Home » Viren, Trojaner & Malware Forum » Bootvorgang langsam, Virenscanner schaltet sich immer wieder ab, PC langsam » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Bootvorgang langsam, Virenscanner schaltet sich immer wieder ab, PC langsam

19.02.2010, 22:12

siggi666

Member

Beiträge: 39

#1 Hallo,
Seit einiger Zeit ist mein Rechner extrem langsam. Immer wieder hängen sich Programme beim Start auf (keine Rückmeldung). Auf eingaben reagiert der PC insgesamt sehr träge.
Virenscaner brechen meist beim scanen ab oder hängen sich auf.

Hier mal die Logdateien, hoffe ihr könnt mir helfen.

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3756
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

18.02.2010 20:20:42
mbam-log-2010-02-18 (20-20-42).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 133959
Laufzeit: 7 minute(s), 20 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-19 21:40:33
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOKUME~1\GREILB~1\LOKALE~1\Temp\pxtiipod.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF768087E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7680BFE]

Code 8674B530 pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.reloc C:\WINDOWS\system32\drivers\NDIS.sys section is executable [0x86697200, 0x32BAA, 0xE0000060]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6282360, 0x32DEFD, 0xE8000020]
? C:\DOKUME~1\GREILB~1\LOKALE~1\Temp\aujasnkj.sys Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[368] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EEBEC8
.text C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[368] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00EEBEB3
.text C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[368] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00EEBEAC
.text C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[368] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00EEBCC8
.text C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[368] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00EEBCC1
.text C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[368] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 00EEBEC1
.text C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[368] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00EEBECF
.text C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[368] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 00EEBB2C
.text C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[368] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 00EEBEBA
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 015CBEC8
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 015CBEB3
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 015CBEAC
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 015CBCC8
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 015CBCC1
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 015CBEC1
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 015CBECF
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 015CBB2C
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 015CBEBA
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FBBEC8
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FBBEB3
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FBBEAC
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FBBCC8
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FBBCC1
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 00FBBEC1
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00FBBECF
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 00FBBB2C
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 00FBBEBA
.text C:\WINDOWS\system32\lsass.exe[840] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D9BEC8
.text C:\WINDOWS\system32\lsass.exe[840] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D9BEB3
.text C:\WINDOWS\system32\lsass.exe[840] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D9BEAC
.text C:\WINDOWS\system32\lsass.exe[840] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D9BCC8
.text C:\WINDOWS\system32\lsass.exe[840] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D9BCC1
.text C:\WINDOWS\system32\lsass.exe[840] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 00D9BEC1
.text C:\WINDOWS\system32\lsass.exe[840] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00D9BECF
.text C:\WINDOWS\system32\lsass.exe[840] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 00D9BB2C
.text C:\WINDOWS\system32\lsass.exe[840] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 00D9BEBA
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008FBEC8
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008FBEB3
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008FBEAC
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008FBCC8
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008FBCC1
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 008FBEC1
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 008FBECF
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 008FBB2C
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 008FBEBA
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AEBEC8
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00AEBEB3
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00AEBEAC
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AEBCC8
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AEBCC1
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 00AEBEC1
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00AEBECF
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 00AEBB2C
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 00AEBEBA
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02FBBEC8
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02FBBEB3
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02FBBEAC
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02FBBCC8
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02FBBCC1
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 02FBBEC1
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 02FBBECF
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 02FBBB2C
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 02FBBEBA
.text C:\WINDOWS\system32\nvsvc32.exe[1276] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EEBEC8
.text C:\WINDOWS\system32\nvsvc32.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00EEBEB3
.text C:\WINDOWS\system32\nvsvc32.exe[1276] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00EEBEAC
.text C:\WINDOWS\system32\nvsvc32.exe[1276] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00EEBCC8
.text C:\WINDOWS\system32\nvsvc32.exe[1276] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00EEBCC1
.text C:\WINDOWS\system32\nvsvc32.exe[1276] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 00EEBEC1
.text C:\WINDOWS\system32\nvsvc32.exe[1276] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00EEBECF
.text C:\WINDOWS\system32\nvsvc32.exe[1276] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 00EEBB2C
.text C:\WINDOWS\system32\nvsvc32.exe[1276] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 00EEBEBA
.text C:\WINDOWS\system32\HPZipm12.exe[1288] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0099BEC8
.text C:\WINDOWS\system32\HPZipm12.exe[1288] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0099BEB3
.text C:\WINDOWS\system32\HPZipm12.exe[1288] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0099BEAC
.text C:\WINDOWS\system32\HPZipm12.exe[1288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 0099BCC8
.text C:\WINDOWS\system32\HPZipm12.exe[1288] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0099BCC1
.text C:\WINDOWS\system32\HPZipm12.exe[1288] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 0099BEC1
.text C:\WINDOWS\system32\HPZipm12.exe[1288] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 0099BECF
.text C:\WINDOWS\system32\HPZipm12.exe[1288] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 0099BB2C
.text C:\WINDOWS\system32\HPZipm12.exe[1288] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 0099BEBA
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D8BEC8
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D8BEB3
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D8BEAC
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D8BCC8
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D8BCC1
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 00D8BEC1
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00D8BECF
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 00D8BB2C
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 00D8BEBA
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[1304] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 08B8BEC8
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[1304] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 08B8BEB3
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[1304] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 08B8BEAC
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[1304] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 08B8BCC8
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[1304] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 08B8BCC1
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[1304] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 08B8BEC1
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[1304] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 08B8BECF
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[1304] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 08B8BB2C
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[1304] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 08B8BEBA
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E1BEC8
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E1BEB3
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E1BEAC
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E1BCC8
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E1BCC1
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 00E1BEC1
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00E1BECF
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 00E1BB2C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 00E1BEBA
.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011EBEC8
.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 011EBEB3
.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 011EBEAC
.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 011EBCC8
.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 011EBCC1
.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 011EBEC1
.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 011EBECF
.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 011EBB2C
.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 011EBEBA
.text C:\Programme\iTunes\iTunesHelper.exe[1888] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F2BEC8
.text C:\Programme\iTunes\iTunesHelper.exe[1888] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F2BEB3
.text C:\Programme\iTunes\iTunesHelper.exe[1888] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F2BEAC
.text C:\Programme\iTunes\iTunesHelper.exe[1888] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F2BCC8
.text C:\Programme\iTunes\iTunesHelper.exe[1888] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F2BCC1
.text C:\Programme\iTunes\iTunesHelper.exe[1888] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 00F2BEC1
.text C:\Programme\iTunes\iTunesHelper.exe[1888] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00F2BECF
.text C:\Programme\iTunes\iTunesHelper.exe[1888] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 00F2BB2C
.text C:\Programme\iTunes\iTunesHelper.exe[1888] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 00F2BEBA
.text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[2864] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0102BEC8
.text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[2864] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0102BEB3
.text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[2864] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0102BEAC
.text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[2864] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 0102BCC8
.text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[2864] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0102BCC1
.text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[2864] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 0102BEC1
.text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[2864] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 0102BECF
.text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[2864] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 0102BB2C
.text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[2864] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 0102BEBA
? C:\WINDOWS\System32\svchost.exe[3412] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[3412] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1504BEC8
.text C:\WINDOWS\System32\svchost.exe[3412] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 1504BEB3
.text C:\WINDOWS\System32\svchost.exe[3412] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1504BEAC
.text C:\WINDOWS\System32\svchost.exe[3412] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 1504BCC8
.text C:\WINDOWS\System32\svchost.exe[3412] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 1504BCC1
.text C:\WINDOWS\System32\svchost.exe[3412] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 1504BEC1
.text C:\WINDOWS\System32\svchost.exe[3412] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1504BECF
.text C:\WINDOWS\System32\svchost.exe[3412] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 1504BB2C
.text C:\WINDOWS\System32\svchost.exe[3412] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 1504BEBA
? C:\WINDOWS\System32\svchost.exe[3448] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[3448] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0E24BEC8
.text C:\WINDOWS\System32\svchost.exe[3448] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0E24BEB3
.text C:\WINDOWS\System32\svchost.exe[3448] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0E24BEAC
.text C:\WINDOWS\System32\svchost.exe[3448] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 0E24BCC8
.text C:\WINDOWS\System32\svchost.exe[3448] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0E24BCC1
.text C:\WINDOWS\System32\svchost.exe[3448] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 0E24BEC1
.text C:\WINDOWS\System32\svchost.exe[3448] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 0E24BECF
.text C:\WINDOWS\System32\svchost.exe[3448] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 0E24BB2C
.text C:\WINDOWS\System32\svchost.exe[3448] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 0E24BEBA
? C:\WINDOWS\System32\svchost.exe[3676] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[3676] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0EF4BEC8
.text C:\WINDOWS\System32\svchost.exe[3676] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0EF4BEB3
.text C:\WINDOWS\System32\svchost.exe[3676] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0EF4BEAC
.text C:\WINDOWS\System32\svchost.exe[3676] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 0EF4BCC8
.text C:\WINDOWS\System32\svchost.exe[3676] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0EF4BCC1
.text C:\WINDOWS\System32\svchost.exe[3676] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 0EF4BEC1
.text C:\WINDOWS\System32\svchost.exe[3676] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 0EF4BECF
.text C:\WINDOWS\System32\svchost.exe[3676] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 0EF4BB2C
.text C:\WINDOWS\System32\svchost.exe[3676] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 0EF4BEBA
.text C:\WINDOWS\system32\wbem\unsecapp.exe[4672] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C0BEC8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[4672] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C0BEB3
.text C:\WINDOWS\system32\wbem\unsecapp.exe[4672] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C0BEAC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[4672] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C0BCC8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[4672] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C0BCC1
.text C:\WINDOWS\system32\wbem\unsecapp.exe[4672] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 00C0BEC1
.text C:\WINDOWS\system32\wbem\unsecapp.exe[4672] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00C0BECF
.text C:\WINDOWS\system32\wbem\unsecapp.exe[4672] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 00C0BB2C
.text C:\WINDOWS\system32\wbem\unsecapp.exe[4672] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 00C0BEBA
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4828] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0099BEC8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4828] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0099BEB3
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4828] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0099BEAC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4828] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 0099BCC8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4828] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0099BCC1
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4828] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 0099BEC1
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4828] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 0099BECF
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4828] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 0099BB2C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4828] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 0099BEBA
.text C:\WINDOWS\System32\alg.exe[4844] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A3BEC8
.text C:\WINDOWS\System32\alg.exe[4844] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A3BEB3
.text C:\WINDOWS\System32\alg.exe[4844] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A3BEAC
.text C:\WINDOWS\System32\alg.exe[4844] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A3BCC8
.text C:\WINDOWS\System32\alg.exe[4844] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A3BCC1
.text C:\WINDOWS\System32\alg.exe[4844] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 00A3BEC1
.text C:\WINDOWS\System32\alg.exe[4844] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00A3BECF
.text C:\WINDOWS\System32\alg.exe[4844] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 00A3BB2C
.text C:\WINDOWS\System32\alg.exe[4844] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 00A3BEBA
.text C:\WINDOWS\system32\wscntfy.exe[5220] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0094BEC8
.text C:\WINDOWS\system32\wscntfy.exe[5220] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0094BEB3
.text C:\WINDOWS\system32\wscntfy.exe[5220] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0094BEAC
.text C:\WINDOWS\system32\wscntfy.exe[5220] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 0094BCC8
.text C:\WINDOWS\system32\wscntfy.exe[5220] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0094BCC1
.text C:\WINDOWS\system32\wscntfy.exe[5220] kernel32.dll!SearchPathW 7C80E8DC 5 Bytes JMP 0094BEC1
.text C:\WINDOWS\system32\wscntfy.exe[5220] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 0094BECF
.text C:\WINDOWS\system32\wscntfy.exe[5220] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 0094BB2C
.text C:\WINDOWS\system32\wscntfy.exe[5220] kernel32.dll!SearchPathA 7C826A01 5 Bytes JMP 0094BEBA

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 9B8401C7
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 46E90043
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001AA
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00439B84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01AA38E8
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] AC0FE856
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8B55C300
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 10C48308
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 8B55C35D
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 75FF0C75
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] B108E808
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 458B0001
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] F0A4E800
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] E8F07589
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0001A906
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 8D0875FF
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [00439B90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 001D67E8
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 0001F156
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 560004C2
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 006AF18B
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 4E8D016A
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] E800439B
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 000022DD
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] E95ECE8B
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 0001A999
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] E8F18B56
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] FFFFFFDB
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 082444F6
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 56077401
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 01AB68E8
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 0004C25E
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 9B9C01C7
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] BCE90043
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 56FFFFFF
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [00439B9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFAEE8
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 2444F6FF
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] AB3BE856
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] B8046A00
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00433E58] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 01F009E8
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 7D8BF075
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] DEE85708
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 830001A8
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8300FC65
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [00439B90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 001CC7E8
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 0001F0B6
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830004C2
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 60830020
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0A8B0004
IAT C:\WINDOWS\System32\svchost.exe[3412] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04728B56
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 9B8401C7
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 46E90043
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001AA
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00439B84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01AA38E8
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] AC0FE856
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8B55C300
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 10C48308
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 8B55C35D
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 75FF0C75
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] B108E808
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 458B0001
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] F0A4E800
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] E8F07589
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0001A906
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 8D0875FF
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [00439B90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 001D67E8
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 0001F156
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 560004C2
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 006AF18B
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 4E8D016A
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] E800439B
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 000022DD
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] E95ECE8B
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 0001A999
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] E8F18B56
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] FFFFFFDB
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 082444F6
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 56077401
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 01AB68E8
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 0004C25E
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 9B9C01C7
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] BCE90043
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 56FFFFFF
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [00439B9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFAEE8
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 2444F6FF
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] AB3BE856
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] B8046A00
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00433E58] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 01F009E8
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 7D8BF075
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] DEE85708
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 830001A8
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8300FC65
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [00439B90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 001CC7E8
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 0001F0B6
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830004C2
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 60830020
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0A8B0004
IAT C:\WINDOWS\System32\svchost.exe[3448] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04728B56
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 9B8401C7
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 46E90043
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001AA
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00439B84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01AA38E8
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] AC0FE856
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8B55C300
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 10C48308
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 8B55C35D
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 75FF0C75
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] B108E808
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 458B0001
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] F0A4E800
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] E8F07589
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0001A906
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 8D0875FF
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [00439B90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 001D67E8
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 0001F156
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 560004C2
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 006AF18B
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 4E8D016A
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] E800439B
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 000022DD
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] E95ECE8B
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 0001A999
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] E8F18B56
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] FFFFFFDB
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 082444F6
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 56077401
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 01AB68E8
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 0004C25E
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 9B9C01C7
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] BCE90043
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 56FFFFFF
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [00439B9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFAEE8
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 2444F6FF
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] AB3BE856
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] B8046A00
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00433E58] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 01F009E8
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 7D8BF075
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] DEE85708
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 830001A8
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8300FC65
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [00439B90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 001CC7E8
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 0001F0B6
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830004C2
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 60830020
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0A8B0004
IAT C:\WINDOWS\System32\svchost.exe[3676] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04728B56

---- Devices - GMER 1.0.15 ----

Device \Driver\NDIS \Device\Ndis [8669E982] NDIS.sys[.reloc]

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\dllcache\cache\ndis.sys (size mismatch) 182656/182912 bytes executable
File C:\WINDOWS\system32\dllcache\ndis.sys (size mismatch) 212480/182912 bytes executable
File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 212480/182912 bytes executable

---- EOF - GMER 1.0.15 ----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:47, on 19.02.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\Dokumente und Einstellungen\Greilberger\Desktop\Protectus\HJT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: updater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231177889265
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V5 AdobeActiveFileMonitor5.0Alerter (AdobeActiveFileMonitor5.0Alerter) - Unknown owner - C:\\\\WINDOWS\\\\TEMP\\\\nfvoeqmbdf.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca00104fe199e) (gupdate1ca00104fe199e) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6983 bytes

Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 2.1
Adobe Reader 8.1.0 - Deutsch
Adobe Shockwave Player 11.5
AFPL Ghostscript 8.53
AFPL Ghostscript Fonts
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5
Athlon 64 Processor Driver
AudioBurst FX for Winamp
AutoCAD 2010 - Deutsch
AutoCAD 2010 - Deutsch
Autodesk DWF Viewer 7
Avanquest update
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon CanoScan Toolbox 4.1
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.2
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
ClearProg 1.5.0 Final
Cole2k Media - Nero Audio Plugin Pack
Compatibility Pack for the 2007 Office system
CorelDRAW Graphics Suite 12
DiscAPI (Studio 10)
DivX
EVEREST Home Edition v2.20
FreePDF XP (Remove only)
Google Earth
Google Update Helper
Google Updater
Helium Music Manager 2009 (build 6910)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
HP Deskjet 5900 series
HP Image Zone 5.0
HP Imaging Device Functions 5.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 German Language Pack
Microsoft .NET Framework 3.0 German Language Pack
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Monkey's Audio
Mp3tag v2.43
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
MusicBrainz Picard 0.11
Nero 7 Ultra Edition
NVIDIA Drivers
OmniPage SE
Picasa 3
Pinnacle Instant DVD Recorder
Pinnacle MediaServer
QuickTime
RAPID (Studio 10)
Realtek High Definition Audio Driver
RedMon - Redirection Port Monitor
SeaTools for Windows
Segoe UI
Shareaza 2.4.0.0
Sicherheitsupdate für Windows XP (KB923789)
SmartSound Quicktracks Plugin
Sony Ericsson Media Manager 1.2
Sony Ericsson PC Suite 4.010.00
Spybot - Search & Destroy
Studio 10
System Requirements Lab
Uniblue RegistryBooster 2010
Update für Windows XP (KB932823-v3)
VIA Plattform-Geräte-Manager
VideoLAN VLC media player 0.8.6d
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VoiceOver Kit
Winamp
Windows Internet Explorer 8
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live-Uploadtool
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (DEU)
WinRAR
XML Paper Specification Shared Components Language Pack 1.0

Danke schon mal für die Hilfe.

20.02.2010, 00:18

Swisstreasure

Moderator

Beiträge: 5694

#2 Hallo und Willkommen auf Protecus.de

Sehen wir uns dein System einmal genauer an, ob es an Malware liegt.
Bitte arbeite jeden Schritt der Reihe nach ab.
Sollte es Probleme geben, stoppen und hier so genau als möglich berichten.
Bitte alles in Deinen Admin Konto ausführen, nicht in einen eingeschränkten Benutzerkonto.

Vista und Win7 User: Bitte alle Tools mit Rechtsklick: als Admin Starten ausführen.

Schritt 1

Java aktualisieren

Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.

Downloade nun die Offline-Version von Java (Java SE Runtime Environment (JRE) 6 Update 18) von SUN. Wenn Du auf Download geklickt hast, erscheint eine Seite, wo Du das Betriebssystem auswählen musst (also Windows) und ein Häkchen bei "I agree" setzen musst. Dann auf den Button "Continue" klicken. Dort die jre-6u18-windows-i586.exe downloaden und anschließend installieren, eventuell angebotene Toolbars nicht mitinstallieren.

Schritt 2

C:\Programme\Bonjour\mDNSResponder.exe

Bei Dir läuft Bonjour, welches von Apple ungefragt z. B. bei iTunes oder Safari-Browser mitinstalliert wird. Das Programm wird von vielen Usern gar nicht gebraucht. Ich habe bei Wikipedia ausführliche Informationen zu dem Programm Bonjour gefunden und beschreibe Dir im Anschluss, wie man das Programm wieder deinstallieren kann, falls das über den normalen Weg Systemsteuerung - Software nicht möglich ist. Solltest Du es nicht brauchen, bitte zunächst versuchen, es über Systemsteuerung => Software zu deinstallieren. Sollte das nicht möglich sein, fahre wie folgt fort:

• Start => ausführen => dort reinschreiben: services.msc => OK => es öffnet sich das "Dienste"-Fenster.
"Bonjour Dienst" in der Liste auswählen und "Beenden" ausführen.
• Kommandozeile öffnen: Start => ausführen => cmd reinschreiben
und ins Verzeichnis "<Systemvolume>\Programme\Bonjour" wechseln,
z. B. mit dem Kommando: cd "C:\Programme\Bonjour"
• Folgendes Kommando eingeben: mDNSResponder -remove
• Danach kannst Du den Ordner C:\Programme\Bonjour löschen.

Wenn das so nicht klappt, gehe auf diese Seite, lade Dir lspfix.zip runter und entpacke das Archiv auf Deinen Desktop. Wenn Du kein Zip-Programm hast, kannst Du auch LSPFix.exe und spfix.txt runterladen. Starte LSPFix.exe, schiebe mit dem >>-Button die mdnsnsp.dll nach rechts, da sie muss raus, hake "I know what i'm doing" an und klicke auf "Finish". Rechner neu starten. Der Ordner C:\Programme\Bonjour\ sollte sich nun löschen lassen.

Schritt 3

Teatimer abstellen

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

Schritt 4

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

>Doppelklick auf die OTL.exe
-->Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
>Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
>Unter Extra Registry, wähle bitte Use SafeList
>Klicke nun auf Run Scan links oben
>Wenn der Scan beendet wurde werden 2 Logfiles erstellt
>Poste die Logfiles in Code-Tags hier in den Thread.

20.02.2010, 13:43

siggi666

Member

Themenstarter

Beiträge: 39

#3 So hier mal die gewünschten OTL-Logfiles.

Code

OTL logfile created on: 20.02.2010 13:26:19 - Run 1
OTL by OldTimer - Version 3.1.30.1     Folder = C:\Dokumente und Einstellungen\Greilberger\Desktop\Protectus
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 490,00 Mb Available Physical Memory | 48,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 33,58 Gb Free Space | 60,08% Space Free | Partition Type: NTFS
Drive D: | 55,89 Gb Total Space | 11,00 Gb Free Space | 19,68% Space Free | Partition Type: NTFS
Drive E: | 298,08 Gb Total Space | 92,88 Gb Free Space | 31,16% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GREILPC001
Current User Name: Greilberger
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Dokumente und Einstellungen\Greilberger\Desktop\Protectus\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Programme\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - c:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe (Pinnacle Systems)
PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Dokumente und Einstellungen\Greilberger\Desktop\Protectus\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\sfc_os.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\sfc.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (AdobeActiveFileMonitor5.0Alerter) --  File not found
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (iPod Service) -- C:\Programme\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (gupdate1ca00104fe199e) Google Update Service (gupdate1ca00104fe199e) -- C:\Programme\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc) -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (PinnacleSys.MediaServer) -- c:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe (Pinnacle Systems)
SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (MSSQL$PINNACLESYS) -- C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$PINNACLESYS) -- C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (Point32) -- C:\WINDOWS\system32\drivers\point32.sys (Microsoft Corporation)
DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (MSICPL) -- C:\WINDOWS\system32\msicpl.dll (MSI)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (FETNDIS) -- C:\WINDOWS\system32\drivers\fetnd5.sys (VIA Technologies, Inc.              )
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C 2F 94 6B C3 A6 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B5 8C 51 05 C2 E2 A7 40 AB 00 E9 55 BE D8 6E 33  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2010.02.20 00:03:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Greilberger\Startmenü\Programme\Autostart\updater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 63 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (DLM Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231177889265 (WUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Greilberger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Greilberger\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.08 21:37:59 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.01.20 19:55:50 | 000,000,087 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.02.20 13:16:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.02.20 13:16:16 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2010.02.20 13:15:47 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010.02.20 13:15:47 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.02.20 13:15:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.02.20 13:15:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.02.20 13:15:47 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.02.20 01:47:25 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Greilberger\Recent
[2010.02.20 01:47:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.02.19 23:53:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.02.19 23:51:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.02.18 19:51:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.02.18 19:51:30 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.02.18 19:51:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.02.18 19:18:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Greilberger\Desktop\Protectus
[2010.02.17 22:50:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ctfmon.exe.backup
[2010.02.17 22:50:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe.backup
[2010.02.16 23:40:21 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.02.16 23:37:37 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.02.15 20:59:17 | 000,466,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF25832.exe
[2010.02.12 22:54:16 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.02.06 00:24:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2010.02.06 00:23:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Greilberger\Anwendungsdaten\SUPERAntiSpyware.com
[2010.02.05 21:31:14 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2010.02.04 21:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.02.04 21:48:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.02.04 19:49:30 | 000,134,656 | ---- | C] (Yqaphymeog) -- C:\dxayligu.exe
[2010.02.04 19:22:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Greilberger\Anwendungsdaten\Uniblue
[2010.02.04 19:03:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Greilberger\Desktop\Neuer Ordner
[2010.01.23 18:59:00 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010.01.23 18:54:43 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.01.23 18:54:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
[2010.01.21 19:24:44 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.01.21 19:24:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2009.11.04 23:19:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.09.15 18:21:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.07.08 22:18:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2009.07.08 22:06:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2009.01.20 20:16:13 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2009.01.20 20:09:41 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2005.05.11 23:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.02.20 13:24:02 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.02.20 13:24:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.02.20 13:23:54 | 000,191,924 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.02.20 13:23:45 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.02.20 13:23:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.02.20 13:23:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.02.20 13:22:29 | 010,747,904 | ---- | M] () -- C:\Dokumente und Einstellungen\Greilberger\NTUSER.DAT
[2010.02.20 13:22:29 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Greilberger\ntuser.ini
[2010.02.20 13:15:29 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.02.20 13:15:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.02.20 13:15:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.02.20 13:15:29 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.02.20 13:15:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010.02.20 00:03:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.02.20 00:03:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.02.19 02:46:07 | 1072,250,880 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010.02.18 19:47:15 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.02.18 16:26:49 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\Greilberger\Desktop\Hypo Group Alpe Adria.url
[2010.02.17 22:50:45 | 000,024,064 | ---- | M] (Gerhard Schlager) -- C:\WINDOWS\System32\dllcache\ctfmon.exe
[2010.02.17 22:50:45 | 000,024,064 | ---- | M] (Gerhard Schlager) -- C:\WINDOWS\System32\ctfmon.exe
[2010.02.17 00:19:17 | 000,000,357 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.02.16 23:42:42 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.02.16 23:40:19 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.02.15 20:59:09 | 000,466,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF25832.exe
[2010.02.15 18:57:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.02.12 23:10:48 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.02.08 12:32:33 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.02.06 00:04:16 | 000,385,773 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100217-002140.backup
[2010.02.05 18:59:59 | 000,000,827 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.02.05 18:59:59 | 000,000,305 | -HS- | M] () -- C:\boot.ini
[2010.02.05 18:41:55 | 002,111,722 | -H-- | M] () -- C:\Dokumente und Einstellungen\Greilberger\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.02.04 22:02:58 | 000,134,656 | ---- | M] (Yqaphymeog) -- C:\dxayligu.exe
[2010.02.04 20:13:17 | 000,461,994 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.02.04 20:13:16 | 000,480,482 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.02.04 20:13:16 | 000,093,158 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.02.04 20:13:16 | 000,079,656 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.02.04 20:13:15 | 001,130,882 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.02.04 20:01:32 | 000,000,053 | ---- | M] () -- C:\biosinfo
[2010.02.04 19:52:56 | 000,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010.02.04 19:52:20 | 000,266,247 | ---- | M] () -- C:\xbxpi.exe
[2010.02.04 19:42:19 | 002,807,717 | ---- | M] () -- C:\Dokumente und Einstellungen\Greilberger\Startmenü\Programme\Autostart\updater.exe
[2010.02.04 16:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010.01.31 10:21:01 | 000,282,624 | ---- | M] () -- C:\Dokumente und Einstellungen\Greilberger\Desktop\Albert Einstein.doc
[2010.01.30 20:43:15 | 000,011,776 | ---- | M] () -- C:\Dokumente und Einstellungen\Greilberger\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.30 20:28:14 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.30 20:19:48 | 000,000,349 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PCLECHAL.INI
[2010.01.29 20:25:50 | 001,269,760 | ---- | M] () -- C:\WINDOWS\System32\c_0qD_.dll
[2010.01.27 12:59:08 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.02.15 21:02:17 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.02.15 21:02:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.02.12 22:54:58 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.02.08 12:32:33 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.02.05 21:23:17 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.02.05 18:39:25 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.02.04 22:27:00 | 000,000,357 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.02.04 20:39:22 | 000,004,586 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\2A015ECB-4C69-46B1-851B-33E51FF39189.txt
[2010.02.04 20:39:20 | 000,005,422 | ---- | C] () -- C:\Dokumente und Einstellungen\Greilberger\Lokale Einstellungen\Anwendungsdaten\2A015ECB-4C69-46B1-851B-33E51FF39189.txt
[2010.02.04 19:49:33 | 000,266,247 | ---- | C] () -- C:\xbxpi.exe
[2010.02.04 19:40:08 | 002,807,717 | ---- | C] () -- C:\Dokumente und Einstellungen\Greilberger\Startmenü\Programme\Autostart\updater.exe
[2010.01.31 09:25:47 | 000,282,624 | ---- | C] () -- C:\Dokumente und Einstellungen\Greilberger\Desktop\Albert Einstein.doc
[2010.01.29 20:25:50 | 001,269,760 | ---- | C] () -- C:\WINDOWS\System32\c_0qD_.dll
[2009.10.08 22:11:01 | 000,002,828 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2009.10.08 22:11:01 | 000,000,088 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5AEC23BED5.sys
[2009.09.29 22:30:21 | 001,286,848 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009.07.03 19:35:42 | 000,000,110 | ---- | C] () -- C:\WINDOWS\asquared.ini
[2009.02.27 19:02:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009.02.27 16:20:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009.02.21 21:59:51 | 000,000,443 | ---- | C] () -- C:\WINDOWS\capture.ini
[2009.02.18 00:17:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.02.12 23:48:15 | 000,011,776 | ---- | C] () -- C:\Dokumente und Einstellungen\Greilberger\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.20 20:12:45 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2009.01.20 19:55:50 | 000,001,289 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2009.01.20 19:30:41 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2009.01.20 19:30:41 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2009.01.20 19:30:41 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2009.01.20 19:30:41 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2009.01.20 19:30:41 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2009.01.14 21:19:09 | 000,000,509 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009.01.09 18:51:00 | 000,000,083 | ---- | C] () -- C:\Dokumente und Einstellungen\Greilberger\Lokale Einstellungen\Anwendungsdaten\FASTWiz.log
[2009.01.08 23:06:58 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.01.08 22:37:57 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Greilberger\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.01.08 22:28:30 | 000,000,848 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2009.01.08 19:17:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2009.01.08 19:14:42 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2009.01.08 19:14:42 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2006.06.01 10:22:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.06.01 10:22:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.06.01 10:22:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.06.01 10:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.06.01 10:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.06.01 10:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005.07.29 19:38:24 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2005.04.27 23:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005.04.27 23:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005.03.02 12:12:14 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004.07.17 10:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 16 bytes -> D:\Shareaza Downloads:Shareaza.GUID
< End of report >

und das zweite.

Code

OTL Extras logfile created on: 20.02.2010 13:26:19 - Run 1
OTL by OldTimer - Version 3.1.30.1     Folder = C:\Dokumente und Einstellungen\Greilberger\Desktop\Protectus
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 490,00 Mb Available Physical Memory | 48,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 33,58 Gb Free Space | 60,08% Space Free | Partition Type: NTFS
Drive D: | 55,89 Gb Total Space | 11,00 Gb Free Space | 19,68% Space Free | Partition Type: NTFS
Drive E: | 298,08 Gb Total Space | 92,88 Gb Free Space | 31,16% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GREILPC001
Current User Name: Greilberger
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5031:UDP" = 5031:UDP:LocalSubNet:Enabled:AVM TAPI Services for FRITZ!Box - UDP 5031
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Pinnacle\Studio 10\programs\RM.exe" = C:\Programme\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems, Inc.)
"C:\Programme\Pinnacle\Studio 10\programs\Studio.exe" = C:\Programme\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Programme\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Programme\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Programme\Pinnacle\Studio 10\programs\umi.exe" = C:\Programme\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems, Inc.)
"C:\Programme\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Programme\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)
"C:\Programme\MusicBrainz Picard\picard.exe" = C:\Programme\MusicBrainz Picard\picard.exe:*:Enabled:The next generation MusicBrainz tagger -- ()
"C:\Programme\Shareaza\Shareaza.exe" = C:\Programme\Shareaza\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing -- (Shareaza Development Team)
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{460CE8B9-6EC2-458A-90D4-691631ECE9D9}" = Pinnacle MediaServer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5783F2D7-8001-0407-0002-0060B0CE6BBA}" = AutoCAD 2010 - Deutsch
"{5783F2D7-8001-0407-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - Deutsch
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{70AB1576-7883-2313-C650-7A71270B1031}" = Nero 7 Ultra Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{79546A5F-AE7C-4693-8670-A3401B43ABD2}" = HP Deskjet 5900 series
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{8234A27D-C5A4-4F84-8718-3BF34BCFC89F}" = JourneySoftwarePromo
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5222E5A-13CB-4C98-9F5C-21CF6896A25C}" = HPDeskjet5900Series
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI (Studio 10)
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{C9BB0122-EB81-4C55-AF0E-39B9925E08CF}}_is1" = Helium Music Manager 2009 (build 6910)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PINNACLESYS)
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID (Studio 10)
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AudioBurst" = AudioBurst FX for Winamp
"AutoCAD 2010 - Deutsch" = AutoCAD 2010 - Deutsch
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"ClearProg" = ClearProg 1.5.0 Final
"Cole2k Media - Nero Audio Plugin Pack" = Cole2k Media - Nero Audio Plugin Pack
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 2.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Photo & Imaging" = HP Image Zone 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monkey's Audio_is1" = Monkey's Audio
"Mp3tag" = Mp3tag v2.43
"MusicBrainz Picard" = MusicBrainz Picard 0.11
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Shareaza_is1" = Shareaza 2.4.0.0
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 18.02.2010 15:30:03 | Computer Name = GREILPC001 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung GMER.exe, Version 1.0.15.15281, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 18.02.2010 17:57:46 | Computer Name = GREILPC001 | Source = ESENT | ID = 489
Description = wuauclt (7052) Versuch, Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
 für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess
 kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet 
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 18.02.2010 17:57:46 | Computer Name = GREILPC001 | Source = ESENT | ID = 455
Description = wuaueng.dll (7052) SUS20ClientDataStore: Fehler -1032 (0xfffffbf8)
 beim Öffnen von Protokolldatei C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
 
Error - 19.02.2010 16:45:55 | Computer Name = GREILPC001 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung HJT.exe, Version 2.0.0.2, Stillstandmodul 
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 19.02.2010 16:46:51 | Computer Name = GREILPC001 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung HJT.exe, Version 2.0.0.2, Stillstandmodul 
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 19.02.2010 16:47:46 | Computer Name = GREILPC001 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung HJT.exe, Version 2.0.0.2, Stillstandmodul 
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 19.02.2010 16:49:18 | Computer Name = GREILPC001 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 19.02.2010 16:52:02 | Computer Name = GREILPC001 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung HJT.exe, Version 2.0.0.2, Stillstandmodul 
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 19.02.2010 16:54:39 | Computer Name = GREILPC001 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 20.02.2010 08:02:22 | Computer Name = GREILPC001 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spybotsd.exe, Version 1.6.2.46, fehlgeschlagenes
 Modul spybotsd.exe, Version 1.6.2.46, Fehleradresse 0x00001c9f.
 
[ OSession Events ]
Error - 05.10.2009 16:54:43 | Computer Name = GREILPC001 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 878
 seconds with 840 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 20.02.2010 06:52:30 | Computer Name = GREILPC001 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GMSIPCI  MSICPL  NTACCESS  SetupNTGLM7X  sptd
 
Error - 20.02.2010 07:53:38 | Computer Name = GREILPC001 | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 20.02.2010 07:53:50 | Computer Name = GREILPC001 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Sony Ericsson Device 0016 USB WMC Device Management s 
(WDM)Controller" wurde mit folgendem Fehler beendet:   %%126
 
Error - 20.02.2010 07:54:00 | Computer Name = GREILPC001 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GMSIPCI  MSICPL  NTACCESS  SetupNTGLM7X  sptd
 
Error - 20.02.2010 08:07:35 | Computer Name = GREILPC001 | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 20.02.2010 08:07:43 | Computer Name = GREILPC001 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Sony Ericsson Device 0016 USB WMC Device Management s 
(WDM)Controller" wurde mit folgendem Fehler beendet:   %%126
 
Error - 20.02.2010 08:07:55 | Computer Name = GREILPC001 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GMSIPCI  MSICPL  NTACCESS  SetupNTGLM7X  sptd
 
Error - 20.02.2010 08:23:47 | Computer Name = GREILPC001 | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 20.02.2010 08:23:54 | Computer Name = GREILPC001 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Sony Ericsson Device 0016 USB WMC Device Management s 
(WDM)Controller" wurde mit folgendem Fehler beendet:   %%126
 
Error - 20.02.2010 08:24:00 | Computer Name = GREILPC001 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GMSIPCI  MSICPL  NTACCESS  SetupNTGLM7X  sptd
 
 
< End of report >

20.02.2010, 19:33

Swisstreasure

Moderator

Beiträge: 5694

#4 Also schädliches sehe ich nicht. Kann man die Programme eingrenzen welche Probleme machen?

Systempartition mit chkdsk überprüfen und reparieren

• 1. Klicke auf Start => Ausführen
• 2. Tippe ein cmd und bestätige mit ok, die Konsole öffnet sich.
Bei Vista:
Im Suchfeld cmd eingeben, STRG+Shift-Tasten gedrückt halten und Enter drücken
- dadurch wird die Kommandozeile im Admin-Modus gestartet.
• 3. Tippe dort ein: chkdsk %systemdrive% /f /r /v und bestätige mit Enter.
• 4. Die folgende Abfrage mit j bestätigen und Enter drücken.
• 5. Windows neu starten,
es sollte ein Hinweis auf eine geplante Datenträgerüberprüfung erscheinen
- die Zeit verstreichen lassen, keine Taste drücken!! -
• 6. Abwarten bis der Vorgang abgeschlossen ist.
Bei großen Partitionen kann es u. U. recht lange dauern.
Windows bootet automatisch neu.
In der Ereignisanzeige (Start => ausführen => eventvwr.msc (reinschreiben) => OK) müsstest Du einen Eintrag mit Quelle Winlogon sehen (evtl. auch mehrere), die Dir eine Zusammenfassung von chkdsk geben. Schau nach Fehlern bzw. fehlerhaften Blöcken und - sofern diese vorhanden sind - poste diese.

• Eset Online Scanner (NOD32)
• Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
• Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
• Voraussetzung: Internet Explorer (IE) 5.0 oder höher
• Haken bei "YES, I accept the Terms of Use" machen
• Start
• ActiveX-Steuerelement installieren
• Start
• Signaturen werden heruntergeladen
• Haken machen bei "Remove found threads"
• Haken machen bei "Remove found threads" und "Scan unwanted applications"
• Scan
• Scanende
• Browser schließen
• Explorer öffnen
• C:\Programme\EsetOnlineScanner\log.txt
• Log hier posten
• Deinstallation: Systemsteuerung => Software => Eset Online Scanner entfernen.
• mit HJT folgenden Eintrag fixen:
• O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}

20.02.2010, 22:58

siggi666

Member

Themenstarter

Beiträge: 39

#5 so hier mal das Log vom Eset Scan

Code

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b6e5a1ce48c0444ba8ca9832bb3faffb
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-20 09:52:22
# local_time=2010-02-20 10:52:22 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 4005 4005 0 0
# scanned=149732
# found=128
# cleaned=82
# scan_time=3450
C:\dxayligu.exe    Win32/Spy.Zbot.UN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\xbxpi.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\AcDelTree.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\setup.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\Msi\WindowsInstaller-KB893803-v2-x86.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\Msi\WindowsServer2003-KB942288-v4-ia64.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\Msi\WindowsServer2003-KB942288-v4-x64.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\Msi\WindowsServer2003-KB942288-v4-x86.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\Msi\WindowsXP-KB942288-v3-x86.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Common Files\Autodesk Shared\AcHelp.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Common Files\Autodesk Shared\mtstack16.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Common Files\Autodesk Shared\AcShellEx\AcLauncher.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Root\AcSignApply.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Root\addplwiz.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Root\AdRefMan.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Root\AdSubAware.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Root\DwgCheckStandards.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Root\HPSETUP.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Root\pc3exe.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Root\senddmp.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Root\sfxfe32.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Root\slidelib.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Root\styexe.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Root\styshwiz.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Root\Common Files Folder\Autodesk Shared\AdLM\R1\LMU.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Root\Express\dumpshx.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Program Files\Root\Locked\acad.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Setup\AcDelTree.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Setup\Setup.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\acad\Windows\System32\AcSignOpt.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\support\CADManager\en-US\Program Files\Autodesk\CAD Manager Tools\AdPM.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\support\CADManager\en-US\Program Files\Autodesk\CAD Manager Tools\CMControl.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\support\CADManagerControl\en-US\CMControl.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\support\DirectX\DXSETUP.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\support\dotnetfx\wcu\dotNetFramework\dotNetFx35setup.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\support\dotnetfx\wcu\dotNetFramework\dotNetFX30\WIC_x86_enu.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\support\dotnetfx\wcu\dotNetFramework\dotNetFX30\XPSEPSC-x86-en-US.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\support\dotnetfx\wcu\dotNetFramework\dotNetFX35\x86\dotnetfx35langpack_x86_1028.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\Autodesk\AutoCAD_2010_English_Win_32bit_SLD\x86\support\dotnetfx\wcu\dotNetFramework\dotNetFX35\x86\dotnetfx35langpack_x86_1031.exe    Win32/TrojanDownloader.Small.OUC trojan (cleaned - quarantined)    00000000000000000000000000000000    C
C:\ComboFix\CF15291.cfxxe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Dokumente und Einstellungen\Greilberger\Desktop\Neuer Ordner\SUPERAntiSpyware.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Dokumente und Einstellungen\Greilberger\Desktop\Protectus\mbam-setup.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Dokumente und Einstellungen\Greilberger\Startmenü\Programme\Autostart\updater.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\Adobe\Adobe Help Center\ahc.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe    Win32/Polip virus (deleted (after the next restart) - quarantined)    00000000000000000000000000000000    C
C:\Programme\Avanquest update\CheckLiveUpdate.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\Avanquest update\LiveUpdateLauncher.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\Avanquest update\RunAs.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\Canon\CAL\CALMAIN.exe    Win32/Polip virus (deleted (after the next restart) - quarantined)    00000000000000000000000000000000    C
C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\Canon\EOS Utility\EOS Utility.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\Gemeinsame Dateien\Adobe\Updater\AdobeUpdater.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\gs\uninstgs.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\HP\Digital Imaging\bin\hpqdirec.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\HP\Digital Imaging\bin\hpqvpswp.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\HP\Digital Imaging\Unload\HpqUnSet.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\Internet Explorer\ExtExport.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\Internet Explorer\Connection Wizard\icwconn1.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\Programme\Internet Explorer\Connection Wizard\icwconn2.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\Programme\Macromedia\Dreamweaver 8\Dreamweaver.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\Monkey's Audio\MAC.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\MP3Gain\mp3gain.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\MP3Gain\MP3GainGUI.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\Mp3tag\Mp3tag.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\NetMeeting\conf.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\Programme\Outlook Express\msimn.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\Programme\Outlook Express\oemig50.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\Programme\Outlook Express\wab.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\Programme\QuickTime\QTTask.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\VideoLAN\VLC\vlc.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\Windows Media Player\dlimport.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\Windows Media Player\wmplayer.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\Programme\Windows Media Player\wmsetsdk.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\Windows NT\dialer.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\Programme\Windows NT\Pinball\PINBALL.EXE    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\Qoobox\Quarantine\C\WINDOWS\ALCMTR.EXE.vir    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\WINDOWS\IsUn0407.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\WINDOWS\notepad.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\regedit.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\RtlUpd.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\WINDOWS\SkyTel.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\WINDOWS\SOUNDMAN.EXE    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\WINDOWS\inf\unregmp2.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\accwiz.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\calc.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\CF25832.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\WINDOWS\system32\cmd.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\cscript.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\freecell.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\HPZipm12.exe    Win32/Polip virus (deleted (after the next restart) - quarantined)    00000000000000000000000000000000    C
C:\WINDOWS\system32\ie4uinit.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\logon.scr    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\logonui.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\migpwd.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
C:\WINDOWS\system32\mobsync.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\mqtgsvc.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\mshearts.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\mshta.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\msiexec.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\mspaint.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\mstsc.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\notepad.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\nslookup.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\nvsvc32.exe    Win32/Polip virus (deleted (after the next restart) - quarantined)    00000000000000000000000000000000    C
C:\WINDOWS\system32\rasphone.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\rdpclip.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\rdshost.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\sndvol32.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\sol.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\sysocmgr.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\taskmgr.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\tourstart.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\tscupgrd.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\wiaacmgr.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\winmine.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\wscript.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\wuauclt.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\wbem\wmiadap.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\wbem\wmic.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
C:\WINDOWS\system32\wbem\wmiprvse.exe    Win32/Polip virus (unable to clean)    00000000000000000000000000000000    I
D:\!Ralph\Tool's\Installation und Update Jana Server 2 2.5.0.111.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
D:\!Ralph\Tool's\MAC_406.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
D:\!Ralph\Tool's\Security\spybotsd162.exe    Win32/Polip virus (deleted - quarantined)    00000000000000000000000000000000    C
${Memory}    Win32/Polip virus    00000000000000000000000000000000    I

21.02.2010, 13:34

Swisstreasure

Moderator

Beiträge: 5694

#6 Woher hast Du: AutoCAD

Hier bleibt Dir nichts anderes übrig, als das ganze System neu aufzusetzen:

Windows XP neu aufsetzen

Nimm den Rechner vom Netz. Nimm Dir Zeit und besorge Dir vorab alles, was Du brauchst. Zur Hand haben solltest Du Deine Windows-CD, die Treiber vom Motherboard und von der Grafikkarte und evtl. nötige Treiber für spezielle Tastaturen. Falls auf Deiner Installations-CD nicht vorhanden, besorge Dir unbedingt vorher Service Pack 2 sowie Service Pack 3 und ein Anti-Virus-Programm (Freeware z. B.: AntiVir - AVG Antivirus Free Edition - Avast4). Installiere SP2 und das Anti-Virus-Programm auf jeden Fall, bevor Du das erste Mal mit dem neu aufgesetzen Rechner online gehst!

Hier einige Links, die Dir bei der Neuinstallation hilfreich sein können. Drucke eine Anleitung aus, damit Du sie zur Hand hast, falls bei der Installation Fragen auftauchen.

• WindowsXP Installation
• Wie setze ich den PC/Laptop neu auf? von Affa
• Bebilderte Anleitung zum Neuaufsetzen von Affa als druckbare PDF-Version
=> Diese Anleitung am besten vorher ausdrucken!
• Windows XP Home neu installieren von Microsoft

Bevor Du mit der Neuinstallation beginnst, sichere Deine persönlichen Daten wie Dokumente, Bilder, Lesezeichen (Favoriten), Musik auf ein externes Medium (CD, DVD oder externe Festplatte), aber keine ausführbaren Programme sichern, wie beispielsweise Dateien mit den Endungen .exe, .dll, .vbs, .bat, .com oder .scr (das sind umbenannte .exe als Bildsschirmschoner). Schreibe Dir evtl. spezielle Einstellungen genau auf. Zugangsdaten und Passwörter wirst Du vermutlich notiert haben

. Nach dem Formatieren ist alles weg! Wenn Dein Rechner mit einer Backdoor, einem Passwort-Stealer oder einem Keylogger infiziert war, bitte neue Passwörter benutzen. Wenn Du das alles erledigt hast, kannst Du die Windows-CD einlegen und die Festplatte neu formatieren und Windows installieren. Beim Formatieren solltest Du Dein Windows auf einer separaten Partition speichern, dazu reichen ca. 10/15 GB. Der erste Weg im Netz sollte Dich zur Windows-Update-Seite führen. Lasse benutzerdefiniert nach verfügbaren Updates/Patches suchen und installiere alle angebotenen Patches und wiederhole das so oft, bis Dir nichts mehr angeboten wird. Außerdem solltest Du beim Installieren von neuer Software unbedingt darauf achten, dass Du "benutzerdefiniert" installierst, und Toolbars und sonstige "Sponsoren"-Software nicht mitinstallierst, also per Haken rausnehmen abwählst!

Treiber-Installation - Reihenfolge

1. Windows installieren
2. Chipsatztreiber installieren
3. Soundkartentreiber installieren (falls vorhanden)
4. Grafikkartentreiber installieren
5. weitere Treiber für Peripheriegeräte installieren (falls vorhanden)
6. DirectX installieren
7. Anti-Virus-Programm installieren
8. Fehlende Windows-Updates online installieren
9. Service Packs installieren.

Falls Du noch Fragen hast, gerne

Linkliste für die Druckversion:

• http://www.microsoft.com/downloads/details.aspx?displaylang=de&FamilyID=049c9dbe-3b8e-4f30-8245-9e368d3cdb5a
• http://www.microsoft.com/downloads/details.aspx?displaylang=de&FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4
• http://www.free-av.de/
• http://free.avg.de/
• http://www.avast.com/ger/avast_4_home.html
• http://www.timetraveler.ch/xp.html
• http://forum.hijackthis.de/showthread.php?p=65671
• http://image.hijackthis.eu/anleitungen/PC.neu.aufsetzen.pdf
• http://derbilk.de/malware/1_anleitungen_neuaufsetzen.php
• http://support.microsoft.com/kb/896526/DE/
• http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=de
• http://www.microsoft.com/directx

21.02.2010, 21:55

siggi666

Member

Themenstarter

Beiträge: 39

#7 Hallo,

Sind ja keine guten Nachrichten :-(
AutoCAD läuft eigentlich schon länger auf diesem Rechner und hat bisher auch keine Probleme gemacht. Angefangen hat es erst vor kurzem. IE-Explorer ist ewig langsam usw.

Aber wenn wirklich nichts zu machen ist werd ich mich wohl oder übel an die Arbeit machen und den PC neu aufsetzen.

Aber trotzdem vielen Dank für die Hilfe und die Mühe, wenn in diesem Fall auch vergebens.

Gruss Siggi

21.02.2010, 22:42

Swisstreasure

Moderator

Beiträge: 5694

#8 Es deutet alles auf eine File Infector hin mit Backdoor:

Da Dein Computer mit einer sog. Backdoor (Hintertür) infiziert ist, lies Dir diesen Beitrag sehr aufmerksam durch. Eine Backdoor versteckt sich durch ein Rootkit. Backdoors verursachen diverse Schäden in Windows und erlauben dem Angreifer die komplette Kontrolle über das infizierte System zu übernehmen. Sei Dir bewusst, dass der Angreifer neue Schädlinge bei Bedarf "nachladen" kann, dass er Tastatur-Eingaben mitloggen kann, dass er Programme ausführen kann und/oder sehen kann, was auf Deinem Bildschirm passiert. Daher lautet meine dringende Empfehlung, zu formatieren und Windows neu zu installieren. Das Thema wird sehr kontrovers diskutiert, aber viele Experten aus der "Security Comunity" sind sicher, dass ein einmal mit einer Backdoor infiziertes System auch nach einer Bereiniung nicht wieder als vertrauenswürdig anzusehen ist, denn es ist nicht das Gefährliche, was wir sehen, sondern das, was wir nicht sehen.

Eine weitere Gefahr bei dieser Art von Infektion ist der Identitätsklau, denn diese Art von Schädling kann alle Deine Passwörter stehlen, E-Mail-Daten, Bankdaten, Karten-Nummern usw. durch Mitloggen der Tastatur-Eingaben ausspionieren. Mit diesem System auf keinen Fall mehr Online-Banking, Filesharing, Mailing oder Messaging betreiben. Keine Up- und Downloads, außer auf Security-Seiten. Es ist daher eine gute Idee, alle auf diesem System gespeicherten oder benutzten Passwörter von einem garantiert sauberen Rechner aus durch neue Passwörter zu ersetzen.

Bitte trenne den Computer während der Neuinstallation oder Bereinigung vom Internet (Netz und WLAN), denn wenn der Computer am Netz angeschlossen ist, kann der Angreifer das System weiter modifizieren und vorbeugende Maßnahmen treffen, damit eine Bereinigung so manipuliert wird, dass Fixes nicht so ausgeführt werden, wie vorgesehen.

Tiefergehende Informationen zu diesem Thema findest Du bei Gehen Sie sicher ins Internet.

21.02.2010, 23:12

siggi666

Member

Themenstarter

Beiträge: 39

#9 Ich werde deine Rat befolgen und den Rechner neu aufsetzen.
Danke dir nochmal für Rat und Tat.

Gruss Siggi

21.02.2010, 23:16

Swisstreasure

Moderator

Beiträge: 5694

#10 Gern geschehen

22.02.2010, 13:39

siggi666

Member

Themenstarter

Beiträge: 39

#11 Eine Frage noch,

da ich den Rechner schon neu aufsetzen muß, macht es Sinn Windows zweimal auf verschiedenen Partitionen zu installieren. Eine zum surfen und eine eben zum arbeiten?

Oder gibt es Freewaretool's mit denen ich ein Image von meinem neuen System ziehen kann (incl. Windows) das ich dann bei Bedarf mit allen Programmen wieder einfach aufspielen kann. Sozusagen eine Insatallation mit allen Programmen in einem Rutsch.

Gruss Siggi

22.02.2010, 18:08

Swisstreasure

Moderator

Beiträge: 5694

#12 Nein, mach einfach zwei Benutzerkonten. Eines mit Admin Rechte. Dies brauchst Du nur für Installationen und Einstellungen. Und das andere mit eingeschränkten Rechten zum surfen

22.02.2010, 19:28

siggi666

Member

Themenstarter

Beiträge: 39

#13 OK, Danke.

Werd mir jetzt mühsam den Rechner wieder aufsetzen.

Gruss Siggi

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1