010.12.28 14:08:32 | 000,000,000 | ---D | C] -- C:\sh4ldr> in the current context!
Error: Unable to interpret <[2010.12.28 14:08:32 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group> in the current context!
Error: Unable to interpret <[2010.12.28 14:08:13 | 000,000,000 | ---D | C] -- C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP> in the current context!
Error: Unable to interpret <[2010.12.28 14:08:10 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard> in the current context!
Error: Unable to interpret <[2010.12.24 08:03:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump> in the current context!
Error: Unable to interpret <[2010.12.24 06:29:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Xaaf> in the current context!
Error: Unable to interpret <[2010.12.24 06:29:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Igob> in the current context!
Error: Unable to interpret <[2010.12.24 06:29:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\9F1C676233C775510E833F542C2F41B7> in the current context!
Error: Unable to interpret <[2010.12.24 06:16:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun> in the current context!
Error: Unable to interpret <[2010.12.19 18:04:11 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\fotos mamoir> in the current context!
Error: Unable to interpret <[2010.12.15 10:23:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:53 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:47 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:47 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:47 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:46 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:46 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:41 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:41 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:41 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:41 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:38 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:38 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:37 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll> in the current context!
Error: Unable to interpret <[2010.12.15 10:22:35 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe> in the current context!
Error: Unable to interpret <[2010.12.15 10:19:36 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys> in the current context!
Error: Unable to interpret <[2010.12.10 08:29:28 | 000,000,000 | ---D | C] -- C:\Windows\pss> in the current context!
Error: Unable to interpret <[2010.12.08 10:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG> in the current context!
Error: Unable to interpret <[2010.12.08 10:33:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\HP> in the current context!
Error: Unable to interpret <[2010.12.08 10:33:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\HP> in the current context!
Error: Unable to interpret <[2010.12.08 10:14:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo!> in the current context!
Error: Unable to interpret <[2010.12.08 10:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant> in the current context!
Error: Unable to interpret <[2010.12.08 10:09:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Hewlett-Packard> in the current context!
Error: Unable to interpret <[2010.12.08 10:09:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\HP> in the current context!
Error: Unable to interpret <[2010.12.08 10:07:43 | 000,000,000 | ---D | C] -- C:\Programme\HP> in the current context!
Error: Unable to interpret <[2010.12.08 10:07:42 | 000,000,000 | -H-D | C] -- C:\Config.Msi> in the current context!
Error: Unable to interpret <[2010.12.08 10:06:00 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll> in the current context!
Error: Unable to interpret <[2010.12.06 18:55:52 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\blocchi> in the current context!
Error: Unable to interpret <[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010.12.30 20:01:13 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job> in the current context!
Error: Unable to interpret <[2010.12.30 19:38:13 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job> in the current context!
Error: Unable to interpret <[2010.12.30 16:36:53 | 000,014,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2010.12.30 16:36:52 | 000,014,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2010.12.30 16:27:14 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\YUAQRYUPD.job> in the current context!
Error: Unable to interpret <[2010.12.30 16:26:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat> in the current context!
Error: Unable to interpret <[2010.12.30 16:26:33 | 798,564,352 | -HS- | M] () -- C:\hiberfil.sys> in the current context!
Error: Unable to interpret <[2010.12.29 11:52:07 | 001,024,890 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB> in the current context!
Error: Unable to interpret <[2010.12.27 17:25:56 | 002,213,760 | ---- | M] () -- C:\Users\User\Desktop\Schlussabgabe Bar.3dm> in the current context!
Error: Unable to interpret <[2010.12.23 22:33:01 | 000,061,440 | RHS- | M] () -- C:\Windows\System32\nltestv.dll> in the current context!
Error: Unable to interpret <[2010.12.23 21:10:37 | 000,108,806 | ---- | M] () -- C:\Users\User\Desktop\bar2.jpg> in the current context!
Error: Unable to interpret <[2010.12.23 21:04:38 | 000,618,820 | ---- | M] () -- C:\Users\User\Desktop\bar.jpg> in the current context!
Error: Unable to interpret <[2010.12.23 10:48:17 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat> in the current context!
Error: Unable to interpret <[2010.12.23 10:48:17 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat> in the current context!
Error: Unable to interpret <[2010.12.23 10:48:17 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat> in the current context!
Error: Unable to interpret <[2010.12.23 10:48:17 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat> in the current context!
Error: Unable to interpret <[2010.12.22 15:22:51 | 008,474,271 | ---- | M] () -- C:\Users\User\Desktop\Standort + Module.dwg> in the current context!
Error: Unable to interpret <[2010.12.22 08:49:35 | 017,427,268 | ---- | M] () -- C:\Users\User\Desktop\schwarzplan Fernitz.dwg> in the current context!
Error: Unable to interpret <[2010.12.22 08:49:15 | 005,276,274 | ---- | M] () -- C:\Users\User\Desktop\Modul 2.zwischkr..dwg> in the current context!
Error: Unable to interpret <[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys> in the current context!
Error: Unable to interpret <[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys> in the current context!
Error: Unable to interpret <[2010.12.20 08:19:54 | 000,000,162 | -H-- | M] () -- C:\Users\User\Desktop\~$uklimatik teil1.doc> in the current context!
Error: Unable to interpret <[2010.12.15 17:48:17 | 001,826,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT> in the current context!
Error: Unable to interpret <[2010.12.13 17:19:49 | 000,000,170 | ---- | M] () -- C:\Users\User\Documents\acad.err> in the current context!
Error: Unable to interpret <[2010.12.11 20:28:39 | 000,007,600 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg> in the current context!
Error: Unable to interpret <[2010.12.08 11:08:33 | 001,794,560 | ---- | M] () -- C:\Users\User\Desktop\bauklimatik teil1.doc> in the current context!
Error: Unable to interpret <[2010.12.08 11:04:46 | 000,888,532 | ---- | M] () -- C:\Users\User\Desktop\windböen.gif> in the current context!
Error: Unable to interpret <[2010.12.08 10:33:51 | 000,226,736 | ---- | M] () -- C:\Windows\hpoins18.dat> in the current context!
Error: Unable to interpret <[2010.12.07 12:41:46 | 000,348,654 | ---- | M] () -- C:\Users\User\Desktop\otto bock ps_20090616_sciencecenter_startschuss.pdf> in the current context!
Error: Unable to interpret <[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010.12.28 17:32:50 | 001,024,890 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB> in the current context!
Error: Unable to interpret <[2010.12.27 22:25:12 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job> in the current context!
Error: Unable to interpret <[2010.12.27 13:29:51 | 002,213,760 | ---- | C] () -- C:\Users\User\Desktop\Schlussabgabe Bar.3dm> in the current context!
Error: Unable to interpret <[2010.12.23 22:33:06 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job> in the current context!
Error: Unable to interpret <[2010.12.23 22:33:01 | 000,061,440 | RHS- | C] () -- C:\Windows\System32\nltestv.dll> in the current context!
Error: Unable to interpret <[2010.12.23 22:33:01 | 000,000,310 | -HS- | C] () -- C:\Windows\tasks\YUAQRYUPD.job> in the current context!
Error: Unable to interpret <[2010.12.23 21:10:46 | 000,108,806 | ---- | C] () -- C:\Users\User\Desktop\bar2.jpg> in the current context!
Error: Unable to interpret <[2010.12.23 21:08:51 | 000,618,820 | ---- | C] () -- C:\Users\User\Desktop\bar.jpg> in the current context!
Error: Unable to interpret <[2010.12.20 08:19:54 | 000,000,162 | -H-- | C] () -- C:\Users\User\Desktop\~$uklimatik teil1.doc> in the current context!
Error: Unable to interpret <[2010.12.16 10:28:45 | 005,276,274 | ---- | C] () -- C:\Users\User\Desktop\Modul 2.zwischkr..dwg> in the current context!
Error: Unable to interpret <[2010.12.13 17:19:49 | 000,000,170 | ---- | C] () -- C:\Users\User\Documents\acad.err> in the current context!
Error: Unable to interpret <[2010.12.11 20:28:39 | 000,007,600 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg> in the current context!
Error: Unable to interpret <[2010.12.08 11:05:48 | 000,888,532 | ---- | C] () -- C:\Users\User\Desktop\windböen.gif> in the current context!
Error: Unable to interpret <[2010.12.08 10:06:36 | 000,226,736 | ---- | C] () -- C:\Windows\hpoins18.dat> in the current context!
Error: Unable to interpret <[2010.12.08 10:06:36 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat> in the current context!
Error: Unable to interpret <[2010.12.07 12:41:45 | 000,348,654 | ---- | C] () -- C:\Users\User\Desktop\otto bock ps_20090616_sciencecenter_startschuss.pdf> in the current context!
Error: Unable to interpret <[2010.11.09 16:53:26 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\QSwitch.txt> in the current context!
Error: Unable to interpret <[2010.11.09 16:53:26 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\DSwitch.txt> in the current context!
Error: Unable to interpret <[2010.11.09 16:53:26 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\AtStart.txt> in the current context!
Error: Unable to interpret <[2010.11.03 05:57:22 | 000,003,949 | ---- | C] () -- C:\ProgramData\hpzinstall.log> in the current context!
Error: Unable to interpret <[2010.09.08 23:45:59 | 000,079,360 | ---- | C] () -- C:\Windows\System32\acdbres.dll> in the current context!
Error: Unable to interpret <[2009.10.23 19:59:27 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll> in the current context!
Error: Unable to interpret <[2009.09.01 00:11:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat> in the current context!
Error: Unable to interpret <[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll> in the current context!
Error: Unable to interpret <[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll> in the current context!
Error: Unable to interpret <[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll> in the current context!
Error: Unable to interpret <[2008.07.26 13:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini> in the current context!
Error: Unable to interpret <[2008.04.17 08:08:56 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll> in the current context!
Error: Unable to interpret <[2006.03.09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Alternate Data Streams ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2> in the current context!
Error: Unable to interpret << End of report >
         
--- --- ---
> in the current context!

OTL by OldTimer - Version 3.2.18.2 log created on 12302010_200403

Alt 30.12.2010, 19:27   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner; PC langsam & mehrere Werbeseiten - Standard

Trojaner; PC langsam & mehrere Werbeseiten



Das :OTL muss mitkopiert werden!!!! Bitte richtig lesen!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.12.2010, 20:50   #8
PinkLady87
 
Trojaner; PC langsam & mehrere Werbeseiten - Standard

Trojaner; PC langsam & mehrere Werbeseiten



hallo arne,
ich mache das alles gerade zum ersten mal, also ich hoffe jetzt habe ich alles richtig gemacht.
1. habe otl ausgeführt. (minimal ausgabe, extra-registrierung: benutze safelist, SCAN)

2. habe 2 logfiles erhalten die ich dir nochmal schicke:

otl:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.12.2010 21:26:48 - Run 2
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\User\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 310,00 Mb Available Physical Memory | 31,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 43,67 Gb Free Space | 58,68% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK-01 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (sdCoreService) -- C:\Programme\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sdAuxService) -- C:\Programme\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctEFA) -- C:\Windows\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools)
DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LVUVC) QuickCam for Notebooks Deluxe(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 02 67 B1 8B 2A CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
O1 HOSTS File: ([2010.12.30 21:07:11 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.30 20:49:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.30 19:20:48 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\VIREN KACK
[2010.12.30 16:42:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2010.12.30 16:41:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.30 16:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.30 16:41:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.30 16:41:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.12.29 11:44:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PackageAware
[2010.12.29 00:55:19 | 000,000,000 | ---D | C] -- C:\Programme\Loaris
[2010.12.28 19:46:28 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.12.28 19:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.12.28 17:32:45 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2010.12.28 17:32:45 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2010.12.28 17:32:44 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.12.28 17:32:44 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.12.28 17:32:38 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.12.28 17:32:38 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.12.28 17:32:23 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.12.28 17:31:47 | 000,000,000 | ---D | C] -- C:\Programme\PC Tools Security
[2010.12.28 17:31:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PC Tools
[2010.12.28 17:31:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools
[2010.12.28 17:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.12.28 16:49:11 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.12.28 14:08:32 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2010.12.28 14:08:10 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.12.24 08:03:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.12.24 06:16:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.12.19 18:04:11 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\fotos mamoir
[2010.12.15 10:23:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.15 10:22:53 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.15 10:22:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.15 10:22:47 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.15 10:22:47 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.15 10:22:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.15 10:22:47 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.15 10:22:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.15 10:22:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.15 10:22:46 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.15 10:22:46 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.15 10:22:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.15 10:22:41 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 10:22:41 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 10:22:41 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 10:22:41 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010.12.15 10:22:38 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 10:22:38 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 10:22:37 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2010.12.15 10:22:35 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 10:19:36 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.10 08:29:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.12.08 10:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010.12.08 10:33:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\HP
[2010.12.08 10:33:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\HP
[2010.12.08 10:14:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo!
[2010.12.08 10:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010.12.08 10:09:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Hewlett-Packard
[2010.12.08 10:09:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\HP
[2010.12.08 10:07:43 | 000,000,000 | ---D | C] -- C:\Programme\HP
[2010.12.08 10:07:42 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010.12.08 10:06:00 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2010.12.06 18:55:52 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\blocchi
[1 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.30 21:15:51 | 000,014,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.30 21:15:51 | 000,014,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.30 21:08:44 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.12.30 21:08:38 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.30 21:08:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.30 21:08:11 | 798,564,352 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.30 21:07:11 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010.12.29 11:52:07 | 001,024,890 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010.12.27 17:25:56 | 002,213,760 | ---- | M] () -- C:\Users\User\Desktop\Schlussabgabe Bar.3dm
[2010.12.23 22:33:01 | 000,061,440 | RHS- | M] () -- C:\Windows\System32\nltestv.dll
[2010.12.23 21:10:37 | 000,108,806 | ---- | M] () -- C:\Users\User\Desktop\bar2.jpg
[2010.12.23 21:04:38 | 000,618,820 | ---- | M] () -- C:\Users\User\Desktop\bar.jpg
[2010.12.23 10:48:17 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.23 10:48:17 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.23 10:48:17 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.23 10:48:17 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.22 15:22:51 | 008,474,271 | ---- | M] () -- C:\Users\User\Desktop\Standort + Module.dwg
[2010.12.22 08:49:35 | 017,427,268 | ---- | M] () -- C:\Users\User\Desktop\schwarzplan Fernitz.dwg
[2010.12.22 08:49:15 | 005,276,274 | ---- | M] () -- C:\Users\User\Desktop\Modul 2.zwischkr..dwg
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.20 08:19:54 | 000,000,162 | -H-- | M] () -- C:\Users\User\Desktop\~$uklimatik teil1.doc
[2010.12.15 17:48:17 | 001,826,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.13 17:19:49 | 000,000,170 | ---- | M] () -- C:\Users\User\Documents\acad.err
[2010.12.08 11:08:33 | 001,794,560 | ---- | M] () -- C:\Users\User\Desktop\bauklimatik teil1.doc
[2010.12.08 11:04:46 | 000,888,532 | ---- | M] () -- C:\Users\User\Desktop\windböen.gif
[2010.12.08 10:33:51 | 000,226,736 | ---- | M] () -- C:\Windows\hpoins18.dat
[2010.12.07 12:41:46 | 000,348,654 | ---- | M] () -- C:\Users\User\Desktop\otto bock ps_20090616_sciencecenter_startschuss.pdf
[1 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.28 17:32:50 | 001,024,890 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010.12.27 22:25:12 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.12.27 13:29:51 | 002,213,760 | ---- | C] () -- C:\Users\User\Desktop\Schlussabgabe Bar.3dm
[2010.12.23 22:33:06 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.23 22:33:01 | 000,061,440 | RHS- | C] () -- C:\Windows\System32\nltestv.dll
[2010.12.23 21:10:46 | 000,108,806 | ---- | C] () -- C:\Users\User\Desktop\bar2.jpg
[2010.12.23 21:08:51 | 000,618,820 | ---- | C] () -- C:\Users\User\Desktop\bar.jpg
[2010.12.20 08:19:54 | 000,000,162 | -H-- | C] () -- C:\Users\User\Desktop\~$uklimatik teil1.doc
[2010.12.16 10:28:45 | 005,276,274 | ---- | C] () -- C:\Users\User\Desktop\Modul 2.zwischkr..dwg
[2010.12.13 17:19:49 | 000,000,170 | ---- | C] () -- C:\Users\User\Documents\acad.err
[2010.12.08 11:05:48 | 000,888,532 | ---- | C] () -- C:\Users\User\Desktop\windböen.gif
[2010.12.08 10:06:36 | 000,226,736 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010.12.08 10:06:36 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010.12.07 12:41:45 | 000,348,654 | ---- | C] () -- C:\Users\User\Desktop\otto bock ps_20090616_sciencecenter_startschuss.pdf
[2010.11.09 16:53:26 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\QSwitch.txt
[2010.11.09 16:53:26 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\DSwitch.txt
[2010.11.09 16:53:26 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\AtStart.txt
[2010.11.03 05:57:22 | 000,003,949 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.09.08 23:45:59 | 000,079,360 | ---- | C] () -- C:\Windows\System32\acdbres.dll
[2009.10.23 19:59:27 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009.09.01 00:11:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.07.26 13:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008.04.17 08:08:56 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006.03.09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2010.09.09 09:09:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Autodesk
[2010.10.11 17:01:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FinalTorrent
[2010.01.23 11:44:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Graphisoft
[2010.12.27 20:04:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Hitib
[2010.10.08 22:06:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\JustVoip
[2010.07.05 19:38:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2009.09.26 18:42:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spik
[2010.10.11 16:09:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2010.12.30 03:35:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Uxukz
[2010.12.26 12:01:13 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.30 21:08:38 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.30 21:08:44 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

< End of report >
         
--- --- ---

extras:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.12.2010 21:26:48 - Run 2
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\User\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 310,00 Mb Available Physical Memory | 31,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 43,67 Gb Free Space | 58,68% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK-01 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CEC06EF-5052-4CE8-8256-74AE363A4238}" = Adobe Creative Suite 3 Master Collection
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}" = Adobe Setup
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1" = Loaris Trojan Remover 1.2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{4037A2B9-A976-4538-8B08-A0D95B637F35}" = C5100
"{41EBC322-660F-4D16-A0DF-53147210CBDB}" = SpyHunter
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-8001-0410-0002-0060B0CE6BBA}" = AutoCAD 2010 - Italiano
"{5783F2D7-8001-0410-1002-0060B0CE6BBA}" = Language Pack di AutoCAD 2010 - Italiano
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5436728-2DFD-4221-B4D7-F49F740134C9}" = c5100_Help
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"001FFF1FFF13FF00FF0201F00F02F000-R1" = ArchiCAD 13 GER
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_5ac697db6c6103f6f8b5198d25f73f7" = Add or Remove Adobe Creative Suite 3 Master Collection
"AutoCAD 2010 - Italiano" = AutoCAD 2010 - Italiano
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"JustVoip_is1" = JustVoip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Spyware Doctor" = Spyware Doctor 8.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.12.2010 08:00:02 | Computer Name = Notebook-01 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 28.12.2010 08:20:14 | Computer Name = Notebook-01 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Iq2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d131a20  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559, Zeitstempel:
 0x4ba9b21e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005206e  ID des fehlerhaften Prozesses:
 0x1c4  Startzeit der fehlerhaften Anwendung: 0x01cba686af08e9ee  Pfad der fehlerhaften
 Anwendung: C:\Users\User\AppData\Local\Temp\Iq2.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: d22c4c46-127c-11e0-89ac-a0253ee3fedf
 
Error - 28.12.2010 10:58:00 | Computer Name = Notebook-01 | Source = MsiInstaller | ID = 11721
Description = 
 
Error - 28.12.2010 11:02:05 | Computer Name = Notebook-01 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 28.12.2010 11:02:05 | Computer Name = Notebook-01 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 28.12.2010 12:38:38 | Computer Name = Notebook-01 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 28.12.2010 12:38:48 | Computer Name = Notebook-01 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 28.12.2010 15:14:03 | Computer Name = Notebook-01 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\pc
 tools security\networklayer\PCTCFFix64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2010 15:14:42 | Computer Name = Notebook-01 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 29.12.2010 22:34:18 | Computer Name = Notebook-01 | Source = Application Hang | ID = 1002
Description = Programm avcenter.exe, Version 9.0.0.20 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 970    Startzeit: 
01cba7c97decf604    Endzeit: 240    Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avcenter.exe

Berichts-ID:
 357fe0de-13bd-11e0-8d5f-c8a50d2f7dcb  
 
[ System Events ]
Error - 29.12.2010 06:05:00 | Computer Name = Notebook-01 | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 29.12.2010 06:41:17 | Computer Name = Notebook-01 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?12.?2010 um 11:40:03 unerwartet heruntergefahren.
 
Error - 29.12.2010 06:41:51 | Computer Name = Notebook-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "Sicherheitscenter"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 29.12.2010 22:19:35 | Computer Name = Notebook-01 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst seclogon erreicht.
 
Error - 29.12.2010 22:21:07 | Computer Name = Notebook-01 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 30.12.2010 11:27:19 | Computer Name = Notebook-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "Sicherheitscenter"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 30.12.2010 15:36:09 | Computer Name = Notebook-01 | Source = Service Control Manager | ID = 7034
Description = Dienst "SpyHunter 4 Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 30.12.2010 15:39:40 | Computer Name = Notebook-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "Sicherheitscenter"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 30.12.2010 16:07:10 | Computer Name = Notebook-01 | Source = Service Control Manager | ID = 7034
Description = Dienst "SpyHunter 4 Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 30.12.2010 16:08:40 | Computer Name = Notebook-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "Sicherheitscenter"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         
--- --- ---

3. habe deintl was du kopiert hattest in "benutzerdefinierte scans/fixes" eingefügt und fix gedrückt

dadurch habe ich den pc neu gestartet und ein weiteres logfile erhalten:

All processes killed
========== OTL ==========
Error: No service named AVFSFilter was found to stop!
Service\Driver key AVFSFilter not found.
File C:\Windows\System32\DRIVERS\avfsfilter.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\samrwnxoce.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{98B98829-5639-B249-A44D-AED3E16222E5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98B98829-5639-B249-A44D-AED3E16222E5}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.
File C:\Programme\Spybot - Search & Destroy\TeaTimer.exe not found.
Folder C:\ProgramData\clp\ not found.
Folder C:\ProgramData\TEMP\ not found.
Folder C:\sh4ldr\ not found.
Folder C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP\ not found.
Folder C:\Users\User\AppData\Roaming\Xaaf\ not found.
Folder C:\Users\User\AppData\Roaming\Igob\ not found.
Folder C:\Users\User\AppData\Roaming\9F1C676233C775510E833F542C2F41B7\ not found.
File C:\Windows\tasks\YUAQRYUPD.job not found.
File C:\Users\User\AppData\Local\Resmon.ResmonCfg not found.
Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3226561 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83820 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,00 mb


OTL by OldTimer - Version 3.2.18.2 log created on 12302010_213729

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


4. wenn ich irgendetwas falsch gemacht haben sollte, könntest du es mir bitte noch einmal in der kompletten reihenfolge auflisten?

vielen dank für deine bemühungen

pinklady87

Alt 30.12.2010, 20:55   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner; PC langsam & mehrere Werbeseiten - Standard

Trojaner; PC langsam & mehrere Werbeseiten



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.12.2010, 22:44   #10
PinkLady87
 
Trojaner; PC langsam & mehrere Werbeseiten - Standard

Trojaner; PC langsam & mehrere Werbeseiten



huhu
nachdem ich mit dem CCleaner erneut meinen pc bereinigt habe, hatte ich einige probleme antivir zu deaktivieren. Ich hoffe das logfile mit combofix gibt aufschluss zu den trojanern auf meinem pc.

liebe grüße pinklady87

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-12-30.01 - User 30.12.2010  23:17:42.1.1 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.1015.400 [GMT 1:00]
ausgeführt von:: c:\users\User\Desktop\cofi.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\userinit.exe . . . ist infiziert!!

.
(((((((((((((((((((((((   Dateien erstellt von 2010-11-28 bis 2010-12-30  ))))))))))))))))))))))))))))))
.

2010-12-30 22:31 . 2010-12-30 22:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-12-30 21:08 . 2010-12-30 21:08	--------	d-----w-	c:\program files\CCleaner
2010-12-30 15:42 . 2010-12-30 15:42	--------	d-----w-	c:\users\User\AppData\Roaming\Malwarebytes
2010-12-30 15:41 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-30 15:41 . 2010-12-30 15:41	--------	d-----w-	c:\programdata\Malwarebytes
2010-12-30 15:41 . 2010-12-30 15:41	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-12-30 15:41 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-29 10:44 . 2010-12-29 10:44	--------	d-----w-	c:\users\User\AppData\Local\PackageAware
2010-12-28 23:55 . 2010-12-28 23:55	--------	d-----w-	c:\program files\Loaris
2010-12-28 18:46 . 2010-12-30 21:15	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-12-28 18:46 . 2010-12-30 19:36	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-12-28 16:32 . 2010-07-16 13:59	656320	----a-w-	c:\windows\system32\drivers\pctEFA.sys
2010-12-28 16:32 . 2010-07-16 13:59	338880	----a-w-	c:\windows\system32\drivers\pctDS.sys
2010-12-28 16:32 . 2010-11-17 09:19	249616	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2010-12-28 16:32 . 2010-11-17 09:19	102184	----a-w-	c:\windows\system32\drivers\pctwfpfilter.sys
2010-12-28 16:32 . 2010-11-25 09:53	160448	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-28 16:32 . 2010-11-25 09:43	239168	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2010-12-28 16:32 . 2010-11-25 09:42	70536	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2010-12-28 16:31 . 2010-12-30 18:56	--------	d-----w-	c:\program files\PC Tools Security
2010-12-28 16:31 . 2010-12-28 16:38	--------	d-----w-	c:\program files\Common Files\PC Tools
2010-12-28 16:31 . 2010-12-28 16:31	--------	d-----w-	c:\users\User\AppData\Roaming\PC Tools
2010-12-28 16:11 . 2010-12-28 16:32	--------	d-----w-	c:\programdata\PC Tools
2010-12-28 15:49 . 2010-12-28 15:49	--------	d-----w-	c:\program files\trend micro
2010-12-28 13:08 . 2010-12-28 13:08	110080	----a-r-	c:\users\User\AppData\Roaming\Microsoft\Installer\{41EBC322-660F-4D16-A0DF-53147210CBDB}\IconF7A21AF7.exe
2010-12-28 13:08 . 2010-12-28 13:08	110080	----a-r-	c:\users\User\AppData\Roaming\Microsoft\Installer\{41EBC322-660F-4D16-A0DF-53147210CBDB}\IconD7F16134.exe
2010-12-28 13:08 . 2010-12-28 13:08	--------	d-----w-	c:\program files\Enigma Software Group
2010-12-28 13:08 . 2010-12-28 13:08	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-12-24 05:16 . 2010-12-24 05:16	--------	d-----w-	c:\windows\Sun
2010-12-23 21:33 . 2010-12-23 21:33	61440	--sha-r-	c:\windows\system32\nltestv.dll
2010-12-21 06:46 . 2010-11-10 04:33	6273872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6386587-6E62-450D-9331-513FB99C7BD2}\mpengine.dll
2010-12-15 09:23 . 2010-10-12 04:25	516096	----a-w-	c:\program files\Windows Mail\wab.exe
2010-12-15 09:23 . 2010-10-27 04:32	2048	----a-w-	c:\windows\system32\tzres.dll
2010-12-15 09:19 . 2010-10-20 03:00	2327552	----a-w-	c:\windows\system32\win32k.sys
2010-12-08 09:34 . 2010-12-08 09:34	--------	d-----w-	c:\programdata\WEBREG
2010-12-08 09:33 . 2010-12-08 09:36	--------	d-----w-	c:\users\User\AppData\Roaming\HP
2010-12-08 09:33 . 2010-12-08 09:33	--------	d-----w-	c:\users\User\AppData\Local\HP
2010-12-08 09:14 . 2010-12-08 09:14	--------	d-----w-	c:\users\User\AppData\Roaming\Yahoo!
2010-12-08 09:11 . 2010-12-08 09:11	--------	d-----w-	c:\programdata\HP Product Assistant
2010-12-08 09:09 . 2010-12-08 09:09	--------	d-----w-	c:\program files\Common Files\Hewlett-Packard
2010-12-08 09:09 . 2010-12-08 09:09	--------	d-----w-	c:\program files\Common Files\HP
2010-12-08 09:07 . 2010-12-08 09:37	--------	d-----w-	c:\program files\HP
2010-12-08 09:06 . 2009-07-08 10:51	452408	----a-w-	c:\windows\system32\hpzids01.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-05-03 07:54	222080	------w-	c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08	209153	----a-w-	c:\program files\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24	54840	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-10-10 10:33	177456	----a-w-	c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-02-21 16:14	1183744	----a-w-	c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21	246504	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 00:29	102400	----a-w-	c:\program files\Synaptics\SynTP\SynTPStart.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-04 222512]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2010-01-27 5248]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-29 1343400]
R4 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-25 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam10\QuickCam10.exe
MSConfigStartUp-LVCOMSX - c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\taskhost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-12-30  23:37:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-12-30 22:37

Vor Suchlauf: 6 Verzeichnis(se), 46.841.884.672 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 46.752.808.960 Bytes frei

- - End Of File - - 8E7D06110BFD41CAA785352CCAB8D5C0
         
--- --- ---

Alt 30.12.2010, 23:52   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner; PC langsam & mehrere Werbeseiten - Standard

Trojaner; PC langsam & mehrere Werbeseiten



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.01.2011, 11:46   #12
PinkLady87
 
Trojaner; PC langsam & mehrere Werbeseiten - Standard

Trojaner; PC langsam & mehrere Werbeseiten



hallo, ich wünsche ein frohes neues jahr.

ich habe die zwei anweisungen befolgt und 2 logfiles erhalten

gmer

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.14966 - hxxp://www.gmer.net
Rootkit scan 2011-01-01 12:15:47
Windows 6.1.7600 


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                             ZwCreateProcess [0x87626F68]
SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                             ZwCreateProcessEx [0x87627230]
SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                             ZwCreateUserProcess [0x8762752C]
SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                             ZwTerminateProcess [0x876269D8]

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82E2DAF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82E2D104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82E2D3F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82E15634
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82E15898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82E2D1DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82E2D958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82E2D6F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82E2DF2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82E2E1A8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                          82E8D599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                   82EB1F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 32C                                                                      82EB983C 8 Bytes  [68, 6F, 62, 87, 30, 72, 62, ...]
.text           ntkrnlpa.exe!RtlSidHashLookup + 364                                                                      82EB9874 4 Bytes  [2C, 75, 62, 87]
.text           ntkrnlpa.exe!RtlSidHashLookup + 7B8                                                                      82EB9CC8 4 Bytes  [D8, 69, 62, 87]
.text           peauth.sys                                                                                               A860AC9D 28 Bytes  [1E, B5, 8F, 17, 25, 48, 7E, ...]
.text           peauth.sys                                                                                               A860ACC1 28 Bytes  [1E, B5, 8F, 17, 25, 48, 7E, ...]
PAGE            peauth.sys                                                                                               A8610E20 101 Bytes  [26, DE, E7, 38, D0, 92, 0D, ...]
PAGE            peauth.sys                                                                                               A861102C 102 Bytes  [41, 78, 0C, 41, 14, 75, 81, ...]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                          [741A2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                     [74185624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                    [741856E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                           [741A250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                 [74198573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                   [74194D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                  [741950CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                 [741951A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]        [741966D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                  [741982CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]             [74198819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]           [7419907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                 [7419E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                     [74194C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[2464] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [75435E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[2464] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [75435E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[2464] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [75435E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[2464] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [75435E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[2464] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]   [75435E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[2464] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]   [75435E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                  Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000075                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                                       ?????l??? ??????????????????????????????????&????????????????????1????????????????????????????????????????????s????????????????????2?~??????? ???????0?????????????1????????????&???????????????????????? ??????????????6???USB-Root-Hub????????????????????????????? ?????????????????????1????????????????????????????????????????????????????????????????????? ???????????????????7?1????????????????????USB-Root-Hub????? h?????????????????@usbport.inf,%usb\root_hub.devicedesc%;USB-Root-Hub?00??????????????t_??? ???????:?????????????1????????????????????????????????????????????????????????? ???????????????????9?1????????????????????????????????????????????????????? ???????:?????????????1????????????????????? ???????????????????:?1?????????????????????????????????????E??8E???????????8??B}??????AC??? ???????:???????????8?1????????B???????????usbui.dll,USBHubPropPageProvider?????????????????h??usbport.inf?????? ???????:?????????????1????????????????????????????????????????? ???????3?????~???????,????????????&??????????????
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                                  ???m?n??????gr???3?????m????? ???????m?????m???????1????????????????????6.1.7600.16385??????? ???????m???????????m?1????????<???????????? ???????m???????? ???????"?????n???7????????????????????????????0?????????????m????? ???????m?????m???????1????????????????????? ???????m???????????m?1?????????????????????????m???4????????^??m???????????????m??????vs???m?m???????m????? ???????m?????m???????1????????????????????root\umbus???????m?m?N???m???????????????????????5???????????????5??????? ???????m???????????m?1???????????????????????m???m???????m????? ???????m?????m???????1????????????????????? ???????m???????????m?1????????????????????? ???????m?????m???????1????????????&??????????????????????????m????? ???????m?????m???????1????????????????????? ???????m???????????m?1????????????????????? ???????m?????m???????1?????????????????????m?m???????m????? ???????m?????m???????1???????????????????????m???m???m???m???m???m???m???m???m????????????? ???????m???????????m?1????????@???????????? ???????m???????????m?1???????
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                           ???k????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ???????????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????l?l?n?????? (??????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ???????????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????$???e???????????????????????????$???e??????????????????????????tunnel???h??????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ???????????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????$???e????????????????????????????X?????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????? ??????????????$???e?????????????????????????????
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                      ???n?s?????????????????????????????????????????????????n????? ???????n?????n???????1?????????????????????????????6???6???n?n?????n?n????? ???????n???????????l?1?????????????????????????n???1???????????????????????????-?????n????? ???????n?????n???????1????????????????????? ???????n???????????l?1?????????????????????????l???6???????????????????????????j???????t?????n????? ???????n?????n???????1????????????????????? ???????n???????????m?1????????????????????? ???????n?????m?????m????"????????????????????????????n????? ???????n?????n???????1????????????????????? ?n???n???n???n???n???n???n???n???n???n????????? ???????n???????????m?1????????????????????6.1.7600.16385?????????n????? ???????n?????n???????1????????????????????? ???????n???????????m?1????????????????????????????????????????????????????????s??????n????? ???????n?????n???????1????????????????????? ???????n???????????m?1?????????????????????????k???????e????X??????????????g?g???????n????? ???????f.???????????????.????????????B????? ???????n?????j???????
Reg             HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers@AliveServerCount                            0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C5100 series@ChangeID     45926
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId   641
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\642                             
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\642@CrawlType                   2
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\642@InProgress                  1
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\642@DoneAddingCrawlSeeds        0
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\642@IsCatalogLevel              0
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\642@LogStartAddId               3
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\3@CrawlNumberInProgress     642

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Bei dem OSAM logfile gab es kleine Probleme, ich hoffe, dass es trotzdem ausgewertet werden kann. Ich konnte nach dem automatischen scan nur einmal auf next klicken, danach musste ich cancel klicken, konnte aber in einem neu erschienenen fenster savelog anklicken. ich hoffe das logfile ist richtig.

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:33:35 on 01.01.2011

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl
"styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aujasnkj" (aujasnkj) - ? - C:\Users\User\AppData\Local\Temp\aujasnkj.sys  (Hidden registry entry, rootkit activity | File not found)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\User\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"esgiguard" (esgiguard) - ? - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys  (File found, but it contains no detailed information)
"HIDServiceDesc" (KMWDFILTERx86) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\DRIVERS\KMWDFILTER.sys
"PC Tools Data Store" (pctDS) - "PC Tools" - C:\Windows\System32\drivers\pctDS.sys
"PC Tools Extended File Attributes" (pctEFA) - "PC Tools" - C:\Windows\System32\drivers\pctEFA.sys
"PCTools KDS" (PCTCore) - "PC Tools" - C:\Windows\System32\drivers\PCTCore.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{FC66F851-FFAB-11D1-B226-0000C01A73E9} "Graphisoft Shell Extension 3.0" - "Graphisoft R&D" - C:\Program Files\Graphisoft\ArchiCAD 13\GSShellX32.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{4B392032-A759-43ED-9469-377C80A4472D} "AcDgnImageExtractor" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM18.dll
{5800AD5B-72C1-477B-9A08-CA112DF06D97} "AcInfoTipHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk, Inc." - C:\Windows\system32\AcSignIcon.dll
{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C81DCBCA-8AE2-41FC-9C39-78B160393210} "RhinoShExt" - "Robert McNeel & Associates" - C:\Program Files\Rhinoceros 4.0\System\RhinoShExt.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "{555D4D79-4BD2-4094-A395-CFC534424A05}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{472734EA-242A-422b-ADF8-83D1E48CC825} "{472734EA-242A-422b-ADF8-83D1E48CC825}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{166B1BCA-3F9C-11CF-8075-444553540000} "{166B1BCA-3F9C-11CF-8075-444553540000}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PC Tools Auxiliary Service" (sdAuxService) - "PC Tools" - C:\Program Files\PC Tools Security\pctsAuxs.exe
"PC Tools Security Service" (sdCoreService) - "PC Tools" - C:\Program Files\PC Tools Security\pctsSvc.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"SpyHunter 4 Service" (SpyHunter 4 Service) - "Enigma Software Group USA, LLC." - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Computer, Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"PCTOOLS CONTENT FILTER PROVIDER" - "PC Tools Research Pty Ltd." - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---



Was sagen denn die bisher ausgeführten logfiles. Ist der PC sehr infiziert. PS: Noch immer gibt es Probleme mit dem Internet auf meinem Computer. Internetexplorer öffnet sich erst nach öfteren anklicken des Internetexplorers und Internetseiten zeigen oft auf den ersten zwei klicks Werbeseiten an.

Ich hoffe ihr könnt mir helfen.

Alt 01.01.2011, 13:22   #13
PinkLady87
 
Trojaner; PC langsam & mehrere Werbeseiten - Standard

Trojaner; PC langsam & mehrere Werbeseiten



hallo ich habe vergessen den mbr check hochzuladen.

der folgt jetzt


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Compaq nx7300 (GB904ET#ABD)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 204):
0x82E18000 \SystemRoot\system32\ntkrnlpa.exe
0x83228000 \SystemRoot\system32\halmacpi.dll
0x80B9A000 \SystemRoot\system32\kdcom.dll
0x87230000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x872A8000 \SystemRoot\system32\PSHED.dll
0x872B9000 \SystemRoot\system32\BOOTVID.dll
0x872C1000 \SystemRoot\system32\CLFS.SYS
0x87303000 \SystemRoot\system32\CI.dll
0x8742C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8749D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x874AB000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x874F3000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x874FC000 \SystemRoot\system32\drivers\fltmgr.sys
0x87530000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x87538000 \SystemRoot\system32\DRIVERS\pci.sys
0x87562000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8756D000 \SystemRoot\System32\drivers\partmgr.sys
0x8757E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x87586000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x87591000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x875A1000 \SystemRoot\System32\drivers\volmgrx.sys
0x875EC000 \SystemRoot\system32\DRIVERS\intelide.sys
0x87400000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x873AE000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8740E000 \SystemRoot\System32\drivers\mountmgr.sys
0x875F3000 \SystemRoot\system32\DRIVERS\atapi.sys
0x873DC000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x87200000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8720A000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x87213000 \SystemRoot\system32\drivers\fileinfo.sys
0x87624000 \SystemRoot\system32\drivers\PCTCore.sys
0x87661000 \SystemRoot\system32\drivers\pctDS.sys
0x876B8000 \SystemRoot\system32\drivers\pctEFA.sys
0x8780A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87939000 \SystemRoot\System32\Drivers\msrpc.sys
0x87964000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87977000 \SystemRoot\System32\Drivers\cng.sys
0x879D4000 \SystemRoot\System32\drivers\pcw.sys
0x879E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x87A1D000 \SystemRoot\system32\drivers\ndis.sys
0x87AD4000 \SystemRoot\system32\drivers\NETIO.SYS
0x87B12000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x87C01000 \SystemRoot\System32\drivers\tcpip.sys
0x87D4A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87D7B000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x87D84000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x87DC3000 \SystemRoot\System32\Drivers\spldr.sys
0x87DCB000 \SystemRoot\System32\drivers\rdyboost.sys
0x87B37000 \SystemRoot\System32\Drivers\mup.sys
0x87DF8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x87B47000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x87B79000 \SystemRoot\system32\DRIVERS\disk.sys
0x87B8A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8775D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x87BE2000 \SystemRoot\System32\Drivers\Null.SYS
0x87BE9000 \SystemRoot\System32\Drivers\Beep.SYS
0x87BF0000 \SystemRoot\System32\drivers\vga.sys
0x8777C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x87A00000 \SystemRoot\System32\drivers\watchdog.sys
0x87A0D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x87A15000 \SystemRoot\system32\drivers\rdpencdd.sys
0x879EB000 \SystemRoot\system32\drivers\rdprefmp.sys
0x879F3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8779D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x877AB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x877C2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CE00000 \SystemRoot\system32\drivers\afd.sys
0x8CE5A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CE8C000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8CE95000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8CE9C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CEBB000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8CECC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CEDA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CEED000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CEFD000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8CF03000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CF44000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CF4E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CF58000 \SystemRoot\System32\drivers\discache.sys
0x8CF64000 \SystemRoot\system32\drivers\csc.sys
0x8CFC8000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CFE0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x877CD000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8CFEE000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x87600000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x877E9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8DE23000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E32C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F203000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8F23C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F25B000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8F373000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x8F37D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F388000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F3D3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F42D000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x8F459000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x8F46A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F482000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8F487000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F494000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F4C2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F4C4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F4D1000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x8F4D4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F4E7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F4EE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F4F2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F4FB000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8F508000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8F527000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8F539000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F551000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F55C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F57E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F596000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F5AD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F5C4000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8F5CE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FC3C000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FC70000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FC7E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FCC2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8FCCE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8FCE8000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x8FD38000 \SystemRoot\system32\drivers\portcls.sys
0x8FD67000 \SystemRoot\system32\drivers\drmk.sys
0x9502E000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x95134000 \SystemRoot\system32\drivers\modem.sys
0x96600000 \SystemRoot\System32\win32k.sys
0x95141000 \SystemRoot\System32\drivers\Dxapi.sys
0x9514B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95156000 \SystemRoot\System32\Drivers\crashdmp.sys
0x95163000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9516E000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x95178000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x95189000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x95192000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9519D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x96860000 \SystemRoot\System32\TSDDD.dll
0x96890000 \SystemRoot\System32\cdd.dll
0x968B0000 \SystemRoot\System32\ATMFD.DLL
0x951A8000 \SystemRoot\system32\drivers\luafv.sys
0x951C3000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x951D7000 \SystemRoot\system32\drivers\WudfPf.sys
0x95000000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8FD80000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x95010000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8FDC6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97039000 \SystemRoot\system32\drivers\HTTP.sys
0x970BE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x970D7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x970E9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9710C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x97147000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x97162000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xA983F000 \SystemRoot\system32\drivers\peauth.sys
0xA98D6000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA98E0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA9901000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA990E000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA995D000 \SystemRoot\System32\DRIVERS\srv.sys
0xADC15000 \SystemRoot\system32\drivers\spsys.sys
0xADC7F000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77700000 \Windows\System32\ntdll.dll
0x481F0000 \Windows\System32\smss.exe
0x77940000 \Windows\System32\apisetschema.dll
0x008C0000 \Windows\System32\autochk.exe
0x77890000 \Windows\System32\advapi32.dll
0x76AB0000 \Windows\System32\shell32.dll
0x76A50000 \Windows\System32\difxapi.dll
0x77860000 \Windows\System32\imagehlp.dll
0x768B0000 \Windows\System32\setupapi.dll
0x76770000 \Windows\System32\urlmon.dll
0x76720000 \Windows\System32\gdi32.dll
0x765C0000 \Windows\System32\ole32.dll
0x77840000 \Windows\System32\imm32.dll
0x76530000 \Windows\System32\clbcatq.dll
0x76460000 \Windows\System32\msctf.dll
0x76440000 \Windows\System32\sechost.dll
0x763F0000 \Windows\System32\Wldap32.dll
0x76370000 \Windows\System32\comdlg32.dll
0x76360000 \Windows\System32\normaliz.dll
0x76260000 \Windows\System32\wininet.dll
0x76190000 \Windows\System32\user32.dll
0x760E0000 \Windows\System32\msvcrt.dll
0x760D0000 \Windows\System32\lpk.dll
0x76070000 \Windows\System32\shlwapi.dll
0x75FC0000 \Windows\System32\rpcrt4.dll
0x75FB0000 \Windows\System32\psapi.dll
0x75FA0000 \Windows\System32\nsi.dll
0x75F60000 \Windows\System32\ws2_32.dll
0x75E80000 \Windows\System32\kernel32.dll
0x75DF0000 \Windows\System32\oleaut32.dll
0x75BF0000 \Windows\System32\iertutil.dll
0x75B50000 \Windows\System32\usp10.dll
0x75B30000 \Windows\System32\devobj.dll
0x75A10000 \Windows\System32\crypt32.dll
0x75980000 \Windows\System32\comctl32.dll
0x75950000 \Windows\System32\wintrust.dll
0x75920000 \Windows\System32\cfgmgr32.dll
0x758D0000 \Windows\System32\KernelBase.dll
0x758C0000 \Windows\System32\msasn1.dll

Processes (total 51):
0 System Idle Process
4 System
236 C:\Windows\System32\smss.exe
336 csrss.exe
392 C:\Windows\System32\wininit.exe
400 csrss.exe
456 C:\Windows\System32\winlogon.exe
476 C:\Windows\System32\services.exe
492 C:\Windows\System32\lsass.exe
500 C:\Windows\System32\lsm.exe
624 C:\Windows\System32\svchost.exe
696 C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
720 C:\Windows\System32\svchost.exe
788 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\audiodg.exe
1100 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\svchost.exe
1392 C:\Windows\System32\dwm.exe
1404 C:\Windows\explorer.exe
1496 C:\Windows\System32\spoolsv.exe
1520 C:\Windows\System32\taskeng.exe
1572 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1604 C:\Windows\System32\hkcmd.exe
1612 C:\Windows\System32\igfxpers.exe
1620 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
1628 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1648 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
1708 C:\Windows\System32\taskhost.exe
1720 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1828 C:\Windows\System32\igfxsrvc.exe
1844 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\rundll32.exe
204 C:\Windows\System32\AEADISRV.EXE
900 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
1328 C:\Windows\System32\svchost.exe
1944 C:\Windows\System32\svchost.exe
1596 C:\Windows\System32\svchost.exe
1940 C:\Windows\System32\svchost.exe
2328 C:\Windows\System32\svchost.exe
2384 C:\Windows\System32\SearchIndexer.exe
3264 C:\Windows\System32\sppsvc.exe
3292 C:\Program Files\Windows Media Player\wmpnetwk.exe
3340 C:\Windows\System32\svchost.exe
3492 WmiPrvSE.exe
3704 <unknown>
4028 C:\Windows\System32\wbem\WMIADAP.exe
2872 C:\Users\User\Downloads\MBRCheck.exe
2888 C:\Windows\System32\conhost.exe
2660 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541680J9SA00, Rev: SB2OC7BP

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

ich hoffe ihr habt noch den durchblick und könnt mir sagen wie ich die lästigen trojaner usw loswerden kann ohne unbedingt das system komplett neu zu starten

Alt 02.01.2011, 10:10   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner; PC langsam & mehrere Werbeseiten - Standard

Trojaner; PC langsam & mehrere Werbeseiten



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.01.2011, 22:20   #15
PinkLady87
 
Trojaner; PC langsam & mehrere Werbeseiten - Standard

Trojaner; PC langsam & mehrere Werbeseiten



halli hallo,
habe die erneuten scannings ausgeführt.

Malwarebytes

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5422

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.01.2011 20:47:49
mbam-log-2011-01-02 (20-47-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 262323
Laufzeit: 49 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\B60JHDGR6V (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



superantispyware

SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 01/02/2011 bei 10:37 PM

Version der Applikation : 4.47.1000

Version der Kern-Datenbank : 6003
Version der Spur-Datenbank : 3815

Scan Art : kompletter Scann
Totale Scann-Zeit : 01:20:19

Gescannte Speicherelemente : 561
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 10216
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 115646
Erfasste Datei-Elemente : 0


laut dieser protokolle scheint mein pc gut zu funktionieren, jedoch sind die probleme noch immer nicht gelöst, auch wenn ich schon viele dinge gelöscht habe.

mich beunruhigt noch immer, das der spyhunter4 zum beispiel 38 bedrohungen auf dem pc anzeigt

bedrohungen mit folgenden namen werden mir angezeigt (wireless ist deaktiviert):

ad.yieldmanager.com: bh.ad.yieldmanager.com[2].txt, uid.ad.yieldmanager.com[2].txt, ih.ad.yieldmanager.com[2].txt, BX.ad.yieldmanager.com[2].txt

Media: GUID.ads.quartermedia[2].txt, LE2.ads.quartermedia[2].txt, JY57.collective-media[2].txt, cli.collective-media[2].txt, dc.collective-media[2].txt, apnx.collective-media[2].txt, nadp.collective-media[2].txt, blue.collective-media[2].txt, ....

Serving-sys: eyeblaster.bs.serving-sys[1].txt, A2.serving-sys[1].txt, B2.serving-sys[1].txt, C3.serving-sys[1].txt, D3.serving-sys[1].txt, E2.serving-sys[1].txt, u2.serving-sys[1].txt, u3.serving-sys[1].txt

und noch einige andere.
Weist du wie ich diese lästigen trojaner loswerden kann? Dadurch ist mein System langsam, Werbefenster öffnen sich und ich muss öfter auf den Browser klicken, damit der sich öffnet...

danke

Antwort

Themen zu Trojaner; PC langsam & mehrere Werbeseiten
adobe, adware, antivir, antivir guard, avg, avgnt, avira, bho, desktop, dringend, enigma, explorer, hijack, hijack this, ics, internet, internet explorer, langsam, launch, logfile, malware, microsoft, neu, safer networking, security, software, system, temp, trojaner, windows



Ähnliche Themen: Trojaner; PC langsam & mehrere Werbeseiten


  1. Mehrere Pc Probleme ( langsam allgemein )
    Plagegeister aller Art und deren Bekämpfung - 10.08.2015 (32)
  2. Computer sehr langsam und oeffne Werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 22.04.2015 (13)
  3. PC ungewöhnlich langsam, mehrere Viren-/Trojanerfunde!
    Log-Analyse und Auswertung - 12.01.2015 (23)
  4. Windows 7: mehrere Registry Key-Funde (über 1000), Internet Explorer sehr langsam
    Log-Analyse und Auswertung - 09.06.2014 (12)
  5. Notebook sehr langsam/Umleitung auf Werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 17.02.2014 (15)
  6. Laptop extrem langsam, Firewall nicht aktivierbar, Malwarebytes hat mehrere Viren gefunden
    Log-Analyse und Auswertung - 11.12.2013 (17)
  7. Win 7 (64Bit) Rechner sehr langsam, mehrere Scanner haben sich aufgehängt
    Log-Analyse und Auswertung - 14.10.2013 (9)
  8. Win7: System startet langsam, dauert bis es WLAN-Verbindung findet, Antivir hat mehrere Quarantäneeinträge
    Log-Analyse und Auswertung - 04.10.2013 (19)
  9. windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nicht
    Log-Analyse und Auswertung - 30.06.2013 (10)
  10. Avast meldet: HTML:RedirDL-inf Trojaner - Browser bringt Werbeseiten
    Log-Analyse und Auswertung - 07.11.2012 (3)
  11. Hilfe ich habe mehrere IEXPLORER Prozesse und Explorer ist langsam PC ständig überlastet
    Log-Analyse und Auswertung - 02.07.2012 (28)
  12. Google lädt nur sehr langsam und öffnet manchmal Werbeseiten (vermutlich durch Facebook infiziert)
    Log-Analyse und Auswertung - 02.11.2011 (8)
  13. Firefox total langsam / Chrome läuft gut /Antivir mehrere Funde
    Log-Analyse und Auswertung - 22.08.2010 (3)
  14. Mehrere Würmer, Trojaner,...Dachte sei weg, aber I-net+pc langsam geworden
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (23)
  15. Werde auf Werbeseiten umgeleitet Trojaner Virus? HILFE
    Log-Analyse und Auswertung - 08.04.2010 (1)
  16. Pc in letzer zeit langsam - Mehrere Trojaner/Viren Gefunden
    Log-Analyse und Auswertung - 19.11.2009 (1)
  17. werbeseiten... trojaner wie bekomme ich das wieder los?
    Log-Analyse und Auswertung - 13.08.2009 (6)

Zum Thema Trojaner; PC langsam & mehrere Werbeseiten - Hallo PC-Experten, seit ca. 1 Woche habe ich Probleme mit meinem Computer. Ich habe bereits versucht die Probleme allein zu lösen, doch es gibt immer noch Malware und Bedrohungen auf - Trojaner; PC langsam & mehrere Werbeseiten...
Archiv
Du betrachtest: Trojaner; PC langsam & mehrere Werbeseiten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.