Home » Viren, Trojaner & Malware Forum » Taskmgr weg, regedit durch Admin gesperrt ?! - HiJackThis » Themenansicht

Taskmgr weg, regedit durch Admin gesperrt ?! - HiJackThis

Thema ist geschlossen!
Thema ist geschlossen!
#0
31.10.2010, 15:12
volleyfabian
Member

Themenstarter

Beiträge: 36
#16 Ich habe alles regelgerecht ausgeführt - dann erschien ein fehler vom ComboFix. Es stand da "WARNUNG! Nicht manuell herunterfahren" usw.. Du wirst das ja kennen, allerdings stand diesmal darunter
""2." konnte nicht ausgeführt werden, da ein syntaktischer Fehler vorliegt."
Dann passierte nichts mehr. Absolut nichts mehr..und ja ich habe lange gewartet.. allerdings wurde es zwecklos und ich habe manuell neu gestartet per Strg+Alt+Entf.

Hier die Logdatei nach diesem Neustart:

ComboFix 10-10-30.05 - ALLE 31.10.2010 14:29:33.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.1022.409 [GMT 1:00]
ausgeführt von:: c:\users\ALLE\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\ALLE\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Avira AntiVir PersonalEdition *disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\System32\drivers\pjnhvnv.sys"
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_dvpni


((((((((((((((((((((((( Dateien erstellt von 2010-09-28 bis 2010-10-31 ))))))))))))))))))))))))))))))
.

2010-10-31 13:41 . 2010-10-31 13:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-30 07:51 . 2010-10-30 07:52 -------- d-----w- c:\users\ALLE\AppData\Roaming\GlarySoft
2010-10-30 07:51 . 2010-10-30 07:51 -------- d-----w- c:\program files\Absolute Uninstaller
2010-10-29 11:15 . 2010-10-31 13:59 -------- d-----w- c:\users\ALLE\AppData\Local\temp
2010-10-29 10:46 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFAF0AF5-C469-474E-B372-7F274DE85AA9}\mpengine.dll
2010-10-27 18:58 . 2010-10-27 18:58 -------- d-----w- C:\_OTL
2010-10-27 11:15 . 2010-10-27 11:15 -------- d-----w- c:\users\ALLE\AppData\Roaming\Malwarebytes
2010-10-27 11:15 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 11:15 . 2010-10-27 11:15 -------- d-----w- c:\programdata\Malwarebytes
2010-10-27 11:15 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-27 11:15 . 2010-10-27 11:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-26 10:43 . 2010-10-26 10:43 -------- d-----w- c:\program files\Avira
2010-10-26 10:43 . 2007-09-07 10:05 62016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-25 14:28 . 2010-10-25 14:28 -------- d-----w- c:\users\ALLE\AppData\Local\SKIDROW
2010-10-25 13:47 . 2010-10-25 13:47 -------- d-----w- c:\users\ALLE\AppData\Local\My Games
2010-10-25 13:21 . 2010-10-30 11:34 -------- d-----w- c:\program files\Sid Meier's Civilization V
2010-10-25 11:06 . 2010-10-25 11:06 -------- d-----w- c:\programdata\WindowsSearch
2010-10-20 22:12 . 2010-10-20 22:12 -------- d-----w- c:\windows\system32\EventProviders
2010-10-20 11:57 . 2010-10-20 11:57 -------- d-----w- c:\program files\Common Files\Java
2010-10-20 11:56 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-20 11:56 . 2010-04-12 15:29 411368 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-15 12:44 . 2010-10-15 12:44 -------- d-----w- c:\program files\Buka
2010-10-14 16:14 . 1997-08-27 16:17 6553 ----a-w- c:\program files\Microsoft Games\Age of Empires\SP.exe
2010-10-13 12:16 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 12:16 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 12:15 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 12:15 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 12:15 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 12:15 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 12:15 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-13 12:15 . 2010-08-10 15:02 274432 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 12:15 . 2010-06-28 16:15 1315840 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 12:15 . 2010-06-28 14:31 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-03 13:36 . 2010-10-21 19:46 -------- d-----w- c:\users\ALLE\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
2010-10-02 14:08 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-05-12 19:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-17 13:32 . 2010-09-15 13:31 126464 ----a-w- c:\windows\system32\spoolsv.exe
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Winload\tbWinl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-03 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\ALLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-13 691696]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-10 20968]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {26459BC1-F3E4-4126-9280-7428C45F3BF7} = 213.191.92.82 213.191.74.11
FF - ProfilePath - c:\users\ALLE\AppData\Roaming\Mozilla\Firefox\Profiles\xu4g2hc1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Winload Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-4292998420-3711059969-3473743363-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-31 15:02:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-10-31 14:02
ComboFix2.txt 2010-10-29 11:15

Vor Suchlauf: 15 Verzeichnis(se), 236.079.587.328 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 235.744.149.504 Bytes frei

- - End Of File - - 25A099BF54677D20E91998665224C2F5
Seitenanfang Seitenende
31.10.2010, 16:41
gangren
Member

Beiträge: 420
#17 Ja, passiert in letzter Zeit häufiger bei ComboFix.

1. Panda ActiveScan2.0
http://www.pandasecurity.com/homeusers/solutions/activescan/

Klicke auf Scan your PC now
Wähle Schneller Scan, klicke auf Jetzt scannen und folge den Anweisungen.
Am Ende des Scans wird eine Ergebnisseite angezeigt, oben rechts kann man die Ergebnisse in eine Textdatei speichern (Export In: ). Den Inhalt der Datei bitte posten.

2. Mache bitte ein Vollscan mit AntiVir.

3. Kontrollscan mit OTL: Starte bitte OTL, klicke auf Quick Scan und poste die OTL.txt (Extras.txt wird diesmal nicht benötigt).

4. Wie geht es dem Rechner?
Seitenanfang Seitenende
31.10.2010, 21:06
volleyfabian
Member

Themenstarter

Beiträge: 36
#18 Panda Active:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-10-31 21:03:42
PROTECTIONS: 1
MALWARE: 17
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Avira AntiVir PersonalEdition 7.0.0.2
Yes No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\alle@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\low\alle@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\alle@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\low\alle@atdmt[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\alle@tradedoubler[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\low\alle@tradedoubler[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\low\alle@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\alle@fastclick[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\alle@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\low\alle@mediaplex[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\alle@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\low\alle@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\alle@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\alle@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\low\alle@apmebf[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\low\alle@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\alle@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\alle@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\low\alle@bs.serving-sys[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\alle@weborama[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\alle@adtech[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\low\alle@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\low\alle@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\alle@advertising[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\alle@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\alle@bluestreak[2].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\low\alle@adviva[2].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\alle@adviva[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\low\alle@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\alle\appdata\roaming\microsoft\windows\cookies\alle@atwola[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================



zu 4. - der PC ist nur minimal schneller, kaum Unterschied.. lädt lange. Wenn er sich quasi an ein Bild gewöhnt hat, dann is alles gut, aber er muss es halt erstmal tun, ich hoffe du verstehst was ich meine ^^

2. + 3. kann ich erst morgen nachmittag machen.
Seitenanfang Seitenende
01.11.2010, 16:37
volleyfabian
Member

Themenstarter

Beiträge: 36
#19 So.. AntiVir hat ComboFix als fehlerhafte Datei erkannt. Ansonsten 1 verdächtige (ComboFix), 2 Dateien, die nicht durchsucht werden konnten sowie 3 Warnungen.
Nichts von diesen zeigt er mir an - ich kann lediglich die LogDatei aufrufen, die ich erstmal gespeichert habe, falls ich sie posten soll.
Ansonsten alles rein in den 384911 Dateien (woher auch immer so viele..)

Hier die OTL.Txt:

OTL logfile created on: 01.11.2010 16:31:14 - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\ALLE\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 396,00 Mb Available Physical Memory | 39,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 60,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 222,88 Gb Free Space | 47,85% Space Free | Partition Type: NTFS

Computer Name: ALLE-PC | User Name: ALLE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010.10.27 12:17:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ALLE\Desktop\OTL.exe
PRC - [2010.09.01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.06.03 19:41:32 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.05.22 12:56:26 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.05.13 10:19:27 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.09.11 08:40:26 | 000,214,056 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2007.08.31 11:25:13 | 000,249,896 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2007.08.28 12:16:15 | 000,063,016 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010.10.27 12:17:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ALLE\Desktop\OTL.exe
MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010.07.20 13:33:29 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 08:40:26 | 000,214,056 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2007.08.28 12:16:15 | 000,063,016 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ALLE\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.05.13 10:29:07 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.04.03 21:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.03.10 16:25:58 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.10.07 09:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009.10.07 09:47:55 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.10.07 09:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009.10.07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.06.30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008.01.19 06:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2007.09.17 10:24:55 | 000,048,448 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2007.09.07 11:05:12 | 000,062,016 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2007.03.01 09:34:30 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.02.27 14:25:04 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2003.12.01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.10.10 15:06:26 | 000,062,720 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2003.10.10 14:06:24 | 000,052,128 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.09.06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.17 11:30:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.20 12:56:44 | 000,000,000 | ---D | M]

[2010.05.12 12:51:17 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\mozilla\Extensions
[2010.08.13 11:16:40 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\mozilla\Firefox\Profiles\xu4g2hc1.default\extensions
[2010.08.13 11:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALLE\AppData\Roaming\mozilla\Firefox\Profiles\xu4g2hc1.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}-trash
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\ALLE\AppData\Roaming\Mozilla\FireFox\Profiles\xu4g2hc1.default\searchplugins\conduit.xml
[2010.08.13 08:26:53 | 000,003,915 | ---- | M] () -- C:\Users\ALLE\AppData\Roaming\Mozilla\FireFox\Profiles\xu4g2hc1.default\searchplugins\sweetim.xml
[2010.10.30 12:11:44 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.02 16:52:49 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.10.20 12:56:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.05.22 12:56:32 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.05.22 12:56:32 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.05.22 12:56:32 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.05.22 12:56:32 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.05.22 12:56:32 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.10.31 14:58:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\ALLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ALLE\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\ALLE\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.10.31 20:59:08 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010.10.31 20:58:43 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2010.10.31 14:58:50 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010.10.31 14:41:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.10.31 14:24:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.10.30 08:51:33 | 000,000,000 | ---D | C] -- C:\Users\ALLE\AppData\Roaming\GlarySoft
[2010.10.30 08:51:32 | 000,000,000 | ---D | C] -- C:\Programme\Absolute Uninstaller
[2010.10.29 12:15:45 | 000,000,000 | ---D | C] -- C:\Users\ALLE\AppData\Local\temp
[2010.10.29 11:58:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.10.29 11:58:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.10.29 11:58:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.10.29 11:58:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.10.29 11:49:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.10.27 19:58:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.10.27 19:57:10 | 000,472,064 | ---- | C] ( ) -- C:\Users\ALLE\Desktop\RootRepeal.exe
[2010.10.27 12:17:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\ALLE\Desktop\OTL.exe
[2010.10.27 12:15:55 | 000,000,000 | ---D | C] -- C:\Users\ALLE\AppData\Roaming\Malwarebytes
[2010.10.27 12:15:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.27 12:15:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.27 12:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.27 12:15:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.26 11:43:51 | 000,062,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.10.26 11:43:51 | 000,028,352 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.10.26 11:43:51 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.10.25 15:28:41 | 000,000,000 | ---D | C] -- C:\Users\ALLE\AppData\Local\SKIDROW
[2010.10.25 14:47:40 | 000,000,000 | ---D | C] -- C:\Users\ALLE\AppData\Local\My Games
[2010.10.25 14:47:27 | 000,000,000 | ---D | C] -- C:\Users\ALLE\Documents\My Games
[2010.10.25 14:21:44 | 000,000,000 | ---D | C] -- C:\Programme\Sid Meier's Civilization V
[2010.10.25 12:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.10.20 23:12:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.10.20 12:57:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.10.20 12:54:21 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.10.15 13:44:32 | 000,000,000 | ---D | C] -- C:\Programme\Buka
[2010.10.03 14:36:43 | 000,000,000 | ---D | C] -- C:\Users\ALLE\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.11.01 16:30:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.01 16:30:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.01 11:27:28 | 000,621,692 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.01 11:27:28 | 000,589,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.01 11:27:28 | 000,123,460 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.01 11:27:28 | 000,101,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.01 11:22:19 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.11.01 11:22:18 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.11.01 11:21:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.01 11:21:56 | 1072,160,768 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.31 20:58:28 | 000,178,640 | ---- | M] () -- C:\Users\ALLE\Desktop\activescan2_de.exe
[2010.10.31 14:58:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.10.31 14:24:50 | 003,896,613 | R--- | M] () -- C:\Users\ALLE\Desktop\ComboFix.exe
[2010.10.31 10:34:25 | 000,085,504 | ---- | M] () -- C:\Windows\MBR.exe
[2010.10.30 08:51:35 | 000,000,143 | ---- | M] () -- C:\Users\ALLE\Desktop\Glary Utilities Freeware.url
[2010.10.30 08:51:34 | 000,000,827 | ---- | M] () -- C:\Users\ALLE\Desktop\Absolute Uninstaller.lnk
[2010.10.29 17:49:15 | 000,032,256 | ---- | M] () -- C:\Users\ALLE\Desktop\Info-Blatt.doc
[2010.10.29 12:19:13 | 000,001,017 | ---- | M] () -- C:\Users\ALLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2010.10.27 20:05:51 | 000,000,000 | ---- | M] () -- C:\Users\ALLE\Desktop\settings.dat
[2010.10.27 12:17:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ALLE\Desktop\OTL.exe
[2010.10.27 12:15:45 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.25 14:37:24 | 000,007,168 | ---- | M] () -- C:\Users\ALLE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.25 11:15:18 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.10.13 16:11:50 | 000,333,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.03 14:57:19 | 000,000,035 | ---- | M] () -- C:\Windows\WorldBuilder.INI

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.10.31 20:58:23 | 000,178,640 | ---- | C] () -- C:\Users\ALLE\Desktop\activescan2_de.exe
[2010.10.30 08:51:35 | 000,000,143 | ---- | C] () -- C:\Users\ALLE\Desktop\Glary Utilities Freeware.url
[2010.10.30 08:51:34 | 000,000,827 | ---- | C] () -- C:\Users\ALLE\Desktop\Absolute Uninstaller.lnk
[2010.10.29 17:49:14 | 000,032,256 | ---- | C] () -- C:\Users\ALLE\Desktop\Info-Blatt.doc
[2010.10.29 12:19:13 | 000,001,017 | ---- | C] () -- C:\Users\ALLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2010.10.29 11:58:27 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.10.29 11:58:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.10.29 11:58:27 | 000,085,504 | ---- | C] () -- C:\Windows\MBR.exe
[2010.10.29 11:58:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.10.29 11:58:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.10.29 11:51:17 | 003,896,613 | R--- | C] () -- C:\Users\ALLE\Desktop\ComboFix.exe
[2010.10.27 20:05:51 | 000,000,000 | ---- | C] () -- C:\Users\ALLE\Desktop\settings.dat
[2010.10.27 12:15:45 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.25 11:15:18 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.10.03 16:46:25 | 000,007,168 | ---- | C] () -- C:\Users\ALLE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.03 14:57:19 | 000,000,035 | ---- | C] () -- C:\Windows\WorldBuilder.INI
[2010.09.22 18:13:13 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.09.13 19:18:51 | 000,000,296 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.08.18 18:42:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.07.16 12:52:52 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.05.13 13:03:54 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.05.13 13:03:50 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.05.12 13:23:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

[color=#E56717]========== LOP Check ==========[/color]

[2010.07.16 12:38:47 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\Atari
[2010.06.21 17:27:23 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\Big Fish Games
[2010.05.13 10:58:56 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\DAEMON Tools Lite
[2010.10.30 08:52:21 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\GlarySoft
[2010.05.27 15:33:00 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\gtk-2.0
[2010.10.31 18:41:13 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\ICQ
[2010.07.16 12:47:57 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\Leadertech
[2010.10.21 20:46:16 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010.05.12 14:01:26 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\OpenOffice.org
[2010.07.05 19:29:10 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\ProtectDISC
[2010.05.12 13:13:21 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\TuneUp Software
[2010.08.13 09:08:42 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\XnView
[2010.10.31 21:06:53 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



< End of report >
Seitenanfang Seitenende
04.11.2010, 10:45
volleyfabian
Member

Themenstarter

Beiträge: 36
#20 hallo? ist noch jemand da, der mir helfen kann?
Seitenanfang Seitenende
07.11.2010, 19:44
volleyfabian
Member

Themenstarter

Beiträge: 36
#21 seitdem ich die prgramme hab durchlaufen lasse - ist jetzt auch meine gerätetreibersoftware nicht installiert. soll ich das wieder tun?


und... wieso ist hier niemand mehr ???
Seitenanfang Seitenende
09.11.2010, 09:36
volleyfabian
Member

Themenstarter

Beiträge: 36
#22 seit 2 Tagen fängt mein Tower (schätze die Festplatte selbst) an sehr komisch zu knattern.
Außerdem arbeiter der PC auch, wenn gar kein Programm läuft. Er rattert und rattert und rattert.....
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12