Win32:CTX nicht entdeckt!

Dieses Thema Win32:CTX nicht entdeckt! im Forum "Viren, Trojaner, Spyware etc." wurde erstellt von zauberbarni, 23. Apr. 2010.

Status des Themas:
Es sind keine weiteren Antworten möglich.

Thema: Win32:CTX nicht entdeckt! Hallo, ich habe Windows 7 Ultimate (Build 7600) und mir gestern den Win32:CTX Virus eingefangen. Das vermute ich...

  1. Hallo,
    ich habe Windows 7 Ultimate (Build 7600) und mir gestern den Win32:CTX Virus eingefangen. Das vermute ich zumindest nach ein wenig Recherche ganz stark, der Virus wurde weder von Avira, noch von avast, noch von Kaspersky entdeckt!!!


    Im Verzeichnis C:\Users\...\AppData\Local\Temp waren folgende Dateien:

    Ctw.exe
    Ctx.exe
    sshnas21.dll


    Im Autostart waren zwei neue Befehle aktiviert:

    Systemstartelement: Canaveral
    Befehl: rundll32.exe C:\Users\...\AppData\Local\Temp\sshnas21.dll,BackupReadW

    Systemstartelement: YVIBBBHA8C
    Befehl: C:\Users\...\AppData\Local\Temp\Ctx.exe


    Am Anfang ging der IE immer von alleine auf. Immer neue Fenster, die aber geschlossen werden konnten. sshnas21.dll konnte ich löschen, aber Ctw.exe und Ctx.exe erst im abgesicherten Modus. Die Autostart Einträge aktivieren sich auch nicht mehr automatisch. Jetzt kann ich zwar Fenster und Programme öffnen, aber es lassen sich nach einiger Zeit kaum Funktionen mehr ausführen. HijackThis konnte ich aber noch laufen lassen.
    Ich habe übrigens normalerweise nur Avira zu laufen. Habe es dann deaktiviert, avast versucht, dann avast deaktiviert, Kaspersky versucht.

    Was kann ich tun, bleibt etwa nur noch Neuinstallation?

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:30:39, on 23.4.10
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Avast5\AvastUI.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ActiveSMART 2.8\ActiveSMART.exe
    C:\Program Files\Opera10usb\OperaUSB.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O4 - HKLM\..\Run: [avast5] C:\Program Files\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User->LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User->LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User->NETZWERKDIENST')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User->NETZWERKDIENST')
    O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
    O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
    O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra->Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O13 - Gopher Prefix: 
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: ???-?,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
    O23 - Service: ActiveSMART Service - Ariolic Software, Ltd. ([url]http://www.ariolic.com[/url]) - C:\Program Files\ActiveSMART 2.8\ASmartService.exe
    O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast5\AvastSvc.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe
    O23 - Service: dlcc_device - Unknown owner - C:\Windows\system32\dlcccoms.exe
    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v10\System\VC10SecS.exe
    
    --
    End of file - 7655 bytes
    
     
  2. Habe beide Programme im abgesicherten Modus ausgeführt.

    Wie postet man so etwas am besten? Bereits bei der ersten Datei gibt's die Meldung: Beitrag hat die max. Länge erreicht (20000 Zeichen).

    Hier Teil1 von OTL.txt
    Code:
    OTL logfile created on: 24.4.10 12:52:54 - Run 1
    OTL by OldTimer - Version 3.2.2.0   Folder = C:\Users\barni\Desktop
     Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yy
     
    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 50,10 Gb Total Space | 8,72 Gb Free Space | 17,40% Space Free | Partition Type: NTFS
    Drive D: | 182,78 Gb Total Space | 14,84 Gb Free Space | 8,12% Space Free | Partition Type: NTFS
    Drive E: | 203,69 Gb Total Space | 32,12 Gb Free Space | 15,77% Space Free | Partition Type: FAT32
    Drive F: | 30,01 Gb Total Space | 22,52 Gb Free Space | 75,06% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive L: | 465,75 Gb Total Space | 26,49 Gb Free Space | 5,69% Space Free | Partition Type: NTFS
    Drive M: | 465,75 Gb Total Space | 2,87 Gb Free Space | 0,62% Space Free | Partition Type: NTFS
    Drive N: | 465,75 Gb Total Space | 219,27 Gb Free Space | 47,08% Space Free | Partition Type: NTFS
    Drive O: | 931,51 Gb Total Space | 137,83 Gb Free Space | 14,80% Space Free | Partition Type: NTFS
    Drive P: | 931,51 Gb Total Space | 4,39 Gb Free Space | 0,47% Space Free | Partition Type: NTFS
     
    Computer Name: BARNI-PC
    Current User Name: barni
    Logged in as Administrator.
     
    Current Boot Mode: SafeMode with Networking
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal
     
    [color=#E56717]========== Processes (SafeList) ==========[/color]
     
    PRC - C:\Users\barni\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
    PRC - C:\Programme\Opera\opera.exe (Opera Software)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
     
     
    [color=#E56717]========== Modules (SafeList) ==========[/color]
     
    MOD - C:\Users\barni\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
     
     
    [color=#E56717]========== Win32 Services (SafeList) ==========[/color]
     
    SRV - (avast! Web Scanner) -- C:\Program Files\Avast5\AvastSvc.exe (ALWIL Software)
    SRV - (avast! Mail Scanner) -- C:\Program Files\Avast5\AvastSvc.exe (ALWIL Software)
    SRV - (avast! Antivirus) -- C:\Program Files\Avast5\AvastSvc.exe (ALWIL Software)
    SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
    SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
    SRV - (VC10SecS) -- C:\Programme\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
    SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
    SRV - (ActiveSMART Service) -- C:\Programme\ActiveSMART 2.8\ASmartService.exe (Ariolic Software, Ltd. ([url]http://www.ariolic.com[/url]))
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
    SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
    SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
    SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
    SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
    SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
    SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
    SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
    SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
    SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
    SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
    SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
    SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
    SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
    SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
    SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
    SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    SRV - (CoordinatorServiceHost) -- C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.)
    SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
    SRV - (AcronisOSSReinstallSvc) -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe ()
    SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
    SRV - (dlcc_device) -- C:\Windows\System32\dlcccoms.exe ()
     
     
    [color=#E56717]========== Driver Services (SafeList) ==========[/color]
     
    DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
    DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
    DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
    DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
    DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
    DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
    DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
    DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
    DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
    DRV - (vdrv1000) -- C:\Windows\System32\drivers\vdrv1000.sys (H+H Software GmbH)
    DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
    DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
    DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
    DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
    DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
    DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
    DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
    DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
    DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
    DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
    DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
    DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
    DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
    DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
    DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
    DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
    DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
    DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
    DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
    DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
    DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
    DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
    DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
    DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
    DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
    DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
    DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
    DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
    DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
    DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
    DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
    DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
    DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
    DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
    DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
    DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
    DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
    DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
    DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
    DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
    DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
    DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
    DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
    DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
    DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
    DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
    DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
    DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
    DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
    DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
    DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
    DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
    DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
    DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
    DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
    DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
    DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
    DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
    DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
    DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
    DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
    DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
    DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
    DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
    DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
    DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
    DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
    DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
    DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
    DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
    DRV - (HH10Help.sys) -- C:\Windows\System32\drivers\HH10Help.sys (H+H Software GmbH)
    DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
    DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
    DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
    DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
    DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
    DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
    DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
    DRV - (VD_FileDisk) -- C:\Windows\System32\drivers\vd_filedisk.sys (Flint Incorporation)
    DRV - (ECS_Loader_220) -- C:\Windows\System32\drivers\ECS_Loader_220.sys (WideView Technology Inc.)
    DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
    DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.)
    DRV - (ROB_V) -- C:\Windows\System32\drivers\rob_v.sys (Pinnacle Systems GmbH)
    DRV - (ROB_A) -- C:\Windows\System32\drivers\rob_a.sys (Pinnacle Systems GmbH)
     
     
    
     
  3. Teil2 von OTL.txt
    Code:
    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
     
     
    [color=#E56717]========== Internet Explorer ==========[/color]
     
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [url]http://de.msn.com/?ocid=iehp[/url]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 0D F4 C2 29 E2 CA 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0
     
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.10.14 09:38:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.27 18:24:20 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.23 07:56:06 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.02.27 18:24:20 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.04.23 07:55:21 | 000,000,000 | ---D | M]
     
    [2010.04.23 07:56:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
    [2010.04.23 07:56:08 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
    [2010.02.27 18:36:01 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    [2009.08.24 21:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
    [2009.08.24 21:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
    [2009.08.24 21:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
    [2009.08.24 21:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
    [2009.08.24 21:25:19 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
     
    O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programme\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O4 - HKLM..\Run: [avast5] C:\Program Files\Avast5\avastUI.exe (ALWIL Software)
    O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
    O8 - Extra context menu item: &Download All by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm ()
    O8 - Extra context menu item: &Download by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm ()
    O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra->Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab[/url] (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab[/url] (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab[/url] (Java Plug-in 1.6.0_16)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url] (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (⫵佦ᘴ-퉨) - File not found
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
    O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2010.01.03 18:04:02 | 000,000,000 | ---D | M] - L:\autorun -- [ NTFS ]
    O32 - AutoRun File - [2006.11.03 13:58:30 | 000,000,038 | -H-- | M] () - L:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2010.01.03 18:03:52 | 000,000,000 | RH-D | M] - M:\autorun -- [ NTFS ]
    O32 - AutoRun File - [2002.10.17 10:56:50 | 000,000,036 | RH-- | M] () - M:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2010.02.28 12:35:35 | 000,000,000 | RH-D | M] - N:\autorun -- [ NTFS ]
    O32 - AutoRun File - [2002.10.17 10:56:50 | 000,000,036 | RH-- | M] () - N:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2008.07.03 22:47:27 | 000,011,381 | ---- | M] () - N:\autosave.win.bak -- [ NTFS ]
    O32 - AutoRun File - [2010.02.28 12:35:36 | 000,000,000 | RH-D | M] - O:\autorun -- [ NTFS ]
    O32 - AutoRun File - [2002.10.17 10:56:50 | 000,000,036 | RH-- | M] () - O:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2009.07.16 23:37:41 | 000,000,062 | ---- | M] () - P:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- %1 %*
    O35 - HKLM\..exefile [open] -- %1 %*
    O37 - HKLM\...com [@ = comfile] -- %1 %*
    O37 - HKLM\...exe [@ = exefile] -- %1 %*
     
    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
     
    [2010.04.23 17:30:05 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
    [2010.04.23 07:54:56 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
    [2010.04.23 07:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2010.04.23 07:54:26 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
    [2010.04.23 07:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
    [2010.04.22 18:44:24 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2010.04.22 18:44:23 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2010.04.22 18:44:22 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2010.04.22 18:44:20 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2010.04.22 18:44:17 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2010.04.22 18:43:39 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
    [2010.04.22 18:43:39 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
    [2010.04.22 18:43:35 | 000,000,000 | ---D | C] -- C:\Programme\Avast5
    [2010.04.22 18:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010.04.22 18:16:53 | 000,000,000 | ---D | C] -- C:\Programme\iGrafx
    [2010.04.22 18:12:17 | 000,000,000 | ---D | C] -- C:\iGrafx2009
    [2010.04.22 18:12:17 | 000,000,000 | ---D | C] -- \iGrafx2009
    [2010.04.19 19:30:56 | 000,000,000 | ---D | C] -- C:\Programme\pcwEmptyFolder
    [2010.04.18 17:10:00 | 000,000,000 | ---D | C] -- C:\Programme\TVAnts
    [2010.04.18 13:36:25 | 000,000,000 | ---D | C] -- C:\Programme\Veetle
    [2010.04.17 14:58:11 | 000,000,000 | ---D | C] -- C:\Programme\BilderHerunterlader
    [2010.04.15 07:43:28 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2010.04.15 07:43:27 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2010.04.15 07:43:26 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
    [2010.04.10 15:36:13 | 000,000,000 | ---D | C] -- C:\Programme\SopCast
    [2010.04.05 10:07:01 | 000,000,000 | ---D | C] -- C:\Programme\RAR Password Recovery Magic
    [2010.04.04 20:56:25 | 000,000,000 | R--D | C] -- C:\Programme\Skype
    [2010.04.04 20:56:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
    [2010.04.04 20:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2010.03.31 10:53:04 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2010.03.31 10:53:03 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2010.03.31 10:53:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
     
    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
     
    [2010.04.24 12:45:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010.04.24 12:45:15 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
    [2010.04.24 12:44:03 | 003,932,160 | -HS- | M] () -- C:\Users\barni\NTUSER.DAT
    [2010.04.24 12:31:36 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010.04.24 12:31:36 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2010.04.24 12:31:24 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    [2010.04.24 12:31:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010.04.23 17:35:53 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010.04.23 17:35:53 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010.04.23 07:55:55 | 000,108,059 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
    [2010.04.23 07:55:55 | 000,095,259 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
    [2010.04.23 07:54:26 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
    [2010.04.22 23:16:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3912725596-1158882458-684769505-1002UA.job
    [2010.04.22 22:34:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010.04.22 20:06:05 | 002,266,276 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010.04.22 20:06:05 | 000,666,534 | ---- | M] () -- C:\Windows\System32\perfh019.dat
    [2010.04.22 20:06:05 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2010.04.22 20:06:05 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010.04.22 20:06:05 | 000,128,694 | ---- | M] () -- C:\Windows\System32\perfc019.dat
    [2010.04.22 20:06:05 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2010.04.22 20:06:05 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010.04.22 18:44:24 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2010.04.22 18:44:17 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2010.04.22 16:16:01 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3912725596-1158882458-684769505-1002Core.job
    [2010.04.22 15:31:46 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
    [2010.04.22 15:28:41 | 000,000,162 | ---- | M] () -- C:\Windows\ODBC.INI
    [2010.04.16 12:35:29 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2010.04.14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
    [2010.04.14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
    [2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2010.04.14 18:31:23 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2010.04.04 21:00:53 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
    [2010.04.04 20:56:26 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
     
    
     
  4. Teil3 von OTL.txt
    Code:
    [color=#E56717]========== Files Created - No Company Name ==========[/color]
     
    [2010.04.23 07:55:55 | 000,108,059 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
    [2010.04.23 07:55:55 | 000,095,259 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
    [2010.04.22 18:44:24 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2010.04.22 16:18:36 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    [2010.04.22 16:18:30 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2010.04.22 15:28:41 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010.04.16 12:35:28 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2010.04.04 21:00:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010.04.04 20:56:26 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010.02.11 07:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2010.02.09 16:16:30 | 000,128,272 | R--- | C] () -- C:\Windows\System32\Lfkodak.dll
    [2010.02.09 16:15:54 | 000,344,336 | R--- | C] () -- C:\Windows\System32\Lffpx7.dll
    [2009.12.14 14:23:26 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
    [2009.12.14 14:23:25 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
    [2009.11.23 13:08:52 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
    [2009.10.23 15:56:50 | 000,015,360 | R--- | C] () -- C:\Windows\System32\ibfs32.dll
    [2009.10.22 17:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
    [2009.10.20 14:40:54 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2009.10.15 00:43:57 | 000,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
    [2009.10.14 21:49:02 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2009.10.14 21:49:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009.10.14 16:00:16 | 000,000,330 | ---- | C] () -- C:\Windows\ULEAD32.INI
    [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009.04.14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
    [2008.05.04 18:39:34 | 000,002,560 | ---- | C] () -- C:\Windows\System32\ViaClassCoInstaller.dll
    [2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
    [2007.08.21 20:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\System32\zlib.dll
    [2005.07.22 21:47:20 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlccinsb.dll
    [2005.07.22 21:47:14 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcccub.dll
    [2005.07.22 21:47:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcccu.dll
    [2005.07.22 21:47:06 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlccins.dll
    [2005.07.22 21:45:22 | 000,430,080 | ---- | C] () -- C:\Windows\System32\dlccutil.dll
    [2005.06.29 10:41:10 | 000,110,592 | ---- | C] () -- C:\Windows\System32\dlccinsr.dll
    [2005.06.29 10:41:10 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcccur.dll
    [2005.06.29 10:40:58 | 000,131,072 | ---- | C] () -- C:\Windows\System32\dlccjswr.dll
    [2005.06.21 22:27:56 | 000,638,976 | ---- | C] () -- C:\Windows\System32\dlccpmui.dll
    [2005.06.21 22:27:02 | 001,183,744 | ---- | C] () -- C:\Windows\System32\dlccserv.dll
    [2005.06.21 22:22:06 | 000,483,328 | ---- | C] () -- C:\Windows\System32\dlcclmpm.dll
    [2005.06.21 22:21:40 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlcccomm.dll
    [2005.06.21 22:19:48 | 000,114,688 | ---- | C] () -- C:\Windows\System32\dlccpplc.dll
    [2005.06.21 22:18:58 | 000,704,512 | ---- | C] () -- C:\Windows\System32\dlcccomc.dll
    [2005.06.21 22:18:24 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlccprox.dll
    [2005.06.21 22:12:48 | 001,134,592 | ---- | C] () -- C:\Windows\System32\dlccusb1.dll
    [2005.06.21 22:09:22 | 000,770,048 | ---- | C] () -- C:\Windows\System32\dlcchbn3.dll
    [2005.06.06 17:58:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcccfg.dll
    [2005.03.30 17:19:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlccvs.dll
    [2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
    < End of report >
    
     
  5. So wie Du es angefangen hast, in Teilen posten. Is nervig, ich weiß, geht aber leider nicht anders.
     
  6. Teil1 von Extras.Txt
    Code:
    OTL Extras logfile created on: 24.4.10 12:52:54 - Run 1
    OTL by OldTimer - Version 3.2.2.0   Folder = C:\Users\barni\Desktop
     Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yy
     
    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 50,10 Gb Total Space | 8,72 Gb Free Space | 17,40% Space Free | Partition Type: NTFS
    Drive D: | 182,78 Gb Total Space | 14,84 Gb Free Space | 8,12% Space Free | Partition Type: NTFS
    Drive E: | 203,69 Gb Total Space | 32,12 Gb Free Space | 15,77% Space Free | Partition Type: FAT32
    Drive F: | 30,01 Gb Total Space | 22,52 Gb Free Space | 75,06% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive L: | 465,75 Gb Total Space | 26,49 Gb Free Space | 5,69% Space Free | Partition Type: NTFS
    Drive M: | 465,75 Gb Total Space | 2,87 Gb Free Space | 0,62% Space Free | Partition Type: NTFS
    Drive N: | 465,75 Gb Total Space | 219,27 Gb Free Space | 47,08% Space Free | Partition Type: NTFS
    Drive O: | 931,51 Gb Total Space | 137,83 Gb Free Space | 14,80% Space Free | Partition Type: NTFS
    Drive P: | 931,51 Gb Total Space | 4,39 Gb Free Space | 0,47% Space Free | Partition Type: NTFS
     
    Computer Name: BARNI-PC
    Current User Name: barni
    Logged in as Administrator.
     
    Current Boot Mode: SafeMode with Networking
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal
     
    [color=#E56717]========== Extra Registry (SafeList) ==========[/color]
     
     
    [color=#E56717]========== File Associations ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
     
    [color=#E56717]========== Shell Spawning ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- %1 %*
    cmdfile [open] -- %1 %*
    comfile [open] -- %1 %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe %1,%* (Microsoft Corporation)
    exefile [open] -- %1 %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- C:\Program Files\Microsoft Office\Office12\msohtmed.exe %1 (Microsoft Corporation)
    htmlfile [print] -- C:\Program Files\Microsoft Office\Office12\msohtmed.exe /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe %1 (Microsoft Corporation)
    piffile [open] -- %1 %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- %1
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- %1 /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee Pro 3.Manage] -- C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe %1 (ACD Systems International Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd %V (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE %L (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    [color=#E56717]========== Security Center Settings ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    cval = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    DisableMonitoring = 1
     = 
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    VistaSp1 = Reg Error: Unknown registry data type -- File not found
    AntiVirusOverride = 0
    AntiSpywareOverride = 0
    FirewallOverride = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    DisableNotifications = 0
    EnableFirewall = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    DisableNotifications = 0
    EnableFirewall = 1
     
    [color=#E56717]========== Authorized Applications List ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- (FLASHGET)
    C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
    C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
     
     
    [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    {04AABF6D-55C5-4779-ABF9-992016E913A2} = Micrografx Picture Publisher 10
    {08C0729E-3E50-11DF-9D81-005056806466} = Google Earth
    {0C826C5B-B131-423A-A229-C71B3CACCD6A} = CDDRV_Installer
    {0DD140D3-9563-481E-AA75-BA457CBDAEF2} = PC Inspector File Recovery
    {0FFAC7BB-50DC-CB54-6CA7-A8B74513280B} = CCC Help Chinese Traditional
    {10C51313-A308-4B40-90E3-B368D5882660} = Virtual CD v10
    {13F3917B56CD4C25848BDC69916971BB} = DivX Converter
    {15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625} = Nokia Connectivity Cable Driver
    {18D10072035C4515918F7E37EAFAACFC} = AutoUpdate
    {1943A043-5C85-4A16-A0D0-D687B2C1A40F} = VirtualCom driver
    {1B280FAF-AE10-4E31-A41A-DB3917D651DC} = ACDSee Pro 3
    {1C802083-6D79-78ED-BF1C-601DDF908DD1} = Catalyst Control Center Core Implementation
    {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    {2300EE96-0A41-4FAB-BD03-989EC44577A0} = AcronisDisk Director Suite
    {26A24AE4-039D-4CA4-87B4-2F83216016FF} = Java(TM) 6 Update 16
    {282C4EAA-F162-F52F-7BAF-C7B50DAAA00A} = ccc-utility
    {28728178-FF15-218B-0B63-012692F42C28} = CCC Help Danish
    {3101CB58-3482-4D21-AF1A-7057FC935355} = KhalInstallWrapper
    {32851025-1E46-83A3-1320-471619254E39} = Catalyst Control Center Localization All
    {3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2} = Mega Manager
    {3FC7CBBC4C1E11DCA1A752EA55D89593} = DivX Version Checker
    {40217B2F-462B-94A4-E84E-6A1C6EDBCE2F} = CCC Help Swedish
    {47609E69-4C5E-48B1-A889-24C6B82B5C04} = Vista Shortcut Manager
    {47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9} = ATI Catalyst Install Manager
    {4AC1E1A2-D7E3-42D6-AD54-69158C49AA6F} = Visual Basic for Applications (R) Core
    {52C5486C-ADA3-462E-8A8C-2B6A15965BF5} = SolidWorks 2009 SP03
    {5343A801-92E5-C234-9F27-AB27EC738BF6} = CCC Help Japanese
    {5D22226D-EBC1-C95F-7746-2E3A9F4C97BA} = CCC Help Russian
    {5DA8F6CD-C70E-39D8-8430-3D9808D6BD17} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    {5DC0DF76-3B2F-4C38-BE34-58627949BC1A} = Mega Manager
    {600C37F2-098B-A165-C1DB-6AE2B89D8D49} = Catalyst Control Center Graphics Previews Common
    {61F8CA2C-9A80-8A1B-D3B9-347530CB387F} = CCC Help Norwegian
    {674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F} = Catalyst Control Center Graphics Light
    {690BE098-6D0D-493D-B079-BD7E8F81A141} = Opera 10.10
    {69F411C5-4851-6DA9-EA4C-160BEF8788AA} = CCC Help French
    {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} = Windows Media Player Firefox Plugin
    {6DD27E54-2598-0FEC-7CE1-BE00924C0570} = Catalyst Control Center Graphics Previews Vista
    {71414EC2-0684-4A15-A85A-E0E259D117AF} = Microangelo Toolset 6
    {7184F382-8A6C-4B85-A3AC-B63734B1E241} = SAMSUNG Mobile USB Driver
    {7299052b-02a4-4627-81f2-1818da5d550d} = Microsoft Visual C++ 2005 Redistributable
    {767CC44C-9BBC-438D-BAD3-FD4595DD148B} = VC80CRTRedist - 8.0.50727.762
    {7B2B4D74-7410-4E42-A519-98E651FD4109} = UltraEdit 15.20
    {7B63B2922B174135AFC0E1377DD81EC2} = DivX Codec
    {7C27114E-6FC8-21F5-E501-FE48F09243DF} = CCC Help Dutch
    {7E84FAC8-C518-40F9-9807-7455301D6D25} = SamsungConnectivityCableDriver
    {80237C20-CBF3-F841-4AD5-E727AA86FBD1} = CCC Help Italian
    {802EE127-D32A-1447-09DC-77419772BCDC} = CCC Help Portuguese
    {836AFA32-7B8B-2C19-99D9-36EF32B42EB8} = CCC Help Thai
    {86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF} = Adobe Audition 1.5
    {8ADFC4160D694100B5B8A22DE9DCABD9} = DivX Player
    {8AF3E926-ED59-11D4-A44B-0000E86D2305} = Ulead GIF Animator 5 Test
    {8D7133DE-27D2-47E5-B248-4180278D32AA} = Catalyst Control Center - Branding
    {90120000-0015-0407-0000-0000000FF1CE} = Microsoft Office Access MUI (German) 2007
    {90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    {90120000-0016-0407-0000-0000000FF1CE} = Microsoft Office Excel MUI (German) 2007
    {90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    {90120000-0018-0407-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (German) 2007
    {90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    {90120000-0019-0407-0000-0000000FF1CE} = Microsoft Office Publisher MUI (German) 2007
    {90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    {90120000-001A-0407-0000-0000000FF1CE} = Microsoft Office Outlook MUI (German) 2007
    {90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    {90120000-001B-0407-0000-0000000FF1CE} = Microsoft Office Word MUI (German) 2007
    {90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    {90120000-001F-0407-0000-0000000FF1CE} = Microsoft Office Proof (German) 2007
    {90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    {90120000-001F-0409-0000-0000000FF1CE} = Microsoft Office Proof (English) 2007
    {90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    {90120000-001F-040C-0000-0000000FF1CE} = Microsoft Office Proof (French) 2007
    {90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    {90120000-001F-0410-0000-0000000FF1CE} = Microsoft Office Proof (Italian) 2007
    {90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    {90120000-002C-0407-0000-0000000FF1CE} = Microsoft Office Proofing (German) 2007
    {90120000-0030-0000-0000-0000000FF1CE} = Microsoft Office Enterprise 2007
    {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    {90120000-0044-0407-0000-0000000FF1CE} = Microsoft Office InfoPath MUI (German) 2007
    {90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    {90120000-0051-0000-0000-0000000FF1CE} = Microsoft Office Visio Professional 2007
    {90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585} = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    {90120000-0054-0407-0000-0000000FF1CE} = Microsoft Office Visio MUI (German) 2007
    {90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B} = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    {90120000-006E-0407-0000-0000000FF1CE} = Microsoft Office Shared MUI (German) 2007
    {90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    {90120000-00A1-0407-0000-0000000FF1CE} = Microsoft Office OneNote MUI (German) 2007
    {90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    {90120000-00A4-0409-0000-0000000FF1CE} = Microsoft Office 2003 Web Components
    {90120000-00BA-0407-0000-0000000FF1CE} = Microsoft Office Groove MUI (German) 2007
    {90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    {946942CB-D078-F33A-A3CD-27E0393507FD} = CCC Help Turkish
    {9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6} = Catalyst Control Center Graphics Full New
    {9A25302D-30C0-39D9-BD6F-21E6EC160475} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    {9D4D095B-B81E-4938-9BC9-E9EF9F3AE85A} = Visual Basic for Applications (R) Core - German
    {9D8B0949-7C47-476F-9F06-F900D3B078EA} = Kaspersky Internet Security 2010
    {9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2} = Catalyst Control Center InstallProxy
    {A02CC93A-134F-0319-1438-B1E895B52577} = CCC Help German
    {A498D9EB-927B-459B-85D6-DD6EF8C2C564} = erLT
    {A7E1ADB8-162B-7C33-60FB-0561A17BD876} = CCC Help Spanish
    {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} = Google Update Helper
    {A96E97134CA649888820BCDE5E300BBD} = H.264 Decoder
    {A96EEF55-155C-552E-ABB1-6FDAEF5BD944} = CCC Help Polish
    {AAC389499AEF40428987B3D30CFC76C9} = MKV Splitter
    {AC599724-5755-48C1-ABE7-ABB857652930} = PC Connectivity Solution
    {ADB25FF0-AEC4-2CFB-130C-2C60D80C5934} = CCC Help Greek
    {AEF9DC35ADDF4825B049ACBFD1C6EB37} = AAC Decoder
    {B04D5DA5-11DA-830C-85C6-0FF9185787E7} = Skins
    {B13A7C41581B411290FBC0395694E2A9} = DivX Converter
    {B7050CBDB2504B34BC2A9CA0A692CC29} = DivX Web Player
    {BB603E9F-ECE8-7713-B0AC-7E0614E8C058} = Catalyst Control Center HydraVision Full
    {BE232D60-AEA5-502F-ACBF-9AC188A82C21} = CCC Help Finnish
    {C15C4AB5-EF5D-5050-273C-4636E3FBE301} = CCC Help Czech
    {C37A0BC1-52EE-4F97-8223-5CA9FC0357B0} = Test Drive Unlimited
    {C9A87D86-FDFD-418B-BF96-EF09320973B3} = PC Inspector smart recovery
    {D103C4BA-F905-437A-8049-DB24763BBE36} = Skype™ 4.2
    {D481EA96-2313-4A7C-98EE-710D1AF884AC} = Microsoft Visual Studio 2005 Tools for Applications - ENU
    {D765F1CE-5AE5-4C47-B134-AE58AC474740} = OpenOffice.org 3.1
    {D972F309-7376-4B25-10AA-04C80D13E1F4} = iGrafx 2009
    {E09CD13D-7CE3-351C-1625-8DC7F21A99C0} = ccc-core-static
    {E373E0E2-20F5-90DF-B315-615EA6E52101} = Catalyst Control Center Graphics Full Existing
    {E6DA746E-1175-88BD-2B16-1DC62018E060} = CCC Help Chinese Standard
    {F053BFD9-4357-6A82-6042-CF919667448F} = CCC Help English
    {F17EB02C-DA0D-EDEF-2E16-501FB700A710} = CCC Help Hungarian
    {F193FC0E-9E18-40FC-A974-509A1BDD240A} = Samsung New PC Studio
    {F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E} = Logitech SetPoint
    {F5DDC0CD-F13A-83F0-5103-563A17EA306F} = CCC Help Korean
    {F9B37992-968C-4264-8449-489032FC28DE} = Wolfenstein
    {FB08F381-6533-4108-B7DD-039E11FBC27E} = Realtek AC'97 Audio
    3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    ActiveSMART_2_6_is1 = ActiveSMART
    Adobe Flash Player ActiveX = Adobe Flash Player 10 ActiveX
    Adobe Flash Player Plugin = Adobe Flash Player 10 Plugin
    AllDup_is1 = AllDup 2.1.6
    avast5 = avast! Free Antivirus
    Avira AntiVir Desktop = Avira AntiVir Personal - Free Antivirus
    AVS Update Manager_is1 = AVS Update Manager 1.0
    AVS4YOU Software Navigator_is1 = AVS4YOU Software Navigator 1.3
    AVS4YOU Video Converter 6_is1 = AVS Video Converter 6
    BilderHerunterlader = BilderHerunterlader 2.8.2
    Dell Photo AIO Printer 924 = Dell Photo AIO Printer 924
    DivX Plus DirectShow Filters = DivX Plus DirectShow Filters
    DTV_1.0 = DVB-T USB 2.0 
    E24870CB6AA1C3511635FF9020A3E9471287FBE7 = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
    eMule = eMule
    ENTERPRISE = Microsoft Office Enterprise 2007
    FlashGet 2.0 = FlashGet 2.0
    Foxit Reader = Foxit Reader
    HijackThis = HijackThis 2.0.2
    iGrafx 2009 = iGrafx 2009
    InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A} = Samsung New PC Studio
    InstallShield_{F9B37992-968C-4264-8449-489032FC28DE} = Wolfenstein
    InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA} = Kaspersky Internet Security 2010
    Manhunt 2 = Manhunt 2
    Microsoft Visual Studio 2005 Tools for Applications - ENU = Microsoft Visual Studio 2005 Tools for Applications - ENU
    Mozilla Firefox (3.5.3) = Mozilla Firefox (3.5.3)
    Mozilla Thunderbird (2.0.0.24) = Mozilla Thunderbird (2.0.0.24)
    Neat Image_is1 = Neat Image v6.0 Pro+
    Neat Video for VirtualDub_is1 = Neat Video v2.0 Demo plug-in for Virtual Dub
    Nero Lite 9.4.13.2 = Nero Lite 9.4.13.2 Build.1.0
    Oxygen Phone Manager II fuer Nokia handys = Oxygen Phone Manager II fuer Nokia handys
    Rainlendar2 = Rainlendar2 (remove only)
    RAR Password Recovery Magic_is1 = RAR Password Recovery Magic v6.1.1.213
    Ruff-FTP_is1 = Ruff-Tech
    SAMSUNG Android USB Modem = SAMSUNG Android USB Modem Software
    SAMSUNG Mobile Composite Device = SAMSUNG Mobile Composite Device Software
    SAMSUNG Mobile Modem = SAMSUNG Mobile Modem Driver Set
    Samsung Mobile Modem Device = Samsung Mobile Modem Device Software
    SAMSUNG Mobile Modem V2 = SAMSUNG Mobile Modem V2 Software
    Samsung Mobile phone USB driver Drive = Samsung Mobile phone USB driver Drive Software
    SAMSUNG Mobile USB Download Driver = SAMSUNG Mobile USB Download Driver Software
    SAMSUNG Mobile USB Modem = SAMSUNG Mobile USB Modem Software
    SAMSUNG Mobile USB Modem 1.0 = SAMSUNG Mobile USB Modem 1.0 Software
    Samsung Mobile USB Modem Device = Samsung Mobile USB Modem Device Software
    SAMSUNG USB Mobile Device = SAMSUNG USB Mobile Device Software
    SopCast = SopCast 3.2.9
    SUPER © = SUPER © Version 2009.bld.36 (June 10, 2009)
    TC UP = Total Commander Ultima Prime 4.9.0.0
    The KMPlayer = The KMPlayer (remove only)
    TreeSize Professional_is1 = TreeSize Professional 5.2.3
    TVAnts 1.0 = TVAnts 1.0
    TweakNow PowerPack 2009_is1 = TweakNow PowerPack 2009
    UltraISO_is1 = UltraISO Premium V9.35
    Unlocker = Unlocker 1.8.7
    Veetle TV = Veetle TV 0.9.17
    VISPRO = Microsoft Office Visio Professional 2007
    whereisit-wii_is1 = WhereIsIt? 3.81
    Winamp = Winamp
    WinRAR archiver = WinRAR
    XMPEG = XMPEG 5.0
    Xvid_is1 = Xvid 1.2.2 final uninstall
     
    
     
  7. Teil2 von Extras.Txt
    Code:
    [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    FileZilla Client = FileZilla Client 3.2.8.1
    Google Chrome = Google Chrome
    PDF Suite = PDF Suite v9.0.5.22
     
    [color=#E56717]========== Last 10 Event Log Errors ==========[/color]
     
    [ Application Events ]
    Error - 21.4.10 15:51:40 | Computer Name = barni-PC | Source = EventSystem | ID = 4621
    Description = 
     
    Error - 22.4.10 09:27:10 | Computer Name = barni-PC | Source = System Restore | ID = 8193
    Description = 
     
    Error - 22.4.10 09:46:46 | Computer Name = barni-PC | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: OperaUSB.exe, Version: 10.0.1750.0,
     Zeitstempel: 0x4a97bb4a Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.1113,
     Zeitstempel: 0x4afcef8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002ccd ID des fehlerhaften
     Prozesses: 0x564 Startzeit der fehlerhaften Anwendung: 0x01cae21ee4e4f151 Pfad der
     fehlerhaften Anwendung: C:\Program Files\Opera10usb\OperaUSB.exe Pfad des fehlerhaften
     Moduls: C:\PROGRA~1\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung: 7dad63b2-4e15-11df-9fa4-0015f2464fc2
     
    Error - 22.4.10 11:07:33 | Computer Name = barni-PC | Source = EventSystem | ID = 4621
    Description = 
     
    Error - 22.4.10 12:16:45 | Computer Name = barni-PC | Source = System Restore | ID = 8193
    Description = 
     
    Error - 22.4.10 12:16:46 | Computer Name = barni-PC | Source = System Restore | ID = 8193
    Description = 
     
    Error - 22.4.10 12:43:35 | Computer Name = barni-PC | Source = System Restore | ID = 8193
    Description = 
     
    Error - 23.4.10 01:52:54 | Computer Name = barni-PC | Source = System Restore | ID = 8193
    Description = 
     
    Error - 23.4.10 01:54:26 | Computer Name = barni-PC | Source = System Restore | ID = 8193
    Description = 
     
    Error - 23.4.10 11:31:38 | Computer Name = barni-PC | Source = System Restore | ID = 8193
    Description = 
     
    [ System Events ]
    Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume L: den Befehl chkdsk aus.
     
    Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume L: den Befehl chkdsk aus.
     
    Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume L: den Befehl chkdsk aus.
     
    Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume L: den Befehl chkdsk aus.
     
    Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume L: den Befehl chkdsk aus.
     
    Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume L: den Befehl chkdsk aus.
     
    Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume L: den Befehl chkdsk aus.
     
    Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume L: den Befehl chkdsk aus.
     
    Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume L: den Befehl chkdsk aus.
     
    Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume L: den Befehl chkdsk aus.
     
     
    < End of report >
    
     
  8. Teil1 von Gmer
    Code:
    GMER 1.0.15.15281 - [url]http://www.gmer.net[/url]
    Rootkit scan 2010-04-24 13:26:57
    Windows 6.1.7600 
    Running: gmer t8ydl5pc.exe; Driver: C:\Users\barni\AppData\Local\Temp\pwlcqpog.sys
    
    
    ---- System - GMER 1.0.15 ----
    
    INT 0x1F    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C1CAF8
    INT 0x37    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C1C104
    INT 0xC1    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C1C3F4
    INT 0xD1    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C04FB4
    INT 0xDF    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C1C1DC
    INT 0xE1    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C1C958
    INT 0xE3    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C1C6F8
    INT 0xFD    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C1CF2C
    INT 0xFE    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C1D1A8
    
    ---- Kernel code sections - GMER 1.0.15 ----
    
    .text      ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                    81C7C599 1 Byte [06]
    .text      ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                81CA0F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ?        System32\Drivers\spma.sys                                       Das System kann den angegebenen Pfad nicht finden. !
    .text      USBPORT.SYS!DllUnload                                         8C141CA0 5 Bytes JMP 84EFE4E0 
    
    ---- Kernel IAT/EAT - GMER 1.0.15 ----
    
    IAT       \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]               [87C3F042] \SystemRoot\System32\Drivers\spma.sys
    IAT       \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]               [87C3F6D6] \SystemRoot\System32\Drivers\spma.sys
    IAT       \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]           [87C3F800] \SystemRoot\System32\Drivers\spma.sys
    IAT       \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]            [87C3F13E] \SystemRoot\System32\Drivers\spma.sys
    
    ---- User IAT/EAT - GMER 1.0.15 ----
    
    IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]            [74622494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]         [74605624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]         [746056E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]            [7462250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]       [74618573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]        [74614D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]        [746150CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]       [746151A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]   [746166D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]        [746182CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]     [74618819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]    [7461907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]       [7461E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]         [74614C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    
    ---- Devices - GMER 1.0.15 ----
    
    Device     \FileSystem\Ntfs \Ntfs                                        83EB21F8
    Device     \FileSystem\fastfat \FatCdrom                                     84F2F2E0
    Device     \Driver\volmgr \Device\VolMgrControl                                 83EAE1F8
    Device     \Driver\usbohci \Device\USBPDO-0                                   84F00500
    Device     \Driver\usbehci \Device\USBPDO-1                                   84EF41F8
    
    AttachedDevice \Driver\tdx \Device\Tcp                                        aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
    
    Device     \Driver\volmgr \Device\HarddiskVolume1                                83EAE1F8
    
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1                                snapman.sys (Acronis Snapshot API/Acronis)
    
    Device     \Driver\volmgr \Device\HarddiskVolume2                                83EAE1F8
    
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2                                snapman.sys (Acronis Snapshot API/Acronis)
    
    Device     \Driver\cdrom \Device\CdRom0                                     84F19500
    Device     \Driver\volmgr \Device\HarddiskVolume3                                83EAE1F8
    
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3                                snapman.sys (Acronis Snapshot API/Acronis)
    
    Device     \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                              83EB01F8
    Device     \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4                              83EB01F8
    Device     \Driver\atapi \Device\Ide\IdePort0                                  83EB01F8
    Device     \Driver\atapi \Device\Ide\IdePort1                                  83EB01F8
    Device     \Driver\atapi \Device\Ide\IdePort2                                  83EB01F8
    Device     \Driver\atapi \Device\Ide\IdePort3                                  83EB01F8
    Device     \Driver\atapi \Device\Ide\IdePort4                                  83EB01F8
    Device     \Driver\atapi \Device\Ide\IdePort5                                  83EB01F8
    Device     \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2                              83EB01F8
    Device     \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-8                              83EB01F8
    Device     \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-1                              83EB01F8
    Device     \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-a                              83EB01F8
    Device     \Driver\volmgr \Device\HarddiskVolume4                                83EAE1F8
    
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4                                snapman.sys (Acronis Snapshot API/Acronis)
    
    Device     \Driver\volmgr \Device\HarddiskVolume5                                83EAE1F8
    
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5                                snapman.sys (Acronis Snapshot API/Acronis)
    
    Device     \Driver\USBSTOR \Device\00000068                                   84FDA1F8
    Device     \Driver\volmgr \Device\HarddiskVolume6                                83EAE1F8
    
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume6                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume6                                snapman.sys (Acronis Snapshot API/Acronis)
    
    Device     \Driver\USBSTOR \Device\00000069                                   84FDA1F8
    Device     \Driver\volmgr \Device\HarddiskVolume7                                83EAE1F8
    
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume7                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume7                                snapman.sys (Acronis Snapshot API/Acronis)
    
    Device     \Driver\NetBT \Device\NetBt_Wins_Export                                84E031F8
    Device     \Driver\volmgr \Device\HarddiskVolume8                                83EAE1F8
    
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume8                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume8                                snapman.sys (Acronis Snapshot API/Acronis)
    
    Device     \Driver\volmgr \Device\HarddiskVolume9                                83EAE1F8
    
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume9                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume9                                snapman.sys (Acronis Snapshot API/Acronis)
    
    Device     \Driver\ACPI_HAL \Device\0000004f                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    Device     \Driver\USBSTOR \Device\0000006a                                   84FDA1F8
    Device     \Driver\USBSTOR \Device\0000006b                                   84FDA1F8
    Device     \Driver\usbohci \Device\USBFDO-0                                   84F00500
    Device     \Driver\usbehci \Device\USBFDO-1                                   84EF41F8
    Device     \Driver\NetBT \Device\NetBT_Tcpip_{B28F6171-575A-4BDF-B92E-97FD602EE94A}               84E031F8
    Device     \FileSystem\fastfat \Fat                                       84F2F2E0
    
    AttachedDevice \FileSystem\fastfat \Fat                                       fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
    
    
     
  9. Teil2 von Gmer
    Code:
    ---- Registry - GMER 1.0.15 ----
    
    Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                          771343423
    Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                          285507792
    Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                          1
    Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04           
    Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0          0
    Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew        0x25 0x1F 0x4E 0xF2 ...
    Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ServiceBinary                     C:\Windows\system32\drivers\VDRV1000.SYS
    Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Group                         SCSI Miniport
    Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ImagePath                       system32\DRIVERS\vdrv1000.sys
    Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ErrorControl                     1
    Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Start                         1
    Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Type                         1
    Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Tag                          64
    Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum                         
    Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@0                        ROOT\SCSIADAPTER\0000
    Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@Count                      1
    Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@NextInstance                   1
    Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@INITSTARTFAILED                 1
    Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters                      
    Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface                
    Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface@1               1
    Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\security                       
    Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) 
    Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0            0
    Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew          0x25 0x1F 0x4E 0xF2 ...
    Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000@ServiceBinary                       C:\Windows\system32\drivers\VDRV1000.SYS
    Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000@Group                           SCSI Miniport
    Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000@ImagePath                         system32\DRIVERS\vdrv1000.sys
    Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000@ErrorControl                       1
    Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000@Start                           1
    Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000@Type                           1
    Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000@Tag                            64
    Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum (not active ControlSet)               
    Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@0                          ROOT\SCSIADAPTER\0000
    Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@Count                        1
    Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@NextInstance                     1
    Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@INITSTARTFAILED                   1
    Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters (not active ControlSet)            
    Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface (not active ControlSet)      
    Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface@1                 1
    Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\security (not active ControlSet)             
    
    ---- EOF - GMER 1.0.15 ----
    
     
Die Seite wird geladen...

Win32:CTX nicht entdeckt! - Ähnliche Themen

Forum Datum
Festplatte geht aus und danach nicht mehr an Windows 10 Forum Dienstag um 01:23 Uhr
EXE-Dateien nach einer Zeit nicht mehr ausführbar Windows 8 Forum Sonntag um 21:21 Uhr
Audio Interface wird nicht als Sound input erkannt Windows 10 Forum 12. Nov. 2016
wireless Tastatur und Maus geht nicht Windows 10 Forum 6. Nov. 2016
Eingabegebietsschema nicht änderbar Windows 7 Forum 4. Nov. 2016
Status des Themas:
Es sind keine weiteren Antworten möglich.