audiodg.exe frisst cpuleistung

#1 HalloHallo an alle
also kurze beschriebung habe seit kurzem wieder vista auf meinem laptop und hab sp1 draufgepackt und als ich dann gezoggt hab hatte ich zum bsp. bei quake 3 arena auf einmal fps schwankungen zwischen 125 und 50 fps was daran lag das die datei audiodg.exe eine cpu auslastung von 20-30% verursacht hat hab den prozess dann mal gekilled allerdings hatte ich dann wie erwartet keinen sound mehr...so und nun such ich hier bei euch hilfe was ich dagegen machen kann hoffe das mir jemand helfen kann

hier noch die logs von combofix und hjt

Zitat

ComboFix 08-04-26.5 - Larry 2008-04-27 21:58:22.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1219 [GMT 2:00]
ausgeführt von:: C:\Users\Larry\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((( Dateien erstellt von 2008-03-27 bis 2008-04-27 ))))))))))))))))))))))))))))))
.

2008-04-25 20:29 . 2008-04-25 20:29 <DIR> d-------- C:\Temp
2008-04-25 00:34 . 2008-04-25 00:34 <DIR> d-------- C:\Windows\System32\Futuremark
2008-04-25 00:34 . 2004-10-25 20:02 21,664 --a------ C:\Windows\System32\drivers\Entech.sys
2008-04-25 00:34 . 2001-11-16 15:23 9,474 --------- C:\Windows\System32\drivers\PciBus.vxd
2008-04-25 00:34 . 1999-11-02 10:01 6,173 --a------ C:\Windows\System32\Entech.vxd
2008-04-25 00:34 . 1999-11-02 10:01 6,173 --------- C:\Windows\System32\drivers\Entech.vxd
2008-04-25 00:34 . 2001-11-19 18:05 3,972 --------- C:\Windows\System32\drivers\PciBus.sys
2008-04-25 00:33 . 2008-04-25 00:33 <DIR> d-------- C:\Program Files\Futuremark
2008-04-24 23:49 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-04-24 23:45 . 2008-04-24 23:45 <DIR> d-------- C:\Windows\PCHEALTH
2008-04-24 23:45 . 2008-04-24 23:45 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-24 23:41 . 2008-04-24 23:50 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-04-24 23:41 . 2008-04-24 23:50 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-04-24 23:39 . 2008-04-24 23:39 <DIR> dr-h----- C:\MSOCache
2008-04-23 20:13 . 2008-04-23 20:14 <DIR> d-------- C:\Program Files\Visions
2008-04-23 18:55 . 2008-04-23 19:10 <DIR> d-------- C:\Users\All Users\SecTaskMan
2008-04-23 18:55 . 2008-04-23 19:10 <DIR> d-------- C:\ProgramData\SecTaskMan
2008-04-22 20:11 . 2007-12-04 16:44 23,600 --a------ C:\Windows\System32\drivers\TVICHW32.SYS
2008-04-22 20:11 . 2008-04-22 20:11 1,532 --a------ C:\Windows\mozver.dat
2008-04-22 19:19 . 2008-04-22 19:19 <DIR> d-------- C:\Program Files\SpeedFan
2008-04-22 19:19 . 2008-04-22 19:19 45 --a------ C:\Windows\System32\initdebug.nfo
2008-04-22 16:05 . 2008-04-22 16:05 <DIR> d-------- C:\Users\All Users\Media Center Programs
2008-04-22 16:05 . 2008-04-22 16:05 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-04-21 22:22 . 2008-04-21 22:23 <DIR> d-------- C:\Users\Larry\AppData\Roaming\concept design
2008-04-21 22:22 . 2008-04-21 22:23 <DIR> d-------- C:\Program Files\onlineTV 4
2008-04-21 22:22 . 2006-05-21 16:15 966,144 --a------ C:\Windows\System32\NCTAudioInformation2.dll
2008-04-21 22:22 . 2006-05-21 16:15 877,568 --a------ C:\Windows\System32\NCTAudioFile2.dll
2008-04-21 22:22 . 2006-05-21 16:15 634,880 --a------ C:\Windows\System32\NCTAudioEditor2.dll
2008-04-21 22:22 . 2006-05-21 16:15 522,752 --a------ C:\Windows\System32\NCTAudioTransform2.dll
2008-04-21 22:22 . 2006-05-21 16:15 467,968 --a------ C:\Windows\System32\NCTAudioRecord2.dll
2008-04-21 22:22 . 2006-05-21 16:15 467,456 --a------ C:\Windows\System32\NCTAudioPlayer2.dll
2008-04-21 22:22 . 2006-05-21 16:15 237,568 --a------ C:\Windows\System32\lame_enc.dll
2008-04-20 22:35 . 2008-04-20 22:35 <DIR> d-------- C:\Users\All Users\Pinnacle
2008-04-20 22:35 . 2008-04-20 22:35 <DIR> d-------- C:\ProgramData\Pinnacle
2008-04-20 22:35 . 2008-04-21 21:50 <DIR> d-------- C:\Program Files\Pinnacle
2008-04-20 22:26 . 2007-01-29 21:20 361,728 --a------ C:\Windows\System32\drivers\emBDA.sys
2008-04-20 22:26 . 2007-01-29 21:18 106,496 --a------ C:\Windows\System32\emPRP.ax
2008-04-20 22:26 . 2007-02-15 12:30 81,920 --a------ C:\Windows\System32\PCLECoInst.dll
2008-04-20 22:26 . 2006-12-15 16:54 61,440 --a------ C:\Windows\emMON.exe
2008-04-20 22:26 . 2007-01-29 21:19 39,680 --a------ C:\Windows\System32\drivers\emOEM.sys
2008-04-20 22:26 . 2007-01-12 17:55 22,912 --a------ C:\Windows\System32\drivers\emAudio.sys
2008-04-20 22:18 . 2008-04-20 22:18 <DIR> d-------- C:\Program Files\PCTV
2008-04-17 05:01 . 2008-04-17 05:01 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-04-17 05:01 . 2008-04-17 05:01 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys
2008-04-17 04:42 . 2008-04-17 04:42 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-17 04:37 . 2008-04-17 04:37 <DIR> d-------- C:\Users\Larry\AppData\Roaming\DAEMON Tools
2008-04-17 04:17 . 2008-04-17 04:37 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-04-17 03:55 . 2008-04-17 03:55 <DIR> d-------- C:\Program Files\VLC
2008-04-17 01:49 . 2008-04-17 01:57 <DIR> d-------- C:\Program Files\Autoruns
2008-04-17 00:46 . 2008-04-17 00:46 <DIR> d-------- C:\Users\Larry\AppData\Roaming\AdobeUM
2008-04-15 01:00 . 2008-04-27 21:54 27,335 --a------ C:\Users\Larry\AppData\Roaming\nvModes.dat
2008-04-15 00:57 . 2008-04-15 00:57 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-04-14 23:19 . 2008-04-14 23:19 <DIR> d-------- C:\Program Files\DC++
2008-04-14 23:02 . 2008-04-14 23:02 <DIR> d-------- C:\Users\All Users\Avira
2008-04-14 23:02 . 2008-04-14 23:02 <DIR> d-------- C:\ProgramData\Avira
2008-04-14 23:02 . 2008-04-14 23:02 <DIR> d-------- C:\Program Files\Avira
2008-04-14 22:44 . 2006-02-04 03:50 5,174 --a------ C:\Windows\System32\nppt9x.vxd
2008-04-14 22:44 . 2006-02-04 03:50 4,682 --a------ C:\Windows\System32\npptNT2.sys
2008-04-14 22:31 . 2008-04-25 20:29 <DIR> d-------- C:\Users\Larry\AppData\Roaming\Xfire
2008-04-14 22:31 . 2008-04-19 02:14 <DIR> d-------- C:\Users\All Users\Xfire
2008-04-14 22:31 . 2008-04-19 02:14 <DIR> d-------- C:\ProgramData\Xfire
2008-04-14 22:31 . 2008-04-15 10:10 <DIR> d-------- C:\Program Files\Xfire
2008-04-14 22:18 . 2008-04-14 22:18 <DIR> d-------- C:\PerfLogs
2008-04-14 22:03 . 2008-04-14 21:47 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-04-14 22:03 . 2008-04-14 21:47 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-04-14 21:55 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-04-14 21:55 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-04-14 21:51 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-04-14 21:48 . 2008-04-14 21:48 <DIR> d-------- C:\Users\Larry\AppData\Roaming\Talkback
2008-04-14 21:47 . 2008-04-14 22:04 196,608 --a------ C:\Windows\SPInstall.etl
2008-04-14 21:47 . 2008-04-14 21:47 0 --a------ C:\Windows\nsreg.dat
2008-04-14 21:46 . 2008-04-14 20:47 455,611,504 --a------ C:\Windows6.0-KB936330-X86-wave0.exe
2008-04-14 21:29 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-04-14 21:21 . 2008-04-14 21:23 <DIR> d-------- C:\Users\Larry\AppData\Roaming\ICQLite
2008-04-14 21:21 . 2008-04-14 21:24 <DIR> d-------- C:\Program Files\ICQLite
2008-04-14 21:19 . 2008-04-14 21:19 1,820 --a------ C:\Windows\System32\rasctrnm.h
2008-04-14 21:18 . 2008-04-14 21:29 <DIR> d-------- C:\Program Files\Winamp
2008-04-14 21:16 . 2008-04-14 21:16 <DIR> d-------- C:\Users\Larry\AppData\Roaming\LockTime
2008-04-14 21:16 . 2008-04-14 21:16 <DIR> d-------- C:\Program Files\NetLimiter
2008-04-14 21:14 . 2008-04-14 21:14 <DIR> d-------- C:\Users\Larry\AppData\Roaming\teamspeak2
2008-04-14 21:13 . 2008-04-14 21:13 <DIR> d-------- C:\Users\Larry\AppData\Roaming\vlc
2008-04-14 21:13 . 2008-04-14 21:14 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-04-14 21:13 . 2008-04-14 21:13 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-04-14 21:10 . 2008-04-14 23:29 <DIR> d-------- C:\Program Files\MSD
2008-04-14 21:08 . 2008-04-14 21:08 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-14 21:08 . 2008-04-14 21:08 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-14 21:08 . 2008-04-14 21:08 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-14 21:08 . 2008-04-14 21:08 378,368 --a------ C:\Windows\System32\srcore.dll
2008-04-14 21:08 . 2008-04-14 21:08 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-04-14 21:08 . 2008-04-14 21:08 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-04-14 21:08 . 2008-04-14 21:08 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-14 21:08 . 2008-04-14 21:08 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-14 21:08 . 2008-04-14 21:08 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-04-14 21:08 . 2008-04-14 21:08 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-14 21:07 . 2008-04-14 21:07 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-14 21:06 . 2008-04-14 21:06 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-04-14 21:00 . 2008-04-14 21:00 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-14 21:00 . 2008-04-14 21:00 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-14 20:23 . 2008-04-14 20:23 16 --a------ C:\Windows\System32\coh.cache
2008-04-14 20:11 . 2008-04-14 20:11 <DIR> d-------- C:\Users\All Users\IsolatedStorage
2008-04-14 20:11 . 2008-04-14 20:11 <DIR> d-------- C:\ProgramData\IsolatedStorage
2008-04-14 20:10 . 2008-04-14 20:10 <DIR> d-------- C:\Program Files\Toshiba TEMPO
2008-04-14 20:10 . 2008-04-14 20:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 20:01 . 2008-04-14 21:39 <DIR> dr------- C:\Users\Larry\Searches
2008-04-14 20:00 . 2008-04-14 20:00 <DIR> dr------- C:\Users\Larry\Contacts
2008-04-14 20:00 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-04-14 20:00 . 2006-11-29 13:06 440,080 --a------ C:\Windows\System32\d3dx10.dll
2008-04-14 20:00 . 2006-12-08 12:02 251,672 --a------ C:\Windows\System32\xactengine2_5.dll
2008-04-14 20:00 . 2006-09-28 16:05 237,848 --a------ C:\Windows\System32\xactengine2_4.dll
2008-04-14 19:59 . 2008-04-14 19:59 <DIR> d-------- C:\Users\Larry\AppData\Roaming\InstallShield
2008-04-14 19:59 . 2008-04-14 20:00 <DIR> d-------- C:\Program Files\Common Files\Toshiba Shared
2008-04-14 19:58 . 2008-04-14 19:58 <DIR> d-------- C:\Windows\System32\Lang
2008-04-14 19:58 . 2008-04-14 19:58 <DIR> d-------- C:\Windows\System32\DEU
2008-04-14 19:58 . 2007-03-13 17:49 936,728 --a------ C:\Windows\System32\imsmudlg.exe
2008-04-14 19:56 . 2008-04-14 19:56 <DIR> d-------- C:\Users\All Users\ToshibaEurope
2008-04-14 19:56 . 2008-04-14 19:56 <DIR> d-------- C:\ProgramData\ToshibaEurope
2008-04-14 19:55 . 2008-04-21 22:23 <DIR> dr------- C:\Users\Larry\Videos
2008-04-14 19:55 . 2008-04-14 23:35 <DIR> dr------- C:\Users\Larry\Saved Games
2008-04-14 19:55 . 2008-04-23 14:54 <DIR> dr------- C:\Users\Larry\Pictures
2008-04-14 19:55 . 2008-04-21 22:23 <DIR> dr------- C:\Users\Larry\Music
2008-04-14 19:55 . 2008-04-14 21:39 <DIR> dr------- C:\Users\Larry\Links
2008-04-14 19:55 . 2008-04-14 21:27 <DIR> dr------- C:\Users\Larry\Downloads
2008-04-14 19:55 . 2008-04-24 18:43 <DIR> dr------- C:\Users\Larry\Documents
2008-04-14 19:55 . 2006-11-02 14:37 <DIR> d-------- C:\Users\Larry\AppData\Roaming\Media Center Programs
2008-04-14 19:55 . 2008-04-14 19:56 <DIR> d--h----- C:\Users\Larry\AppData

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 22:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 12:00 --------- d-----w C:\Program Files\Windows Mail
2008-04-14 20:26 174 --sha-w C:\Program Files\desktop.ini
2008-04-14 20:19 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-14 20:19 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-14 20:19 --------- d-----w C:\Program Files\Windows Journal
2008-04-14 20:19 --------- d-----w C:\Program Files\Windows Defender
2008-04-14 20:19 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-14 20:19 --------- d-----w C:\Program Files\Windows Calendar
2008-04-14 20:09 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-14 20:09 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-14 19:36 --------- d-----w C:\ProgramData\Symantec
2008-04-14 19:36 --------- d-----w C:\Program Files\TOSHIBA
2008-04-14 18:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-14 18:19 --------- d-----w C:\ProgramData\MAGIX
2008-04-14 17:59 --------- d-----w C:\ProgramData\Toshiba
2008-04-14 17:58 --------- d-----w C:\Program Files\Intel
2008-04-14 17:51 --------- d-sh--w C:\ProgramData\Vorlagen
2008-04-14 17:51 --------- d-sh--w C:\ProgramData\Startmenü
2008-04-14 17:51 --------- d-sh--w C:\ProgramData\Favoriten
2008-04-14 17:51 --------- d-sh--w C:\ProgramData\Dokumente
2008-04-14 17:51 --------- d-sh--w C:\ProgramData\Anwendungsdaten
2008-04-14 17:51 --------- d-sh--w C:\Program Files\Gemeinsame Dateien
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-03 17:03 2854912 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-03 17:03 2854912 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:15 3144800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [ ]
"Persistence"="C:\Windows\system32\igfxpers.exe" [ ]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 17:14 34352]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 21:42 438272]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 10:39 411192]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 15:57 509496]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 16:32 538744]
"NDSTray.exe"="NDSTray.exe" []
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2006-12-03 16:29 49168]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-27 06:32 898344]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 14:37 174872]
"IaNvSrv"="C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-03-13 17:49 33048]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 06:00 204800]
"NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2004-03-31 15:23 823296]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:15 3144800]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-06 10:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-06 10:07 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-06 10:07 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-14 23:31 262401]
"HWSetup"="\HWSetup.exe" [ ]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-04 23:31:48 2987856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 2006-12-03 16:50 90112 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"VIDC.XFR1"= xfcodec.dll
"VIDC.PIM1"= PCLEPIM1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-278712575-300069541-1875696542-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{EE1D4960-307B-423A-84F6-FF6B589F91F3}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{DC1AF4ED-B962-4CBF-ABAB-6B4B76F68975}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{5CD2D866-6A39-4CC5-AC0F-246BFB2F8FE7}"= UDP:C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:Teamspeak RC2
"{1D5812CF-43D7-40BD-A8FA-A8C8DE25DF7A}"= TCP:C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:Teamspeak RC2
"{7261D23B-7A94-4D31-855E-42C00FB785AF}"= UDP:E:\Spiele\Lineage II Kamael\LineageII.exelay Lineage II
"{7181C05D-A6B8-47F7-A128-9E1BB8D93185}"= TCP:E:\Spiele\Lineage II Kamael\LineageII.exelay Lineage II
"{B03396E9-5F46-4ADF-918B-D5D1AB8C70E3}"= UDP:C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe:AntiVir PersonalEdition Classic starten
"{19721D7C-A2AF-40F3-88D1-D0727DE48A8F}"= TCP:C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe:AntiVir PersonalEdition Classic starten
"TCP Query User{B17C1233-8B2C-4E4A-9B6C-C7A39248F478}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exeC++
"UDP Query User{18A4A1FC-16FF-4A90-BC01-C052721E320B}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exeC++
"TCP Query User{8BBC6474-15C7-42EE-A5AD-E969E5CA847E}E:\\spiele\\quake 3 arena\\quake3.exe"= UDP:E:\spiele\quake 3 arena\quake3.exe:quake3
"UDP Query User{C01BF979-E49B-4406-A112-CD3266BCA502}E:\\spiele\\quake 3 arena\\quake3.exe"= TCP:E:\spiele\quake 3 arena\quake3.exe:quake3
"TCP Query User{679FCD08-710B-4AA1-80D6-C6446B81D7F1}C:\\program files\\onlinetv 4\\onlinetv.exe"= UDP:C:\program files\onlinetv 4\onlinetv.exe:onlineTV 4
"UDP Query User{FA8A0F18-F4C0-45BD-89B3-59491BE43EA9}C:\\program files\\onlinetv 4\\onlinetv.exe"= TCP:C:\program files\onlinetv 4\onlinetv.exe:onlineTV 4
"TCP Query User{A64C0C28-3D0B-4201-8CA9-E75C0293B268}C:\\program files\\icqlite\\icqlite.exe"= UDP:C:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{CDFE5258-6A7C-487C-9CEA-9ED21830F41B}C:\\program files\\icqlite\\icqlite.exe"= TCP:C:\program files\icqlite\icqlite.exe:ICQLite
"{C484B01A-510E-48F1-AA13-3E041A20C748}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F7B1A0A7-B824-4A11-B23D-ABD00D813F55}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{57A307F4-E7A5-4937-A05B-CA0481726F8A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E3FAEE21-2C19-4577-A294-3DFAA0DBEBA8}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

R0 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 15:01]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys [2007-03-11 01:11]
R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 16:25]
R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-04-29 14:54]
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe [2007-05-26 08:55]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 21:55]
R3 TcUsb;TC USB Kernel Driver;C:\Windows\system32\Drivers\tcusb.sys [2006-12-03 16:21]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 12:50]
R3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 16:32]
R3 UVCFTR;UVCFTR;C:\Windows\system32\Drivers\UVCFTR_S.SYS [2007-04-16 10:19]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;"C:\Program Files\Toshiba TEMPO\TempoSVC.exe" [2007-10-29 16:21]
S3 athr;Atheros Extensible Drahtlos-LAN-Gerätetreiber;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 09:30]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe []
S3 USB28xxBGA;PCTV 100e/150e Device;C:\Windows\system32\DRIVERS\emBDA.sys [2007-01-29 21:20]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2007-01-29 21:19]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 16:40]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 16:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85ed07a6-0c27-11dd-88b3-0013e86b80a3}]
\shell\AutoRun\command - G:\SETUP.EXE
\shell\configure\command - G:\SETUP.EXE
\shell\install\command - G:\SETUP.EXE

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 22:05:19
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Windows\System32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\conime.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-04-27 22:07:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-27 20:07:21

9 Verzeichnis(se), 24,880,582,656 Bytes frei
17 Verzeichnis(se), 24,644,268,032 Bytes frei

308 --- E O F --- 2008-04-25 09:09:26

Zitat

Logfile of HijackThis v1.99.1
Scan saved at 22:55:15, on 27.04.2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: psfus - C:\Windows\system32\psqlpwd.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

#2 Halli hallo.

Dein Problem hört sich nicht nach einem Schädling an sondern eher nach Treiber Problemen. Hast du deinen SoundTreiber mal aktuallisiert?

PS: Für VISTA muss unbedingt die neue HJT Version2 verwendet werden!
__________
.
Gruß: Undoreal =>Bestes Anti-Viren Prog||Dateien suchen+finden||

#3 Hallo,

lade den Soundtreiber neu.
dann:
http://virus-protect.org/artikel/tools/processexplorer.html

1. Prozess Explorer runterladen
2. procexp.exe starten
3. File -> Save As... Procexp.txt
4. Procexp.txt - hier posten

--------

vielleicht hilft das weiter:
http://www.mce-community.de/forum/index.php?showtopic=19843&mode=linearplus
__________
MfG Sabina

rund um die PC-Sicherheit